The Data Breach Thread

Everything else!

Moderators: Bakhtosh, EvilHomer3k

User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: The Data Breach Thread

Post by Carpet_pissr »

I moved from LastPass to Bitwarden a few years ago when they upped their rates IIRC, but I wonder if I deleted my account. :shock: :think:
User avatar
Blackhawk
Posts: 43487
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: The Data Breach Thread

Post by Blackhawk »

LastPass changed their business model a couple of years ago, and everything about their new approach screamed of greed and hostility toward customers. I quit trusting them then, as did a lot of people, resulting in a mass exodus. I (and a lot other people here) moved on to BitWarden, which I've been extremely happy with.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
Blackhawk
Posts: 43487
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: The Data Breach Thread

Post by Blackhawk »

Carpet_pissr wrote: Sun Jan 01, 2023 2:10 am I moved from LastPass to Bitwarden a few years ago when they upped their rates IIRC, but I wonder if I deleted my account. :shock: :think:
That is a very good question. I probably had 500+ accounts saved to LastPass. It would be practically impossible to change them all. If I could change a password every five minutes, it would take... carry the one... 40+ hours.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
Max Peck
Posts: 13682
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

Maybe we just need to get in the habit of changing all the passwords and whatever once a week or so. :coffee:

First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen)
Don't expect victims to be forthcoming. Their alerts conceal more than they reveal.

In the past 24 hours, the world has learned of serious breaches hitting chat service Slack and software testing and delivery company CircleCI, though giving the companies' opaque wording—“security issue” and “security incident,” respectively—you'd be forgiven for thinking these events were minor.

The compromises—in Slack’s case, the theft of employee token credentials and for CircleCI, the possible exposure of all customer secrets it stores—come two weeks after password manager LastPass disclosed its own security failure: the theft of customers’ password vaults containing sensitive data in both encrypted and clear text form. It’s not clear if all three breaches are related, but that’s certainly a possibility.

The most concerning of the two new breaches is the one hitting CircleCI. On Wednesday evening, the company reported a “security incident” that prompted it to advise customers to rotate “all secrets” they store on the service. The alert also informed customers that it had invalidated their Project API tokens, an event requiring them to go through the hassle of replacing them.

CircleCI says it’s used by more than 1 million developers in support of 30,000 organizations and runs nearly 1 million daily jobs. The potential exposure of all those secrets—which could be login credentials, access tokens, and who knows what else—could prove disastrous for the security of the entire Internet.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
Freyland
Posts: 3041
Joined: Sat Jan 01, 2005 11:03 pm

Re: The Data Breach Thread

Post by Freyland »

Which is why I store my Internet under my mattress, like they did in the 30's and 40's.
Sims 3 and signature unclear.
User avatar
Max Peck
Posts: 13682
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

T-Mobile says data on 37 million customers stolen
The U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth.

T-Mobile said in a filing with the Security and Exchange Commission that the breach was discovered Jan. 5. It said the data exposed to theft — based on its investigation to date — did not include passwords or PINs, bank account or credit card information, Social Security numbers or other government IDs.

“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time,” T-Mobile said, with no evidence the intruder was able to breach the company’s network. The company did not immediately respond to an e-mail seeking comment.

T-Mobile said it has notified law enforcement and federal agencies, which it did not name. The company said it did not expect the incident to have material impact on its operations. It said the data was first accessed on or around Nov. 25.

T-Mobile has been hacked before. In July, it agreed to pay $350 million to customers who filed a class action lawsuit after the company disclosed in August 2021 that personal data including Social Security numbers and driver’s license info had been stolen. Nearly 80 million U.S. residents were affected.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
malchior
Posts: 24794
Joined: Wed Oct 13, 2004 12:58 pm

Re: The Data Breach Thread

Post by malchior »

T-Mobile still doesn't have a true CISO despite multiple major data breaches. I believe this is the 5th or 6th in the last 5 years.
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: The Data Breach Thread

Post by Pyperkub »

Online knockoff stores:
If you recently made a purchase from an overseas online store selling knockoff clothes and goods, there’s a chance your credit card number and personal information were exposed.

