In an upbeat twist they say ClixSense accounts are now "much more secure" without specifying security controls outside of password resets.
Locking vents, building a flamethrower and looking for stray cats comes to mind.
Cleartext passwords, real names and user names, email addresses plus and IP addresses for 2.2 million users of cash-for-surveys site ClixSense have been dumped online, with a further alleged 4.4 million up for sale. The records also include the pay outs the site has handed each breached user, Australian researcher Troy Hunt …
The attackers supposedly accessed the database via an old server.
I'll be generous and assume access was via a SQL injection via a web page rather than SSH access/an application compromise based on the damage reported.
Questions are:
a) should the server have been decommissioned?
b) if the server was still required, should access from the internet been removed to prevent it being abused?
c) was the old server being patched and applications upgraded or was it abandoned?
d) are they sure the compromise was just SQL access or is the server now totally owned and any passwords/SSH keys now controlled by others. Plus any servers that could be reached by jumping off the first server via common credentials?
It feels necessary to ask about (d) because the first three questions hint at a degree of carelessness...