ClixSense, a site which pays users to view ads and take surveys, was the victim of a massive data breach compromising around 6.6 million user accounts.
Usually when there’s a data breach of this size, the information stolen contains usernames, passwords, and some other personal information, but due to the nature of ClixSense and the service it provided, home addresses, payment histories, and other banking details have also been compromised.
According to the message posted to PasteBin along with a sample of the stolen data, social security numbers, dates of birth, and some internal emails from ClixSense may also have been compromised.
Ars Technica reported this morning that about 2.2 million people have had their data posted to PasteBin over the weekend, reportedly just a taste of the 6.6 million user accounts that have been stolen.
ClixSense owner Jim Grago told Ars that ClixSense had been hijacked on September 4 but the firm managed to regain control of their DNS over Labor Day weekend. In addition to the user information stolen, it appears that the company’s internal email server was also compromised, including “70,000 emails” according to the post on PasteBin advertising the hack.
The hackers responsible stated in their PasteBin post that they intend to sell the user information they gathered, without disclosing a specific price. PasteBin has since removed the posts and the sample of the compromised user account information.
On September 11, ClixSense acknowledged the hack in a news post on its website, but did not disclose the extent of the data breach, nor the fact that user information had been compromised.
Users were forced to change their passwords shortly after the hack began, but if you’re a ClixSense user it would be a good idea to reset all of your current passwords for other services, and make sure your security questions don’t overlap with any of the information you provided to ClixSense — including your date of birth, address, or other identifying information.