" The operators of an online rewards website and a dress-up games website have separately agreed to settle Federal Trade Commission allegations that they failed to take reasonable steps to secure consumers’ data, which allowed hackers to breach both websites.
...
In a separate action against the operators of the online rewards website ClixSense.com, the FTC alleged that the website’s inadequate security allowed hackers to gain access to consumers’ sensitive information through the company’s network.
Allegations against ClixSense
ClixSense pays its users to view advertisements, perform online tasks, and complete online surveys. The company collects personal information from users, such as their full names, dates of birth, email and postal addresses, usernames, passwords, and answers to security questions, as well as Social Security numbers for those who make more than $600 a month.
In its complaint against ClixSense, the FTC alleges that the website’s operator, James V. Grago, Jr., deceived consumers by falsely claiming that ClixSense “utilizes the latest security and encryption techniques to ensure the security of your account information.” In fact, ClixSense failed to implement minimal data security measures and stored personal information in clear text with no encryption. The complaint also alleges that ClixSense failed to implement readily available measures to limit access between computers on ClixSense’s network; failed to change default login and password credentials for third-party company network resources; and maintained consumers’ personal information, including consumers’ names, dates of birth, answers to security questions, login and password credentials, and Social Security numbers, in clear text.
The FTC alleges that ClixSense’s failures allowed hackers to gain access to the company’s network through a browser extension that ClixSense downloaded. The complaint notes that ClixSense was put on notice that the company’s network was compromised based on clues left by the hackers. For example, hackers accessed documents, email accounts, and credentials stored on employee laptops; changed employees’ logins and passwords; redirected email notifications for multiple network accounts, including ClixSense’s cloud and Domain Name System (DNS) host services; and redirected visitors to the ClixSense website to an unaffiliated adult-themed website.
As a result of ClixSense’s data security failures, the hackers downloaded a document from ClixSense that contained clear text information regarding 6.6 million consumers, including some 500,000 U.S. consumers. The hackers then published and offered for sale, on a website known for posting security exploits, personal information pertaining to approximately 2.7 million consumers, including full names and physical addresses, dates of birth, gender, answers to security questions, email addresses and passwords, as well as hundreds of Social Security numbers.
As part of the settlement, Grago is prohibited from misrepresenting the extent to which any company he controls protects the privacy, security, confidentiality, or integrity of personal information it collects. If any company he controls collects or maintains personal information, Grago must implement a comprehensive information security program and obtain independent biennial assessments of this program. In addition, Grago also is prohibited from making misrepresentations to the third party performing the biennial assessments of any information security program, and must provide an annual certification of compliance to the Commission.
...
NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $42,530."
Full article you can read
HERE
Eeeh, damn hackers they start to ruin everything that worths!