Attackers have published the plaintext passwords, usernames, and other personal information for more than 2.2 million ClixSense users online.
In addition to login credentials, the dumped data includes users' full names, physical addresses, dates of birth, and account balances.
The file is part of a larger security incident that in total affected 6.6 million users of the paid to click (PTC) website. Attackers are currently attempting to sell the data for the remaining 4.4 members.
At this time, it's unknown at what price the data is valued. But if a post advertising the leaked data is correct in asserting the information was current as of August 2016, the information could be quite valuable among computer criminal circles.
For its part, ClixSense hasn't acknowledged the data dump or pending sale of its users' data. It has confirmed, however, that someone hacked its systems:
"Members we want to keep you informed on what is happening with our recent hack. It has come to our attention that this hacker did get access to our database server for a short period of time. He was able to gain access to this not directly but instead through an old server we were no longer using that had a connection to our database server. (This server has since been terminated). He was able to copy most if not all of our users table, he ran some SQL code that changed the names on accounts to 'hacked account' and deleted many forum posts. He also set user balances to $0.00."
Security researcher Troy Hunt also independently verified the breach.
Aside from working with members to restore their account balances and forum posts, the PTC site is urging users to change their passwords, something which millions of people have recently done after breaches that affected Tumblr and other services from several years ago resurfaced in 2016.
Don't let this latest hack jeopardize your digital security! Change your login credentials for ClixSense as soon as possible, and make sure you're using a strong, unique password with each of your web accounts.