# Data Breaches



## AWP (Aug 23, 2017)

Something I stumbled across today, this is the list of 2017 to date. SOme of these are big names with limited damage, but a partial list that may be of some interest:

Identity Theft Resource Center

Marine Corps Association
Crimson Trace
Florida Department of Agriculture and Consumer Services (16,000 CCW holders)
Verizon
Capital One
Gamestop
NC DMV
US Air Force
Arby's
Toys R Us
XBOX 360 and Playstation accounts

There are a ton of universities, medical providers, and health insurance providers on that list. Some little known but kind of frightening information to start your day. If you think you're affected, you may want to reach out to those companies.


----------



## Ooh-Rah (Aug 23, 2017)

Know what's not on there?  Freaking Shadow Spear, that's what....

Come get you some, Chinese Sniffer Robots and other technology I don't understand!


----------



## DA SWO (Aug 23, 2017)

Thank goodness youporn isn't on the list.


----------



## CQB (Aug 24, 2017)

It's the cost of doing business, with 'just hope you don't get whacked' being the mantra. ID theft is a biggie and will continue to be so for some time yet. Organised crime, vis a vis ID theft in my neck of the woods comes out of Thailand generally, with some also from China.


----------



## AWP (Sep 3, 2017)

Yikes!

Insecure: How A Private Military Contractor's Hiring Files Leaked

http://www.tigerswan.com/newsroom/s...n-llcs-cloud-file-hosted-amazon-web-services/


----------



## CQB (Sep 5, 2017)

It's not uncommon to go one hop out and kick the tyres.


----------



## Florida173 (Sep 7, 2017)

> A massive cyber security incident at Equifax — one of the largest credit reporting agencies in the United States — may have exposed private information belonging to 143 million people — nearly half of the U.S. population.




So this is pretty crazy news. Well at least the CEO apologized for their customer's concerns and frustrations.

They set up a website for people concerned about the breach.

Cybersecurity Incident & Important Consumer Information | Equifax

Providing a few services

No Evidence of Unauthorized Access to Core Consumer or Commercial Credit Reporting Databases
Company to Offer Free Identity Theft Protection and Credit File Monitoring to All U.S. Consumers


----------



## Frank S. (Sep 7, 2017)

After Equifax hack that exposed data of 143 million people, 3 executives sold stock
_
"Bloomberg News reported Thursday evening that three company executives - chief financial officer John Gamble; Joseph Loughran III, the president of U.S. information solutions; and Rodolfo Ploder, the president of workforce solutions - sold large amounts of their shares of Equifax stock totaling nearly $1.8 million in the days after the breach was discovered July 29. The Washington Post confirmed the sales based on Securities and Exchange Commission filings.

The stock trades were not part of a previous scheduled sale, federal filings show.

A company spokeswoman, Ines Gutzmer, said in an email Thursday night, "The three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, had no knowledge that an intrusion had occurred at the time they sold their shares.""

_


----------



## AWP (Sep 7, 2017)

Threads merged.


----------



## Florida173 (Sep 8, 2017)

Another interesting development.

Since interesting strings attached of you look to Equifax for support.

If you want help from Equifax, there are strings attached


*You can't get help right away.*
*You are giving up some of your rights to sue.*
*Equifax isn't promising help fixing your credit*
The stolen data includes names, Social Security numbers, birth dates, addresses and driver's license numbers.


----------



## Il Duce (Sep 8, 2017)

Florida173 said:


> Another interesting development.
> 
> Since interesting strings attached of you look to Equifax for support.
> 
> ...



Corporations are people too...shitty, shitty, people.


----------



## Florida173 (Sep 8, 2017)

Il Duce said:


> Corporations are people too...shitty, shitty, people.



They are also only looking to the interest of the share holders.

Does anyone believe that the government will step in and assess penalties on Equifax? Outside of the execs that sold some shares of course.


----------



## Il Duce (Sep 9, 2017)

Florida173 said:


> They are also only looking to the interest of the share holders.
> 
> Does anyone believe that the government will step in and assess penalties on Equifax? Outside of the execs that sold some shares of course.



I don't think the government will assess penalties against them at all.  I think that's one of the unifying themes of populism across both major parties in American politics that none of the major politicians (except Sanders and the President) understand.  The idea there's a separate set of rules for those at the top and they get by while screwing over everyone else.  I think the blue-collar dude in Ohio and the occupy wallstreet protester might agree on nothing else - but on that.  And frankly, I think both of them are right on that point.


----------



## Florida173 (Oct 4, 2017)

IRS awards multimillion-dollar fraud-prevention contract to Equifax


Are we living in the Twilight Zone or something?


----------



## Dame (Oct 4, 2017)

Florida173 said:


> IRS awards multimillion-dollar fraud-prevention contract to Equifax
> Are we living in the Twilight Zone or something?



Yes.


----------



## Blizzard (Oct 12, 2017)

And....Equifax is hacked again:
Equifax website hacked again, this time to redirect to fake Flash update

Clown shoes.


----------



## AWP (Oct 12, 2017)

Blizzard said:


> And....Equifax is hacked again:
> Equifax website hacked again, this time to redirect to fake Flash update
> 
> Clown shoes.



They need to burn that company to the ground and exile the entire IT and executive management staff to Syria.


----------



## Kaldak (Oct 12, 2017)

AWP said:


> They need to burn that company to the ground and exile the entire IT and executive management staff to Syria.



I was thinking three mile island. ISIS is too good for them.


----------



## Blizzard (Oct 16, 2017)

A pretty definitive statement...not some but EVERY:
Every Wi-Fi network at risk of unprecedented 'Krack' hacking attack


----------



## Florida173 (Oct 16, 2017)

Blizzard said:


> A pretty definitive statement...not some but EVERY:
> Every Wi-Fi network at risk of unprecedented 'Krack' hacking attack



Well... not on wired connections, and not on Microsoft's patched OSs, for client side at least.

