Quiz Site DailyQuiz.me Leaks Eight Million Plaintext Passwords


Quiz site DailyQuiz.me, formerly known as ThisCrush.com, was found to have been hit by a data breach in January that gave attackers access to the data of eight million accounts, including plaintext passwords. This is what security researcher Troy Hunt of data leak search engine Have I Been Pwned says. Via DailyQuiz users can take all kinds of quizzes.


In January of this year, an attacker gained access to the site's user database. It contained more than eight million unique email addresses, IP addresses and passwords that were stored in plaintext, says Hunt. While many websites employ password hashing, there are still sites that store them in plaintext. This is a particular risk for users who reuse their password on multiple websites. The captured data has been offered for sale on a forum since January.


Hunt has added the more than eight million stolen email addresses to Have I Been Pwned . Users can use the search engine to see whether their accounts have become part of a data breach. Of the stolen e-mail addresses, 55 percent was already known to the search engine via another data breach. DailyQuiz now shows a warning asking users to change their password.

Previous Post Next Post