Retail & Commerce / Online Rewards (Get-Paid-To) / Consumer
Paid-to-click / get-paid-to online rewards platform.
The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.
In September 2016, ClixSense suffered a breach exposing about 2.4 million users, including names, email and physical addresses, dates of birth, gender, account balances, website-activity and transaction history, and passwords stored in plain text.
Full threat analysis, exploitation vectors, and principal guidance below.
10 additional sections · verified field analysis · defensive doctrine
2.4M records analyzed
ClixSense was a paid-to-click and get-paid-to rewards platform that paid users small amounts for completing surveys, viewing ads and other online tasks.
A rewards platform holds member identity and contact data, physical addresses, dates of birth, gender, account balances, activity and payout history, and account passwords.
The 2016 breach was notable for exposing plaintext passwords alongside extensive profile and payout data; ClixSense later rebranded to Ysense.
The plaintext-password exposure made this a widely-cited example of poor credential hygiene and enabled immediate account compromise.
• Credential stuffing against reused passwords across other platforms | • Identity verification bypass using name + date of birth combination | • Targeted phishing campaigns using exposed email addresses | • Doxxing risk from physical address exposure
A consumer-service breach: contact and account data supports phishing, account takeover and profile enrichment. For a high-profile principal this is targeting-grade, not merely identity-theft-grade: the combination lets an adversary locate, impersonate, or pressure the principal with little additional work.
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation