Saturday, 24 September 2016

Online Ad Service ClixSense Hacked; 6M Plain-Text Passwords Leaked



HACKERS EXPOSE PASSWORDS OF 6.6MILLION PAY-TO-CLICK AD SERVICE SITE CLIXSENSE USERS — WORSE FOR USERS THE PASSWORDS WERE STORED IN PLAIN TEXT.

ClixSense is one company that offers high rate for viewing ads or completing online surveys, making searches on Google and categorizing videos or pictures online. The company also runs an affiliate network under which you can earn commission on the earnings of those new members who have been referred by you. Basically, ClixSense is always looking for potential clickers.

The flip side is that this company is associated with another pay-per-click network. This means, whenever you click an ad posted by ClixSense, the company makes money and then some of the amounts is paid to you.

The ClixSense website claims that nearly $20 million has been earned by 6,626,048 members of the company by delivering over 3.5 billion page views during the last 9 years.

If we try to estimate, the average would be $3 for 500 views for every user. This means the user earns lower than a cent per view. But that’s not the news; the news is that ClixSense stores the personal details and passwords of its 6.6m members in plaintext. That’s why, when recently this service was hacked, the attackers didn’t have to go through much of an effort to crack open the stolen passwords as these were already pre-cracked.

The next step from the attackers was to dump those passwords online. Reportssuggest that attackers published these passwords to expose the company’s false claims that there hasn’t been a data breach.

The data was originally posted  on Pastebin, however, the site was quick to delete it within few hours. Here’s the description left by the hackers on their Pastebin post:


HUGE new leak! from theclixsense.com site: ~databases including ‘users’ with 6,606,008 plaintext pass, username, emails, address, security answer, ssn, dob. ~emails business + personal (more than 70k emails sent+received) ~source code for site (complete)




Share:

0 comments:

Post a Comment