What Happened
In November 2016, CashCrate, a cash-for-surveys website, suffered a data breach when its third-party forum software was compromised, exposing approximately 6 to 6.8 million user accounts. The stolen data included names, email addresses, physical addresses, and passwords—stored in plaintext for older accounts (dating back to 2006) and weakly hashed with MD5 for accounts from mid-2010 onward, making them easily crackable. The breach was publicly disclosed in June 2017 after hackers offered the database via LeakBase, prompting CashCrate to notify users, deactivate the forum, and hash/salt remaining plaintext passwords, though the site lacked basic HTTPS encryption even on login pages. No 2021 incident matching this description was found for CashCrate.
