Most Solyenters are familiar with LaCie, a French company that makes computer hard drives. They're now owned by Seagate, and maintain their own online storefront, which was one of many hit by hackers in a recent credit card data breach. This time, the baddies exploited vulnerabilities in the Web application platform ColdFusion, which has been ongoing for almost an entire year.
Shadowy but usually reliable sources told the site Krebs on Security that the people behind these smaller breaches might be the very same outfit that stole as many as 150 million customer records from Adobe in 2013, and information from major data brokers like LexisNexis and Dun & Bradstreet earlier that same year.
This discussion has been archived.
No new comments can be posted.
LaCie Admits Customer Data Was Breached For A Year
|
Log In/Create an Account
| Top
| 5 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 3, Funny) by useless on Wednesday April 16 2014, @07:21PM
People are still using ColdFusion? That's the real news here.
(Score: 3, Insightful) by paulej72 on Wednesday April 16 2014, @08:06PM
I would not touch Cold Fusion with a ten foot poll, and I have seen the horrors of slash :)
Team Leader for SN Development
(Score: 2) by hemocyanin on Wednesday April 16 2014, @11:25PM
Just another data point supporting the notion that if you are going to remotely store data (which is a good backup practice), you should definitely encrypt the files yourself beforehand, or only store data that wouldn't be harmful for the world to have.
(Score: 2) by edIII on Thursday April 17 2014, @01:40AM
That's not the real issue though.
What I am getting from this is that the major brokers of quite personal information like Lexus Nexus (used by skip tracers) and Dun & Bradstreet is protected by systems really no better than this.
We all strongly object to the collection of our personal information, but they always try and appease people by saying it's safe. If it's shown that on average in the industry hackers are able to steal the information and violate privacy on a massive scale by someone other than government maybe we should start to evaluate just who can hold the information.
I hate that 3rd party corporations are collecting this massive amount of data on me, including ostensibly private records. If it's just open season anyways, I want a law passed where it's 10k per record, capped to 50 million USD per incident, any time a data breach is proven to occur.
Sounds unfair, but after the first few times I'm willing to bet they will open up the coffers to seriously implement security and even resort to air gapping and only creating reports on demand. Getting everything is physically rate limited, and therefore impossible. They should limit the number of requests that can even be serviced per day.
That should be a minimum for anyone involved at such a huge scale like the two mentioned.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 3, Informative) by mindriot on Thursday April 17 2014, @01:45PM
I'm guessing a few people here, like me, might be using Wuala [wuala.com], a secure cloud storage service owned by LaCie.
According to Wuala, they are not affected by the LaCie data breach [twitter.com].
soylent_uid=$(echo $slash_uid|cut -c1,3,5)