CashCrate

In November 2016, CashCrate, a platform rewarding users for completing online surveys, experienced a data breach affecting approximately 6.8 million user accounts. The compromised data included names, physical addresses, email addresses, and passwords. Notably, older accounts had passwords stored in plain text, while newer accounts utilized weak MD5 hashes, both of which are considered insecure. The breach was publicly disclosed in June 2017 when hackers offered the stolen data for sale on underground forums. CashCrate indicated that the breach likely resulted from a compromise of their third-party forum software, which was subsequently deactivated pending security enhancements. ​ In October 2018, a class-action lawsuit was filed against CashCrate, alleging negligence in safeguarding user information and failure to promptly inform affected individuals.

Data Included in the Breach