Whoops. The data broker giant LexisNexis has suffered another data breach.
Uncategorized
16
Posts
12
Posters
0
Views
-
Whoops. The data broker giant LexisNexis has suffered another data breach. LN says the data taken was no big deal. The group claiming credit for the breach claims otherwise, of course.
This brings back memories of previous breach stories. One of my first big scoops that made the WaPo dead tree edition's front page involved a breach at LexisNexis in 2005 that exposed >300k consumer records. That breach was from a group of 15-18y/os in the US who also social engineered T-Mobile into giving them access to Paris Hilton's cell phone and the nudes w/in.
In 2013, I published a scoop about a LexisNexis breach that came from group of criminal hackers who had seized control over ssndob[.]ru, then the largest ID theft service in the underground. In that months-long investigation, we found the hackers had installed backdoors on servers at LexisNexis, Dun & Bradstreet, and Kroll and were using them as part of a small and custom data broker botnet.
https://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/
@briankrebs Perhaps the data breeches all need catchier names, like hurricanes and cyclones, for easy reference. <sarcasm>
-
@SteveBellovin Yes! Or as I like to say, you don't have to protect what you don't collect.
gee, was just posting about that in relation to the ICE use of ad broker data. if you don't collect that data, it can't be illegally misused.
-
> American data analytics company #LexisNexis Legal & Professional has confirmed to #BleepingComputer that #hackers breached its servers and accessed some customer and business information.
> The company's data breach confirmation comes as a threat actor named #FulcrumSec leaked 2GB of files on various underground forums and sites.
> LexisNexis L&P is a global provider of legal, regulatory, and business information, research tools, and analytics used by lawyers, corporations, governments, and academic institutions in more than 150 countries worldwide.
LexisNexis also does data and background checks, which generates access to a boatload of private information.
-
gee, was just posting about that in relation to the ICE use of ad broker data. if you don't collect that data, it can't be illegally misused.
@paul_ipv6
So where’s the national privacy legislation, guys? Has there been any good draft policy written already that we can retitle and relaunch? Can we get all the big privacy orgs to back it? Publicize it maybe? Memeable? I’m tired of constantly being a victim and nobody ever fighting back for our right to not be snooped on and surveilled, and then to have our snooped-on data stolen. I’m in so many dark web dumps I don’t even look anymore. It just never seems to end and I don’t see how we are going to stand up to the lobbyists without seriously organizing on the privacy agenda. It’s just like microplastics. It’s toxic and everyone agrees that we need to get it out of our environment but nobody is talking about eliminating the problem at the source.
@briankrebs @SteveBellovin -
@paul_ipv6
So where’s the national privacy legislation, guys? Has there been any good draft policy written already that we can retitle and relaunch? Can we get all the big privacy orgs to back it? Publicize it maybe? Memeable? I’m tired of constantly being a victim and nobody ever fighting back for our right to not be snooped on and surveilled, and then to have our snooped-on data stolen. I’m in so many dark web dumps I don’t even look anymore. It just never seems to end and I don’t see how we are going to stand up to the lobbyists without seriously organizing on the privacy agenda. It’s just like microplastics. It’s toxic and everyone agrees that we need to get it out of our environment but nobody is talking about eliminating the problem at the source.
@briankrebs @SteveBellovin@suzannealdrich @paul_ipv6 @briankrebs There are several good state laws to copy, such as California's and Colorado's, and of course there's the GDPR. There was a decent Federal bill a few years ago but Pelosi killed it, because it preempted stronger state laws like California's.
Industry, of course, doesn't want any of this. "Data is the new oil!" No (and I wish I'd thought up this line, and I don't know who did), it's the new plutonium—small amounts are very toxic, and too much concentrated in one place can have very bad consequences. But if there are going to be privacy laws, they want one law in the US, not 50. In the meantime, they're pushing (and drafting) weak state privacy laws, some of which have been enacted.
Of course, I'll believe that things like the GDPR actually work when Facebook et al. have to pull out of the EU. I do, though, suspect that we're thinking about privacy regulation incorrectly. The paradigm of notice and consent is >50 years old and it doesn't work. My thoughts on that are at https://gwjolt.org/files/volume_1/GW_JOLT_1_1_Bellovin.pdf. -
Whoops. The data broker giant LexisNexis has suffered another data breach. LN says the data taken was no big deal. The group claiming credit for the breach claims otherwise, of course.
This brings back memories of previous breach stories. One of my first big scoops that made the WaPo dead tree edition's front page involved a breach at LexisNexis in 2005 that exposed >300k consumer records. That breach was from a group of 15-18y/os in the US who also social engineered T-Mobile into giving them access to Paris Hilton's cell phone and the nudes w/in.