Since January 6, a database containing hundreds of thousands of unencrypted credit card numbers and corresponding cardholders’ information was spilling onto the open web. At the time it was pulled offline on Tuesday, the database had about 330,000 credit card numbers, cardholder names, and full billing addresses — and rising in real-time as customers placed new orders. The data contained all the information that a criminal would need to make fraudulent transactions and purchases using a cardholder’s information.
A subset of the list from the article:
Some of these websites include:

spraygroundusa.com

ihuahebuy.com

igoodlinks.com

ibuysbuy.com

lichengshop.com

hzoushop.com

goldlyshop.com

haohangshop.com

twinklebubble.store

spendidbuy.com
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
User avatar
LordMortis
Posts: 70100
Joined: Tue Oct 12, 2004 11:26 pm

Re: The Data Breach Thread

Post by LordMortis »

LordMortis wrote: Wed Jul 31, 2019 6:07 pm
hey'll get a zero-marginal cost service from Equifax promising to protect their personal information (you know, the stuff Equifax has proven incapable of protecting).
That's what I'll be getting because again, that's what the settlement sounded like I had to take. And I concur with your assessment. Why would I have faith in their ability to monitor my credit now, when they were monitoring it before without my approval and their watchful eye was exactly what exposed me to identity theft.

I do believe they should be liable and for much more than the $125 I am not entitled to nor even then $95 claim I made that I have doubts I will receive.

I have no idea what the fine print was on the $125 is, as I couldn't ask for it but class actions always seem to work this way, so




For all of the shit I am going to deal with for a lifetime and the $95 plus effort involved to freeze my credit and gather documentation to prove it (which they said wasn't good enough), I received my court ordered settlement check from Equifax today. $7.05. Not even worth the time it took to gather and send all of the documentation to ask for that money.
User avatar
Max Peck
Posts: 13682
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

Health info for 1 million patients stolen using critical GoAnywhere vulnerability
One of the biggest hospital chains in the US said hackers obtained protected health information for 1 million patients after exploiting a vulnerability in an enterprise software product called GoAnywhere.

Community Health Systems of Franklin, Tennessee, said in a filing with the Securities and Exchange Commission on Monday that the attack targeted GoAnywhere MFT, a managed file transfer product Fortra licenses to large organizations. The filing said that an ongoing investigation has so far revealed that the hack likely affected 1 million individuals. The compromised data included protected health information as defined by the Health Insurance Portability and Accountability Act, as well as patients’ personal information.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
stessier
Posts: 29816
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: The Data Breach Thread

Post by stessier »

LastPass hit again. This seems worse than last time.
Already smarting from a breach that put partially encrypted login data into a threat actor’s hands, LastPass on Monday said that the same attacker hacked an employee’s home computer and obtained a decrypted vault available to only a handful of company developers.

Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” from August 12 to August 26. In the process, the unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

Another bombshell drops

“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” LastPass officials wrote. “The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”

The hacked DevOps engineer was one of only four LastPass employees with access to the corporate vault. Once in possession of the decrypted vault, the threat actor exported the entries, including the “decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups.”
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles__2019: 2000.00 miles
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: The Data Breach Thread

Post by Anonymous Bosch »

stessier wrote: Tue Feb 28, 2023 9:34 am LastPass hit again. This seems worse than last time.
Already smarting from a breach that put partially encrypted login data into a threat actor’s hands, LastPass on Monday said that the same attacker hacked an employee’s home computer and obtained a decrypted vault available to only a handful of company developers.

Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” from August 12 to August 26. In the process, the unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

Another bombshell drops

“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” LastPass officials wrote. “The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”

The hacked DevOps engineer was one of only four LastPass employees with access to the corporate vault. Once in possession of the decrypted vault, the threat actor exported the entries, including the “decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups.”
This is why I much prefer KeePass, because…

Image
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
malchior
Posts: 24794
Joined: Wed Oct 13, 2004 12:58 pm

Re: The Data Breach Thread

Post by malchior »

stessier wrote: Tue Feb 28, 2023 9:34 am LastPass hit again. This seems worse than last time.
It's definitely worse because it calls into question the investigation and subsequent incident hunt activities. The time delay and continuing expanding scope between disclosures is a concern. A big part of regaining trust after an incident is successfully containing the incident or scoping the disclosure properly. Adding in more information and expanding the scope erodes trust and confidence. I'm also super curious who did the IR -- it wasn't my firm thankfully -- because this isn't a good look for them either.

