Your victim status won't last long if your response is nonexistent:
In cybersecurity, the phrase "what they don't know won't hurt them" is not only wrong, it's dangerous. Despite this, it's a motto that remains in many organizations' PR playbooks, as demonstrated by the recent LastPass and Fortra data breaches.
[...] TechCrunch+ has learned that LastPass has already lost customers because of its silent-treatment approach to its breach. And Fortra is likely to face a similar fate after TechCrunch+ heard from multiple customers that they only learned that their data had been stolen after receiving a ransom demand; Fortra had assured them that the data was safe.
Smaller companies, too, are employing a silent-treatment approach to data breaches: Kids' tech coding camp iD Tech failed to acknowledge a January breach that saw hackers access the personal data of close to 1 million users, including names, dates of birth, passwords stored in plaintext, and about 415,000 unique email addresses. Concerned parents told us at the time that they only became aware of the breach after receiving a notification from a third-party data breach notification service.
[...] While getting hacked can be forgivable, an organization's victim status will not last long if it fails to respond appropriately or at all — as demonstrated by LastPass and Fortra.
(Score: 5, Insightful) by Rosco P. Coltrane on Saturday April 01, @06:55AM (1 child)
Entrusting sensitive data to third parties.
(Score: 0) by Anonymous Coward on Sunday April 02, @12:21PM
My mobile phone absolutely must connect to a server in china to get a list of file information to keep up to date with types of files that can be considered to be junk so they can be deleted [theverge.com]. This function must be a core part of the phone operating system and then therefore cannot be disabled. Of course, it can't be opted out. Since I don't own my phone and I am not the administrator of my phone I can't uninstall or disable this software. In still runs though, in the background, sending data to china. To help us. To protect us. Right? It's nothing to worry about, is it. Why did it not tell me it does this? What data is it sending? What is their privacy policy? ....... .. . .. ..
(Score: 5, Interesting) by NotSanguine on Saturday April 01, @09:36AM (6 children)
A couple hours ago, I received an email sent to an email address I only use with a specific company (all my email addresses are like that. One of the nice things about owning your own domain), in this case, American Airlines. Except the email was from a scammer (spoofing the same email address as the source) using the old "I hacked all your systems and made split screen videos of the pr0n you watched and you masturbating to it" extortion bit. For just $960 in bitcoin, I can be sure that no one will ever see those videos, but if I don't pay within 48 hours, all my contact and social media will be sent these videos.
It's all bullshit of course. I wish I could contact this moron (using a probably compromised system on an Ohio ISP's network) and beg him to post whatever he's got. Because, of course, he's got nothing. But I digress.
The interesting part is that I *only* use that email address for American Airlines related stuff. No one was *ever* given that address except American Airlines. a bit of DDG-ing around and I found the following:
According to Reuters [reuters.com]:
Great! They don't have my passport number or my driver's license number or any medical information.
However, it seems they did access my data. But American Airlines never notified me of the breach. Assholes. Or maybe they didn't figure out that it was compromised. Or maybe there's been a new breach. Sigh.
I have noticed an uptick in SMS and voice call spam in the past few months on my phone, but didn't think it was anything other than the normal garbage.
But now that I've received this email, it seems my information was definitely compromised. I've disabled that particular account, so no more email scams to that address.
But that's not good enough. And there will be consequences. American Airlines was never my favorite airline, so it won't be hard never to fly them again.
They didn't let me know, so I won't let them know I'm kicking them to the curb.
Which validates the thesis of TFS. I guess it's "lucky" to have received this email around the time this article went onto the front page so I had something relevant to say.
Note to Eds: Please do not post any articles about apartment building fires, new and deadly STDs or other nasty things that might befall me -- just in case posting this article was the trigger. ;)
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 5, Interesting) by inertnet on Saturday April 01, @10:21AM (3 children)
I've had those threats as well and it's a pity you can't contact these idiots to laugh at them. I don't have a webcam connected to that system, so I would really like to ask them how they managed to make a video of me.
On topic, when I registered my family at a local dentist after moving here, two of them got phone calls from some African country. My kids were already wise enough back then not to answer them. I reported this to the dentist office, implying that their database was compromised, but they simply answered that their database didn't have any problems. Exactly the behavior that TFA is about.
(Score: 0) by Anonymous Coward on Saturday April 01, @12:47PM
We had that issue with our vet. They had my wife's name in their contacts, but my cell phone number. Leading up to the last election, I started getting political text spam addressed to my wife's first name from a candidate running for county executive. Just from that one candidate, and each text would come from a different phone number so you couldn't just block a number and make it stop.
(Score: 0) by Anonymous Coward on Sunday April 02, @12:25PM
I had the same response from the local Dominos. Only they spell my name that way, only they have that email address, and only they refer to where I live in that specific way. It is obvious a hacker copied their database. They don't care. I look at the spam sent to that address to note how far and wide that hack goes. As for Dominoes they really don't care.
(Score: 3, Interesting) by NotSanguine on Sunday April 02, @07:49PM
Sorry for the late reply.
Yeah, I don't have a webcam (more importantly, none of my systems have been breached) attached to any of my systems either.
Like you I'd love to be able to respond to this idiot to beg them to post everything they've got to all my contacts, especially my family!
Sadly, I could only track the email back (it came directly from there) to a probably compromised system (I guess the scammer could be using their own system, but that's even dumber than usual!) with a DHCP address from a mid-western ISP.
I did try to track the bitcoin wallet address included in the email (1Lt2Ns6FEPTPHA6pENS1Rhym1KAt43FFUp) with one [blockchain.com] of several Bitcoin "Blockchain Explorer" sites.
There's been no activity (in or out) at all on that particular wallet, so either this scammer hasn't gotten anyone to fall for this crap, or they're using one wallet per potential mark.
I guess I could send some trivial amount in bitcoin and then see to where it gets transferred, but I don't really care enough.
Oh well. I guess I'll have to find my amusement elsewhere. ;)
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Touché) by Opportunist on Saturday April 01, @11:15AM
I never got those "I saw you jack off" extortion spam. If anything, I'd try to extort the poor soul he plans to send this to, a la "cough up the dough or you see something you wish you could unsee!"
(Score: 3, Funny) by Tork on Saturday April 01, @08:57PM
Slashdolt Logic: "25 year old jokes about sharks and lasers are +5, Funny." 💩
(Score: 4, Insightful) by JoeMerchant on Saturday April 01, @01:36PM
Given the choice between entrusting your data to A) a third party which presents regular independent audits of their operations, verified architecture diagrams illustrating redundancy, defense in depth, and state of the art controls at all critical checkpoints, or...
B) Trust us, we're the best in the business. We can't tell you how we do it because that would be a security vulnerability, your data is safer if you don't know. We have 84 Zottabytes of data hot, online, 24-7 with 99.99999% uptime (we say, according to our undisclosed internal metrics) and we've _never_ been hacked (in our whole 18 months in business...)
What's choice would you make? Unfortunately, some degree of B) still seems to be the only choice available in the market today.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 0) by Anonymous Coward on Sunday April 02, @12:33PM
How many report it? How many can handle it? It just keeps getting worse. The people at the front counter can't do anything. Support is crap these days. They only care if the government is going to take action or if they will be sued.