Account opening ammo goes up for sale.
Cleartext passwords, real names and user names, email addresses plus and IP addresses for 2.2 million users of cash-for-surveys site ClixSense have been dumped online, with a further alleged 4.4 million up for sale.
The records also include the pay outs the site has handed each breached user, Australian researcher Troy Hunt says.
Clixsense administrators disclosed the breach to users saying hackers compromised servers for “a short period of time”, copying all user tables, setting payment accounts to zero, deleting posts, and changing usernames to ‘hacked account’.
“He was able to gain access to this … through an old server we were no longer using that had a connection to our database server,” ClixSense admins say.
“We were able to restore the user balances, forum and many account names.
“To say this past week was a bit stressful is an understatement.”
In an upbeat twist they say ClixSense accounts are now “much more secure” without specifying security controls outside of password resets.
“It has taught us that regardless of what you do to stay secure, it still may not be enough.”
Users have been arguing about the impact of the breach on the ClixSense forums.
Those affected users who entered their real personal details on the site are now exposed to social engineering and identity theft should hackers use their names, home addresses, and date of birth details to open or access accounts. ®