Clixsense was hacked--was your information compromised?
By Yuki
@yukimori (10179)
United States
September 14, 2016 11:26am CST
There were several posts made earlier this month when Clixsense's DNS was hacked, redirecting the site's domain name to a pornographic website. A day or two after that issue was resolved, there was another attack made against the site. Clixsense is downplaying the severity of the second attack, saying that the hacker was able to access a table of user information through an old server that still had a connection to the database server. But hey, Clixsense has forced a password change for users, so everything is okay now. 
What they're not saying is that this data breach resulted in 2.4 million subscriber identities being published online, with the hackers claiming that it's only a portion of the 6.6 million records that they obtained. The records include sensitive information like names, physical addresses, email addresses, gender and birth date, and passwords which were stored in the server as plain text.
You can check to see if your account's information is included in the 2.4 million records that have already been published by entering your email address on the site below. Even if your information wasn't included in the released records, it's a great idea to take the time to review your passwords--especially if you used the same email address and password combination on multiple sites.
What they're not saying is that this data breach resulted in 2.4 million subscriber identities being published online, with the hackers claiming that it's only a portion of the 6.6 million records that they obtained. The records include sensitive information like names, physical addresses, email addresses, gender and birth date, and passwords which were stored in the server as plain text.
You can check to see if your account's information is included in the 2.4 million records that have already been published by entering your email address on the site below. Even if your information wasn't included in the released records, it's a great idea to take the time to review your passwords--especially if you used the same email address and password combination on multiple sites.
Have I been pwned? allows you to search across multiple data breaches to see if your email addresses has been compromised.
8 people like this
9 responses
@topffer (42155)
• France
14 Sep 16
Very interesting article. I had a doubt on how they could have redirected the DNS without having access to the main server.
I was a member of Clixsense several years ago. I never deleted my account, and I have just checked (with my user name, not my email address
), and this site does not know it... for the moment
.
), and this site does not know it... for the moment.2 people like this
@yukimori (10179)
• United States
14 Sep 16
I heard that some users have found their email addresses but not their usernames in the search.
From what they are saying, the breach actually happened on an old server they weren't using anymore. Apparently they switched and then just... forgot about the old server? It doesn't make much sense to me. 
I guess it's possible for the DNS to be hacked but not the entire site, assuming that they use separate companies for the domain registration and their hosting. Then again, some of those hackers are pretty determined and won't quit until they get all the access they want. 
I guess it's possible for the DNS to be hacked but not the entire site, assuming that they use separate companies for the domain registration and their hosting. Then again, some of those hackers are pretty determined and won't quit until they get all the access they want. 1 person likes this
@topffer (42155)
• France
14 Sep 16
@yukimori I thought that they had a Clixsense admin password to enter the DNS server, and that this password was probably used on all Clixsense servers, like it happens in many companies. Alright, I tried with the email and I won a lot at the lottery : pwned on Clixsense. I have not logged in this account since December 2011 and they have not deleted my info and account
? Well, the email is not my primary email and I never gave a phone number to Clixsense
. But I should ask damages to Clixsense to have compromised my sensible data by forgetting an "old server"
. Without this leak, I suppose that the owner would never have said that his servers had been hacked...
. Alright, I tried with the email and I won a lot at the lottery : pwned on Clixsense. I have not logged in this account since December 2011 and they have not deleted my info and account? Well, the email is not my primary email and I never gave a phone number to Clixsense. But I should ask damages to Clixsense to have compromised my sensible data by forgetting an "old server". Without this leak, I suppose that the owner would never have said that his servers had been hacked...1 person likes this
@topffer (42155)
• France
14 Sep 16
@yukimori I think that I would have noticed if another computer than mines had logged in. Not completely sure though. Anyways, I use Dropbox mainly to share scientific articles/papers/books not interesting for a hacker. I do not put really personal data on any cloud service.
1 person likes this
@bunnybon7 (50970)
• Holiday, Florida
15 Sep 16
I know even on the net nothing is as secure as it should be.
@cupkitties (7421)
• United States
15 Sep 16
Checking all my emails. Found pwns on two so far connected to Myspace, Tumblr and Neopets. Haven't used any of those sites in years. Clixsense is all clear though. Apparently Myspace was compromised back in 2008 and didn't inform anybody for awhile.
1 person likes this
now i have to change all my passwords. 
