Pierluigi Paganini
September 15, 2016
Here we are again to discuss a new data breach that exposed million user records of the advertising ClixSense service. ClixSense allows its clients to earn money online by paying surveys, free offers and paid per click advertising.
The popular security expert Troy Hunt who operates the breach notification service HaveIBeenPwned reported the ClixSense data breach that compromised at least 6.6 million user records, 2.4 million of which are already public.
The stolen data includes names, usernames, email addresses, passwords stored in plain text, account balances, dates of birth, payment information and IP addresses.
“In September 2016, the paid-to-click site ClixSense suffered a data breach which exposed 2.4 million subscriber identities. The breached data was then posted online by the attackers who claimed it was a subset of a larger data breach totalling 6.6 million records. The leaked data was extensive and included names, physical, email and IP addresses, genders and birth dates, account balances and passwords stored as plain text.
Compromised data: Account balances, Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Payment histories, Payment methods, Physical addresses, Usernames, Website activity” wrote Hunt.
The company has confirmed the incident and reported a successful cyber attack that allowed hackers to gain access to its database server. It seems that attackers reached the database server with a lateral movement from an old server that had still been connected to it.
“It has come to our attention that this hacker did get access to our database server for a short period of time. He was able to gain access to this not directly but instead through an old server we were no longer using that had a connection to our database server. (This server has since been terminated).” reads the advisory published by the company. reads the official statement issued by the company.
“He was able to copy most if not all of our users table, he ran some SQL code that changed the names on accounts to “hacked account” and deleted many forum posts. He also set user balances to $0.00.”
The hackers were able to alter data in the archive, including account names and user balance that was set to zero, anyway the company informed to have restored the balance.
“We were able to restore the user balances, forum and many account names. Some of you were asked to fill out your name again as we did not want to restore this from our backup due to the amount of time it would have taken to get back online,” reads the statement.
In response to the incident, ClixSense has shut down the breached server, it has partially restored the backup, passwords have been reset and users have been advised to change their passwords.
The hackers published a post on Pastebin to announce the data breach and confirmed he had access to 6,606,008 user records in the database and the complete source code for the ClixSense website. According to the hackers, they released online a data sample after the ClixSense company initially denied being breached.
Let me close with a list of the most recent data breach, that flooded the criminal underground with hundred million credentials:
[adrotate banner=”9″]
(Security Affairs – Data breach, ClixSense )