I've been tracking it a bit on reddit

__
		https://www.reddit.com/r/technology/comments/76pfcp


----------



## AWP (Oct 16, 2017)

The WPA2 hack is bad, but barely so. Sure, it affects every almost wireless user out there, but you need to be in close proximity, Windows has patched the vulnerability, and Apple's in beta testing. This is massive in scope, but minimal in impact. Use HTTPS (an option for this forum and default for many other websites) and/ or a VPN (which you should do anyway).

I did send the details to my users today, if only because many of them aren't geeks. I knew the articles, if they even saw them, would confuse the hell out of a non-tech guy.


----------



## Blizzard (Nov 17, 2017)

Not a breach per se but...sigh:
Dark Cloud: Inside The Pentagon's Leaked Internet Surveillance Archive


----------



## Florida173 (Nov 18, 2017)

Blizzard said:


> Not a breach per se but...sigh:
> Dark Cloud: Inside The Pentagon's Leaked Internet Surveillance Archive



This isn't really all that interesting.


----------



## Florida173 (Nov 18, 2017)

AWP said:


> The WPA2 hack is bad, but barely so. Sure, it affects every almost wireless user out there, but you need to be in close proximity, Windows has patched the vulnerability, and Apple's in beta testing. This is massive in scope, but minimal in impact. Use HTTPS (an option for this forum and default for many other websites) and/ or a VPN (which you should do anyway).
> 
> I did send the details to my users today, if only because many of them aren't geeks. I knew the articles, if they even saw them, would confuse the hell out of a non-tech guy.



Don't forget about how easy HTTPS stripping is.


----------



## Blizzard (Nov 18, 2017)

Florida173 said:


> This isn't really all that interesting.


Except for the obvious lack of controls/QA in place.


----------



## Florida173 (Nov 18, 2017)

Blizzard said:


> Except for the obvious lack of controls/QA in place.



Yeah.. That part doesn't really surprise me either.. Doesn't seem like anyone can figure out how to properly setup AWS these days. Complete amateur hour.


----------



## CDG (Nov 18, 2017)

Florida173 said:


> Don't forget about how easy HTTPS stripping is.



Wasn't there some FBI agent that lost a gun and a Rolex over this?


----------



## CQB (Nov 20, 2017)

The one that really gives me the creeps is the Equifax hack.


----------



## BloodStripe (Nov 21, 2017)

Anyone here an Uber rider?

From USA TODAY

Uber kept mum for a year about hack of info for 57 million users

Uber paid hackers $100,000 to hide year-old breach of 57 million users

SAN FRANCISCO — Personal information belonging to about 57 million Uber customers and drivers was stolen by hackers last October, a breach the company kept hidden for a year and for which its chief security officer was fired this week.The stolen data included names, email addresses and phone numbers of 50 million Uber riders and 7 million drivers. The drivers’ stolen information also included 600,000 US. drivers' license numbers, CEO Dara Khosrowshahi said in a statement. "You may be asking why we are just talking about this now, a year later. I had the same question," Khosrowshahi wrote.After asking for an investigation, Uber discovered that instead of notifying regulators and the affected individuals it had "identified the individuals and obtained assurances that the downloaded data had been destroyed," he wrote.


----------



## Blizzard (Nov 21, 2017)

Uber really is a sleazy, half-assed company.


----------



## CQB (Nov 21, 2017)

Stand by for fraudulent ID scams, coming soon to a life a lot like yours.


----------



## Florida173 (Nov 21, 2017)

Uber is looking out for its best interest. I wouldn't consider them sleazy.


----------



## Ooh-Rah (Nov 21, 2017)

Florida173 said:


> Uber is looking out for its best interest. I wouldn't consider them sleazy.



Umm ... read the headline again. 

Uber paid hackers $100,000 to hide year-old breach of 57 million users


----------



## Florida173 (Nov 21, 2017)

Any different than a hospital paying a ransom?


----------



## Ooh-Rah (Nov 22, 2017)

Florida173 said:


> Any different than a hospital paying a ransom?



Yeah, I saw that episode of Grey's Anatomy last week too. 

Uber withheld information from the public that their personal data had been hacked.
#sleazy

_Personal information belonging to about 57 million Uber customers and drivers was stolen by hackers last October, a breach the company kept hidden for a year and for which its chief security officer was fired this week.The stolen data included names, email addresses and phone numbers of 50 million Uber riders and 7 million drivers. The drivers’ stolen information also included 600,000 US. drivers' license numbers,_


----------



## Florida173 (Nov 22, 2017)

Ooh-Rah said:


> Yeah, I saw that episode of Grey's Anatomy last week too.
> 
> Uber withheld information from the public that their personal data had been hacked.
> #sleazy
> ...



I can't really get upset that names, emails, and phone numbers were hacked. It's all public information and all Uber was protecting was their image.

Was it really in an episode of Grey's Anatomy? Way too much stuff on Netflix to catch up on to watch hospital drama shows.


----------



## Dame (Nov 22, 2017)

Mantistek (made in China) keyboard GK2 sends keystroke information home to server. It sends counts from which, knowing which language is being used, a dictionary can be built.
MantisTek GK2's Keylogger Is A Warning Against Cheap Gadgets (Updated)


----------



## Florida173 (Nov 22, 2017)

Meanwhile.. My Oculus Rift has a mic and three sensors on in my room that can probably be grabbed by someone


----------



## CQB (Dec 16, 2017)

More IoT fun...

Mercedes 'relay' thieves caught on CCTV


----------