Also, the idea that a home PC compromise was traded into access into the corporate environment compromise for a security company? Yikes. Embarassing.
User avatar
Rumpy
Posts: 12672
Joined: Sun Mar 27, 2005 6:52 pm
Location: Sudbury, Ontario, Canada

Re: The Data Breach Thread

Post by Rumpy »

For those using Telus in Canada, there's been a breach of employee data and a source-code leak, including their sim-swap API. No indication of any customer data yet. I'm with Koodo, a division of Telus, so not sure if it also includes that. I find it funny to see them referred to being Canada's second-largest telecom, as I've always heard they were 3rd behind Bell & Rogers.

https://www.bleepingcomputer.com/news/s ... oyee-data/
PC:
Ryzen 5 3600
32GB RAM
2x1TB NVMe Drives
GTX 1660 Ti
malchior
Posts: 24794
Joined: Wed Oct 13, 2004 12:58 pm

Re: The Data Breach Thread

Post by malchior »

Rumpy wrote: Mon Mar 06, 2023 7:32 pm For those using Telus in Canada, there's been a breach of employee data and a source-code leak, including their sim-swap API. No indication of any customer data yet. I'm with Koodo, a division of Telus, so not sure if it also includes that. I find it funny to see them referred to being Canada's second-largest telecom, as I've always heard they were 3rd behind Bell & Rogers.

https://www.bleepingcomputer.com/news/s ... oyee-data/

Code: Select all

BCE (Bell Canada Enterprises)
World Rank (Jan-07-2022) - 408
Market Cap (Jan-07-2022) - 47.394 Billion USD

TELUS CORPORATION
World Rank (Jan-07-2022) - 657
Market Cap (Jan-07-2022) - 31.925 Billion USD

ROGERS COMMUNICATIONS
World Rank (Jan-07-2022) - 851
Market Cap (Jan-07-2022) - 24.665 Billion USD
The SIM Swap API is potentially a problem for folks who use SMS texts as a 2nd factor.
User avatar
Rumpy
Posts: 12672
Joined: Sun Mar 27, 2005 6:52 pm
Location: Sudbury, Ontario, Canada

Re: The Data Breach Thread

Post by Rumpy »

Huh, interesting. Never quite saw it like that. Always tend to hear more about Bell & Rogers, maybe that's why.
PC:
Ryzen 5 3600
32GB RAM
2x1TB NVMe Drives
GTX 1660 Ti
User avatar
Max Peck
Posts: 13682
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

It depends on the metric you use to decide who is larger.
The three major mobile network operators are Rogers Wireless (10.4 million subscribers), Bell Mobility (9.8 million) and Telus Mobility (9.5 million), which have a combined 86% of market share.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
Max Peck
Posts: 13682
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

Ouch.

Trojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack
Hackers working on behalf of the North Korean government have pulled off a massive supply chain attack on Windows and macOS users of 3CX, a widely used voice and video calling desktop client, researchers from multiple security firms said.

The attack compromised the software build system used to create and distribute Windows and macOS versions of the app, which provides both VoIP and PBX services to “600,000+ customers,” including American Express, Mercedes-Benz, and Price Waterhouse Cooper. Control of the software build system gave the attackers the ability to hide malware inside 3CX apps that were digitally signed using the company’s official signing key. The macOS version, according to macOS security expert Patrick Wardle, was also notarized by Apple, indicating that the company analyzed the app and detected no malicious functionality.
3CX knew its app was flagged as malicious, but took no action for 7 days
The support team for 3CX, the VoIP/PBX software provider with more than 600,000 customers and 12 million daily users, was aware its desktop app was being flagged as malware, but decided to take no action for a week when it learned it was on the receiving end of a massive supply chain attack, a thread on the company’s community forum shows.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
Blackhawk
Posts: 43487
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: The Data Breach Thread

