In one of the more bizarre data breaches to surface recently, hackers made off with 6 million accounts for CashCrate, a site where users can be paid to complete online surveys, according to a database obtained by Motherboard. In short, CashCrate connects users to companies that need people to test new products and services, or take part in daily surveys in exchange for cash.
The data includes user email addresses, names, passwords, and physical addresses. Judging by timestamps in the stolen database, the earliest accounts date way back to 2006, and come with full passwords. If a user signed up to another service with the same password, hackers could access the victim’s account on another site, as well as their CashCrate account. Accounts from mid 2010 onwards appear to have passwords hashed with the notoriously weak MD5 algorithm, meaning that hackers may be able to crack the hashes and obtain the real login credentials.
View Full Story
ORIGINAL SOURCE: Motherboard