This week, ClixSense, a website which offers users cash in return for completing surveys and watching ads, admitted to a data breach in which an attacker was able to gain access to the firm’s database. In total, 2.2 million records have been published, leaving the data of an additional 4.4 million up for grabs to the highest bidder. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS commented below.
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS:
“According to reports, this is another case of poor asset management. Having unpatched servers, no longer in use that are still connected to the network and accessible via the Internet, is nothing more than asking for trouble. A simple analogy to this is like locking all your doors and windows on the first floor of your flat, while keeping a ladder in place leaning against the 2nd story window – where the window is left wide open. You might as well invite the criminals to come in via ladder you left in place. At some point, organisations must be held accountable for their failures concerning “due diligence” – or the lack there of…”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.