Posted on June 15, 2017 at 1:52 PM
Private Information of 6 Million Users Stolen from CashCrate
Reports have emerged of one of the most unbelievable hacks to emerge of recent. Over 6 million user accounts for the CashCrate platform have been stolen. CashCrate is a website that pays individuals to participate in online surveys. They basically link people who want to make some extra cash to companies in need of people to test run new products and services.
The data that was stolen included information such as names, email addresses, passwords, and even their physical home and office addresses. Investigations revealed that the earliest stolen account was a little while back in 2006 and it contained their full passwords. For instance, if a person logs on to a different service, with the same access code hackers could gain entry into the unsuspecting person details on a different site and even on their CashCrate account.
Information starting from2010 indicated that passwords used were linked to the weak MD5 algorithm, what this means is that invaders can easily crack the hashes and gain unfitted access to the login information. In order to verify this startling revelation, accounts were formed with random email addresses contained therein. In all of the instances considered, it wasn’t possible to execute due to the fact that they were already linked to an account on the CashCrate platform.
The weakness of CashCrates view of security, their website doesn’t use encryption technology, what this means is that details can easily be stolen by just anyone in a vantage point. A CashCrate spokesperson while reacting to this said that they are looking into this by looking at why dormant accounts have plaintext passwords and also that they have ascertained that any user that has logged on since 2013 have passwords that contain full hash and salt
This new development has raised reason for educating visitors and patrons of certain survey sites to be even more careful as regards the kind of websites they visit; also if they must submit private information to these websites they must use their discretion by creating a new and different profile for each site. The implication of such a move is that, in the case of the hack of their account, the impact on them will be very minimal. Also, it is quite advisable to use a different password for every website visited.
It, however, seems to be seen how this issue will turn out, although concerted efforts are being made by the relevant authorities to see that the impact of this hack is mitigated and also to see that such an occurrence never repeats itself. It should, however, be noted that it is not all survey sites that are victims of such kind of scam.
