Pay-into-click ad service hacked, six.sixM plaintext passwords dumped #Sophos_HomeMarch 29, 2019
How would you like to earn money just by sitting at home in front of a computer and viewing ads?
According to ClixSense’s website , 6,626,048 members have earned more than $20 million by delivering more than 3.5 billion page views over the past nine years.
What ClixSense didn’t tell its 6.6 million members when they signed up and chose a password was that it simply stored those passwords in plaintext in a database, along with other personal information.
[…] Site owner tell users no leak happened but reset user pass.
So, not only another breach, but also an authentication database of plaintext passwords, even though we’ve known for close to 40 years that it’s neither desirable nor necessary (and certainly no longer acceptable) to store passwords directly.
We were able to restore the user balances, forum and many account names.
Simply put, your ClixSense account information is now much more secure.
The only security improvement mentioned in the breach notification is that the insecure server that led to the attack – a server that ClixSense rather paradoxically claims “we were no longer using” – has been turned off.
Don’t use the same passwords on two different sites.
Don’t store passwords in plaintext.