Slashdot Mirror

← Back to Stories (view on slashdot.org)

ClixSense Suffers Massive Data Breach, 6.6 Million Users Compromised (digitaltrends.com)

Posted by BeauHD on from the unauthorized-access dept.

An anonymous reader quotes a report from Digital Trends: ClixSense, a site which pays users to view ads and take surveys, was the victim of a massive data breach compromising around 6.6 million user accounts. Usually when there's a data breach of this size, the information stolen contains usernames, passwords, and some other personal information, but due to the nature of ClixSense and the service it provided, home addresses, payment histories, and other banking details have also been compromised. According to the message posted to PasteBin along with a sample of the stolen data, social security numbers, dates of birth, and some internal emails from ClixSense may also have been compromised. Ars Technica reported this morning that about 2.2 million people have had their data posted to PasteBin over the weekend, reportedly just a taste of the 6.6 million user accounts that have been stolen. The hackers responsible stated in their PasteBin post that they intend to sell the user information they gathered, without disclosing a specific price. PasteBin has since removed the posts and the sample of the compromised user account information.

16 comments

  1. Stupid business model + stupid practices = ______ by Anonymous Coward · · Score: 0

    What's the over/under on all data stored in the clear unhashed/unsalted?

  2. Makes Sense... by npslider · · Score: 4, Funny

    If you are willing to view ads and take surveys... do you EXPECT your info to be protected?

    1. Re:Makes Sense... by Anonymous Coward · · Score: 5, Insightful

      If you are willing to ...do you EXPECT your info to be protected?

      Well...yeah...I do actually. For all values of . The fact that the US has precisely zero protections on this is an epic regulatory failure.
      All industry holds me to a standard of fiscal responsibility, dictated by my credit score. These crack whores probably just demolished a whole bunch of random peoples' credibility with no recourse. The only person that suffers in these breaches is "me". The fuckoffs that build shitty systems, harvest, process and harvest some more of my personal data...even when I have NO business relationship with them WHATSOEVER...well, they're just fucking me over and I don't even know them.

      We've built a trust system in which you have no option but to trust. If you click "cancel" then you don't get to participate in life, goodbye.
      We've got Wells Fargo committing mass fraud now and they're proving daily that they just aren't trustworthy. How do we counter that?

      We have a system based on blind hope and it seems we're morally bankrupt.

    2. Re:Makes Sense... by npslider · · Score: 1

      We have a system based on blind hope and it seems we're morally bankrupt.

      For the love of money is the root of all kinds of evil. And some people, craving money, have wandered from the true faith and pierced themselves with many sorrows... (1 Timothy 6:10 NLT)

      Since they thought it foolish to acknowledge God, he abandoned them to their foolish thinking and let them do things that should never be done. Their lives became full of every kind of wickedness, sin, greed, hate, envy, murder, quarreling, deception, malicious behavior, and gossip. They are backstabbers, haters of God, insolent, proud, and boastful. They invent new ways of sinning, and they disobey their parents. They refuse to understand, break their promises, are heartless, and have no mercy... (Romans 1:28-32 NLT)

  3. Re:Stupid business model + stupid practices = ____ by networkBoy · · Score: 1

    What's the over/under on all data stored in the clear unhashed/unsalted?

    based on the sample data, it looks like it was *all* cleartext, nevermind salted.

    --
    whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  4. Re:More goverment incompetence. by blackpaw · · Score: 2

    Where's the "-1 Idiotic" mod when you need it?

  5. Re: Stupid business model + stupid practices = ___ by Anonymous Coward · · Score: 0

    Who cares, it's 6.6 million poor people. This data is worthless, they have no money to scam/steal.

  6. Re:More goverment incompetence. by Anonymous Coward · · Score: 0

    I'd be amused if you STFU forever.... obviously, period.

  7. Re: Stupid business model + stupid practices = ___ by GTRacer · · Score: 1

    And when thieves use this info for identity theft and credit fraud, these poor people are going to have that much harder a time getting out of poverty!

    --
    Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
  8. Re:More goverment incompetence. by Anonymous Coward · · Score: 0

    STFU statist.

  9. Re: Stupid business model + stupid practices = ___ by TroII · · Score: 3, Interesting

    You might be surprised who falls for scams like "Now hiring data entry workers, work from home with no credit or background check! Get started today, click here to submit your application and $5 processing fee." It's not rich people who get suckered $5 at a time by those offers, it's desperate people, and this list will contain a lot of desperate people.

    --
    "If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
  10. And who wins? And who loses? by swell · · Score: 1

    "People like you...
    -> BARNEY
    Well...
    And you,
    -> UH, CLEM
    People who are alter..." (Firesign Theater, I Think We're all Bozos on this Bus)

    No doubt companies have been fined and/or penalized in the courts for leaking information like this. And rightfully so, but has any executive ever been held responsible, paid a fine or done jail time? Corporations don't make decisions, humans do. They are responsible.

    --
    ...omphaloskepsis often...
  11. Re:More goverment incompetence. by pokemon219 · · Score: 2

    @Anonymous Coward: "Once again we see how government IT is 100% complete garbage. If it weren't for the fact that my tax dollars were STOLEN from me to pay some fucking incomptent union boobs with cadillac health care plans, I'd be amused, but obviously I aint. When we will learn that government is evil and that everything it touches turns to shit?"

    Is that you Bill O' Reilly .. unions FAP .. health care FAP FAP .. liberals FAP FAP FAP ... UUUGH!

  12. Encryption/decryption of data by Anonymous Coward · · Score: 0

    In today's world everyone should sacrifice a few milliseconds of their browsing time to allow encryption/decryption of data. All people who create websites should be forced by law to make sure ALL data held in text files and Databases should be encrypted and salted (and not just passwords and credit card data). This is the only way to secure data regardless of how good developers are at web security and vulnerabilities within their PHP code etc.

  13. So? by Opportunist · · Score: 1

    Of all the data breaches in the past years, this one is the first (and possibly the only) one that I can only meet with a heartfelt "meh".

    People who agree to watch ads and answer surveys for money already have lost all their privacy. It's not like anyone (but the party responsible for the data breach) got damaged by this.

    And "oh no, now they can get scammed...". Stop. Do you really think that it makes a difference whether the scammer buys the data from the hacker or from Clixsense?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.