Post by Blackhawk »

Hackers working on behalf of the North Korean government

That's pretty impressive for a TRS-80 running on a hand-cranked generator.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
gbasden
Posts: 7664
Joined: Wed Oct 13, 2004 1:57 am
Location: Sacramento, CA

Re: The Data Breach Thread

Post by gbasden »

Blackhawk wrote: Thu Mar 30, 2023 11:23 pm
Hackers working on behalf of the North Korean government

That's pretty impressive for a TRS-80 running on a hand-cranked generator.
I know you are making a joke, but if you haven't listened to this you should. It's really good!

The Lazarus Heist
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: The Data Breach Thread

Post by Pyperkub »

Western digital My Cloud:
Users of the Western Digital My Cloud service are fuming after a network breach has locked them out of their data for more than 24 hours and has put company-handled information into the hands of currently unknown hackers.

The inability to access data stored in My Cloud was reported on social media by multiple users, including this one, who indicated the outage started sometime on Saturday. Since then, the number of users (and their anxiety levels) have only ratcheted up.
All your Cloud are belong to us?
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: The Data Breach Thread

Post by Anonymous Bosch »

Heads up - Google's .zip domains are a mighty useful tool for social engineering and phishing attacks:



"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Rumpy
Posts: 12672
Joined: Sun Mar 27, 2005 6:52 pm
Location: Sudbury, Ontario, Canada

Re: The Data Breach Thread

Post by Rumpy »

Interesting. I don't know why that feature isn't deprecated at this point. I do remember it from the days when it was common to access ftp servers via the browser, but I don't know that anyone ever does that anymore.
PC:
Ryzen 5 3600
32GB RAM
2x1TB NVMe Drives
GTX 1660 Ti
User avatar
Max Peck
Posts: 13682
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

But their emails...

Typo sends millions of US military emails to Russian ally Mali
Millions of US military emails have been mistakenly sent to Mali, a Russian ally, because of a minor typing error.

Emails intended for the US military's ".mil" domain have, for years, been sent to the west African country which ends with the ".ml" suffix.

Some of the emails reportedly contained sensitive information such as passwords, medical records and the itineraries of top officers.

The Pentagon said it had taken steps to address the issue.

According to the Financial Times, which first reported the story, Dutch internet entrepreneur Johannes Zuurbier identified the problem more than 10 years ago.

Since 2013, he has had a contract to manage Mali's country domain and, in recent months, has reportedly collected tens of thousands of misdirected emails.

None were marked as classified, but, according to the newspaper, they included medical data, maps of US military facilities, financial records and the planning documents for official trips as well as some diplomatic messages.

Mr Zuurbier wrote a letter to US officials this month to raise the alarm. He said that his contract with the Mali government was due to finish soon, meaning "the risk is real and could be exploited by adversaries of the US".

Mali's military government was due to take control of the domain on Monday.
I'm at a loss as to why that sort of information is being sent by means of unencrypted public internet email in the first place. It doesn't matter whether or not they're sent to the correct address, you have to expect that they will be intercepted en route. If it is so sensitive that you don't want Russia to have it, encrypt it.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
LawBeefaroni
Forum Moderator
Posts: 55315
Joined: Fri Oct 15, 2004 3:08 pm
Location: Urbs in Horto, outrageous taxes on everything

Re: The Data Breach Thread

Post by LawBeefaroni »

It's misdirected email to .mil. It may or may not be from .mil.

So while you may have a policy to encrypt everything, some soldier's wife sending a copy of her Tricare card to some beaureaucrat probably isn't going to think to, or even be able to, encrypt the email.
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton

MYT
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: The Data Breach Thread

Post by Pyperkub »

stessier wrote: Tue Feb 28, 2023 9:34 am LastPass hit again. This seems worse than last time.
Already smarting from a breach that put partially encrypted login data into a threat actor’s hands, LastPass on Monday said that the same attacker hacked an employee’s home computer and obtained a decrypted vault available to only a handful of company developers.

Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” from August 12 to August 26. In the process, the unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

Another bombshell drops

“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” LastPass officials wrote. “The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”

The hacked DevOps engineer was one of only four LastPass employees with access to the corporate vault. Once in possession of the decrypted vault, the threat actor exported the entries, including the “decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups.”
It appears that the hashed keys may have been compromised and are being used to steal cryptocurrencies...
Monahan said virtually all of the victims she has assisted were longtime cryptocurrency investors, and security-minded individuals. Importantly, none appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto heist, such as the compromise of one’s email and/or mobile phone accounts.

“The victim profile remains the most striking thing,” Monahan wrote. “They truly all are reasonably secure. They are also deeply integrated into this ecosystem, [including] employees of reputable crypto orgs, VCs [venture capitalists], people who built DeFi protocols, deploy contracts, run full nodes.”

Monahan has been documenting the crypto thefts via Twitter/X since March 2023, frequently expressing frustration in the search for a common cause among the victims. Then on Aug. 28, Monahan said she’d concluded that the common thread among nearly every victim was that they’d previously used LastPass to store their “seed phrase,” the private key needed to unlock access to their cryptocurrency investments.
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

DeFi - Decentralized Finance
It's almost as if people are the problem.
User avatar
Blackhawk
Posts: 43487
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: The Data Breach Thread

Post by Blackhawk »

Isgrimnur wrote: Wed Sep 06, 2023 8:24 pm DeFi - Decentralized Finance
Ah, I had assumed that it was what came before 'DoeFum', but that was a giant mistake.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

:clap:
It's almost as if people are the problem.
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: The Data Breach Thread

Post by Carpet_pissr »

Pyperkub wrote: Wed Sep 06, 2023 8:14 pm
stessier wrote: Tue Feb 28, 2023 9:34 am LastPass hit again. This seems worse than last time.
Gah, I left LastPass a couple of years ago and I have NO idea if I deleted my files/account, whatever you SHOULD do when switching to a new app. I suspect the mass amounts of spam that ramped up after the first breach are an indication that I didn't nuke it like I should have.

I have no idea what my Masterpassword was, so I assume no way to log in anymore and check?
User avatar
LordMortis
Posts: 70100
Joined: Tue Oct 12, 2004 11:26 pm

Re: The Data Breach Thread

Post by LordMortis »

My private info has been stolen... again... This time from Progress being compromised and hitting hospital systems and the anesthesiologist billing being part of "MOVEit". So getting hit by a car screws me again. But it's so nice to know the people who were supposed to protect it will pay for credit monitoring for a year... again...

So glad my credit has been locked down since the outset of this thread... the first time a company gave up my private information. Since then every one has had a turn. Equifax, Sprint, Yahoo, though the worst is always companies I never gave my data to (Equifax and Progress) They just give out everything whereas Sprint and Yahoo, meh.
User avatar
Kraken
Posts: 43688
Joined: Tue Oct 12, 2004 11:59 pm
Location: The Hub of the Universe
Contact:

Re: The Data Breach Thread

Post by Kraken »

Why I like working with credit unions: We needed an updated prequalification letter for a new mortgage, so I emailed our banker and asked what we needed to do. He replied by sending an updated copy. I replied that I wanted to raise the limit by $25k; he said "I can't see your credit reports because you re-locked them, but you said nothing has changed" so here you go, another new letter with a higher limit. Data? We don't need no steenking data.
User avatar
LordMortis
Posts: 70100
Joined: Tue Oct 12, 2004 11:26 pm

Re: The Data Breach Thread

Post by LordMortis »

...And I get notice from IBM that their database supporting health care has been breached and again, they can't tell if my information has been compromised but it may included anything that Jansen knows about me. :roll: Two notices in four days. I'm beginning to move toward the belief that anyone who hasn't frozen their credit is playing with fire. I also am beginning to fear that people are going to start collecting benefits in my name. (I also locked down my electronic social security account when people started talking about how here)
User avatar
stessier
Posts: 29816
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: The Data Breach Thread

Post by stessier »

LordMortis wrote: Fri Oct 13, 2023 2:25 pm ...And I get notice from IBM that their database supporting health care has been breached and again, they can't tell if my information has been compromised but it may included anything that Jansen knows about me. :roll: Two notices in four days. I'm beginning to move toward the belief that anyone who hasn't frozen their credit is playing with fire. I also am beginning to fear that people are going to start collecting benefits in my name. (I also locked down my electronic social security account when people started talking about how here)
I think you'll relate to the end.

