Breach, Threat Management, Data Security

Accounts of 6M CashCrate users exposed

User data on six million subscribers to the cash-for-surveys site CashCrate has been compromised, according to a report on Motherboard.

Subscribers are paid to take online surveys – from a variety of companies – in order to test products and services.

User data going back 10 years – including email addresses, names, passwords and street addresses – was stolen in the breach. Earlier accounts contained full passwords, while those dating from mid-2010 forward were hashed with the MD5 algorithm, not well regarded in the security community for its weak encryption.

The company is blaming the breach on its third-party forum software, and is notifying customers, it informed Motherboard. Meanwhile, the software has been deactivated.

CashCrate subscribers are being advised to change their passwords. Further, if a subscriber uses the same password on another site, the advice is to change that login credential as well.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.