Online Ad Service ClixSense Hacked; 6M Plain-Text Passwords Leaked

Hackers Expose Passwords of 6.6million Pay-to-click ad service site ClixSense Users — Worse for users the passwords were stored in plain text.

ClixSense is one company that offers high rate for viewing ads or completing online surveys, making searches on Google and categorizing videos or pictures online. The company also runs an affiliate network under which you can earn commission on the earnings of those new members who have been referred by you. Basically, ClixSense is always looking for potential clickers.

The flip side is that this company is associated with another pay-per-click network. This means, whenever you click an ad posted by ClixSense, the company makes money and then some of the amounts is paid to you.

The ClixSense website claims that nearly $20 million has been earned by 6,626,048 members of the company by delivering over 3.5 billion page views during the last 9 years.

If we try to estimate, the average would be $3 for 500 views for every user. This means the user earns lower than a cent per view. But that’s not the news; the news is that ClixSense stores the personal details and passwords of its 6.6m members in plaintext. That’s why, when recently this service was hacked, the attackers didn’t have to go through much of an effort to crack open the stolen passwords as these were already pre-cracked.

The next step from the attackers was to dump those passwords online. Reports suggest that attackers published these passwords to expose the company’s false claims that there hasn’t been a data breach.

The data was originally posted  on Pastebin, however, the site was quick to delete it within few hours. Here’s the description left by the hackers on their Pastebin post:

HUGE new leak! from the site: ~databases including ‘users’ with 6,606,008 plaintext pass, username, emails, address, security answer, ssn, dob. ~emails business + personal (more than 70k emails sent+received) ~source code for site (complete)

ClixSense published an official update about the hack, that read:

“Members we want to keep you informed on what is happening with our recent hack. It has come to our attention that this hacker did get access to our database server for a short period of time. He was able to gain access to this not directly but instead through an old server we were no longer using that had a connection to our database server. (This server has since been terminated).”

“He was able to copy most if not all of our users table, he ran some SQL code that changed the names on accounts to “hacked account” and deleted many forum posts. He also set user balances to $0.00.”

“We were able to restore the user balances, forum and many account names. Some of you were asked to fill out your name again as we did not want to restore this from our backup due to the amount of time it would have taken to get back online.”

The ClixSense hack is just another hack in 2016. The year has been bad for almost every tech and social media giant on the Internet. Previously, hacked Dropbox usernames and encrypted passwords were hacked and dumped online for sale, before that MySpace, Twitter and LinkedIn also witnessed their data being leaked online and then sold on the DarkNet marketplaces.

In order to prevent your personal data from being exposed online, it is important to never use the same credentials and especially passwords for two different websites because no matter how strong the password is, if a website has implemented weak security measures, it is bound to be exposed.

Storing passwords in plaintext format is not only a mistake but more like a crime nowadays because it simply serves as a gateway to critically important personal details of users.

ClixSence has also published an update note, click here to read.

Top/Featured Image Via: Bloomua/Shutterstock

Related Posts