I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles__2019: 2000.00 miles
User avatar
LordMortis
Posts: 70100
Joined: Tue Oct 12, 2004 11:26 pm

Re: The Data Breach Thread

Post by LordMortis »

That's certainly how it feel, as I grow more and more security conscious. I actually kinda hate that now I'm giving everyone my number because I want MFA so when they get hacked, my number is one more thing to add to the connection. I'm also beginning to put in fake info in their collecting data about me, like grandmother's maiden name and street I grew up.
User avatar
Blackhawk
Posts: 43487
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: The Data Breach Thread

Post by Blackhawk »

Welltok

Oh, goody.

The facility that my doctor moved to last year uses a tech service that has been breached. As usual, they found out in August, and are notifying people in November (probably to spend time making sure that their asses are covered.) Luckily, the only data that was taken from the server is my name, personal information (possibly including my SSN), demographic information, medical information, and insurance information.

But golly, at least I get a free year of credit monitoring.

So, what, exactly, would a credit freeze interfere with?
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
LordMortis
Posts: 70100
Joined: Tue Oct 12, 2004 11:26 pm

Re: The Data Breach Thread

Post by LordMortis »

Blackhawk wrote: Tue Nov 21, 2023 1:04 pm Welltok

Oh, goody.

The facility that my doctor moved to last year uses a tech service that has been breached. As usual, they found out in August, and are notifying people in November (probably to spend time making sure that their asses are covered.) Luckily, the only data that was taken from the server is my name, personal information (possibly including my SSN), demographic information, medical information, and insurance information.

But golly, at least I get a free year of credit monitoring.

So, what, exactly, would a credit freeze interfere with?
Anecdotally, this seems to be an epidemic. It's happened to me with medical three times this year. It's happened to my parents twice.
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

Blackhawk wrote: Tue Nov 21, 2023 1:04 pm So, what, exactly, would a credit freeze interfere with?
Probably nothing for you.
It's almost as if people are the problem.
User avatar
Blackhawk
Posts: 43487
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: The Data Breach Thread

Post by Blackhawk »

Isgrimnur wrote: Tue Nov 21, 2023 1:16 pm
Blackhawk wrote: Tue Nov 21, 2023 1:04 pm So, what, exactly, would a credit freeze interfere with?
Probably nothing for you.
That was my thought, but I do have a thing or two I was wanting to look into (which is why I was asking.) If it would affect my idea, I may expedite that (or, rather, looking into it (or, rather, getting confused and starting a thread)) and then just leave it frozen.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
LordMortis
Posts: 70100
Joined: Tue Oct 12, 2004 11:26 pm

Re: The Data Breach Thread

Post by LordMortis »

Blackhawk wrote: Tue Nov 21, 2023 1:42 pm
Isgrimnur wrote: Tue Nov 21, 2023 1:16 pm
Blackhawk wrote: Tue Nov 21, 2023 1:04 pm So, what, exactly, would a credit freeze interfere with?
Probably nothing for you.
That was my thought, but I do have a thing or two I was wanting to look into (which is why I was asking.) If it would affect my idea, I may expedite that (or, rather, looking into it (or, rather, getting confused and starting a thread)) and then just leave it frozen.
Buying things on credit. Changing providers for auto insurance, cell phones, cable, etc... I have left my frozen with all the creditors since Experian(? Or was the other one, Not Trans... The other other one) was hacked and they were sheepish about about revealing that my information was compromised. Mine has been frozen so long, I don't know where I put the thawing documents. :oops:
Post Reply