This week, ClixSense, a website which offers users cash in return for completing surveys and watching ads, admitted to a data breach in which an attacker was able to gain access to the firm’s database. In total, 2.2 million records have been published, leaving the data of an additional 4.4 million up for grabs to the highest bidder. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS commented below.
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS:
“According to reports, this is another case of poor asset management. Having unpatched servers, no longer in use that are still connected to the network and accessible via the Internet, is nothing more than asking for trouble. A simple analogy to this is like locking all your doors and windows on the first floor of your flat, while keeping a ladder in place leaning against the 2nd story window – where the window is left wide open. You might as well invite the criminals to come in via ladder you left in place. At some point, organisations must be held accountable for their failures concerning “due diligence” – or the lack there of…”