Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

ClixSense Data Breach, 6.6 Million users’ records stolen

Hackers have breached the database of the advertising company ClixSense and stolen the details of 6.6 million users. Here we are again to discuss a new data breach that exposed million user records of the advertising ClixSense service. ClixSense allows its clients to earn money online by paying surveys, free offers and paid per click advertising. The […]

ClixSense Data Breach, 6.6 Million users’ records stolen

Hackers have breached the database of the advertising company ClixSense and stolen the details of 6.6 million users.

Here we are again to discuss a new data breach that exposed million user records of the advertising ClixSense service. ClixSense allows its clients to earn money online by paying surveys, free offers and paid per click advertising.

The popular security expert Troy Hunt who operates the breach notification service HaveIBeenPwned reported the ClixSense data breach that compromised at least 6.6 million user records, 2.4 million of which are already public.

The stolen data includes names, usernames, email addresses, passwords stored in plain text, account balances, dates of birth, payment information and IP addresses.

“In September 2016, the paid-to-click site ClixSense suffered a data breach which exposed 2.4 million subscriber identities. The breached data was then posted online by the attackers who claimed it was a subset of a larger data breach totalling 6.6 million records. The leaked data was extensive and included names, physical, email and IP addresses, genders and birth dates, account balances and passwords stored as plain text.

Compromised data: Account balances, Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Payment histories, Payment methods, Physical addresses, Usernames, Website activity” wrote Hunt.

clixsense-data-breach

The company has confirmed the incident and reported a successful cyber attack that allowed hackers to gain access to its database server. It seems that attackers reached the database server with a lateral movement from an old server that had still been connected to it.

“It has come to our attention that this hacker did get access to our database server for a short period of time. He was able to gain access to this not directly but instead through an old server we were no longer using that had a connection to our database server. (This server has since been terminated).” reads the advisory published by the company. reads the official statement issued by the company.

“He was able to copy most if not all of our users table, he ran some SQL code that changed the names on accounts to “hacked account” and deleted many forum posts. He also set user balances to $0.00.”

The hackers were able to alter data in the archive, including account names and user balance that was set to zero, anyway the company informed to have restored the balance.

“We were able to restore the user balances, forum and many account names. Some of you were asked to fill out your name again as we did not want to restore this from our backup due to the amount of time it would have taken to get back online,”  reads the statement. 

In response to the incident, ClixSense has shut down the breached server, it has partially restored the backup, passwords have been reset and users have been advised to change their passwords.

The hackers published a post on Pastebin to announce the data breach and confirmed he had access to 6,606,008 user records in the database and the complete source code for the ClixSense website. According to the hackers, they released online a data sample after the ClixSense company initially denied being breached.

Let me close with a list of the most recent data breach, that flooded the criminal underground with hundred million credentials:

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Data breach, ClixSense )