In 2013, I published a scoop about a LexisNexis breach that came from group of criminal hackers who had seized control over ssndob[.]ru, then the largest ID theft service in the underground. In that months-long investigation, we found the hackers had installed backdoors on servers at LexisNexis, Dun & Bradstreet, and Kroll and were using them as part of a small and custom data broker botnet.
https://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/
That 2005 data breech was a big headache for me Wells Fargo who was my visa provider at the time called me and asked if I was in Connecticut buying stereo equipment.
I was not so they cancelled the card and we though all was well.Over the course of the next few weeks multiple quick and instant credit applications were approved . Best was a vehicle dealer in Puerto Rico. Someone pretending to be me bought a car down there
Somehow he got my home phone number and called. I told him sorry when he kept asking if I was sure I did not buy a vehicle. I asked him can't he repossess it and he responded it probably is already in pieces by now.
I still have my credit locked.
-
Whoops. The data broker giant LexisNexis has suffered another data breach. LN says the data taken was no big deal. The group claiming credit for the breach claims otherwise, of course.
This brings back memories of previous breach stories. One of my first big scoops that made the WaPo dead tree edition's front page involved a breach at LexisNexis in 2005 that exposed >300k consumer records. That breach was from a group of 15-18y/os in the US who also social engineered T-Mobile into giving them access to Paris Hilton's cell phone and the nudes w/in.
In 2013, I published a scoop about a LexisNexis breach that came from group of criminal hackers who had seized control over ssndob[.]ru, then the largest ID theft service in the underground. In that months-long investigation, we found the hackers had installed backdoors on servers at LexisNexis, Dun & Bradstreet, and Kroll and were using them as part of a small and custom data broker botnet.
https://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/
Oh yikes.
Thomson Reuters (major product Westlaw which competes with LexisNexis) has CLEAR, wonder how often that's been breached.
-
@paul_ipv6
So where’s the national privacy legislation, guys? Has there been any good draft policy written already that we can retitle and relaunch? Can we get all the big privacy orgs to back it? Publicize it maybe? Memeable? I’m tired of constantly being a victim and nobody ever fighting back for our right to not be snooped on and surveilled, and then to have our snooped-on data stolen. I’m in so many dark web dumps I don’t even look anymore. It just never seems to end and I don’t see how we are going to stand up to the lobbyists without seriously organizing on the privacy agenda. It’s just like microplastics. It’s toxic and everyone agrees that we need to get it out of our environment but nobody is talking about eliminating the problem at the source.
@briankrebs @SteveBellovin@suzannealdrich @paul_ipv6 @briankrebs @SteveBellovin My wife took a small step in fighting back - she has a set of false names, dates, and places that she uses. A few years back the WSJ did a front page article on her doing this.
I have a copy of the 1974 HEW report on computers/privacy. It's concerns about data linking have come true - and have even exceeded what was imagined. (And there was no lack of imagination - for instance Lance Hoffman's article from that era about pulling personally identifiable information from seemingly anonymous databases.)
-
@suzannealdrich @paul_ipv6 @briankrebs @SteveBellovin My wife took a small step in fighting back - she has a set of false names, dates, and places that she uses. A few years back the WSJ did a front page article on her doing this.
I have a copy of the 1974 HEW report on computers/privacy. It's concerns about data linking have come true - and have even exceeded what was imagined. (And there was no lack of imagination - for instance Lance Hoffman's article from that era about pulling personally identifiable information from seemingly anonymous databases.)
@karlauerbach @suzannealdrich @paul_ipv6 @briankrebs So much was known 60 years ago. https://www.cs.columbia.edu/~smb/talks/vassar-privacy.pdf summarizes some of it; some of my legal writing has citations to even more sources. The first privacy law in the modern world was in Hesse, in 1970; the phrase "data shadow" was coined no later than 1973 by Kerstin Anér, a member of the Swedish parliament. We should not be where we are today! (Credit reports, though, go way back, and originally consisted of gossip collected from servants about their employers.)
-
@karlauerbach @suzannealdrich @paul_ipv6 @briankrebs So much was known 60 years ago. https://www.cs.columbia.edu/~smb/talks/vassar-privacy.pdf summarizes some of it; some of my legal writing has citations to even more sources. The first privacy law in the modern world was in Hesse, in 1970; the phrase "data shadow" was coined no later than 1973 by Kerstin Anér, a member of the Swedish parliament. We should not be where we are today! (Credit reports, though, go way back, and originally consisted of gossip collected from servants about their employers.)
@karlauerbach @suzannealdrich @paul_ipv6 @briankrebs Here's a great history source: https://www.europarl.europa.eu/RegData/etudes/BRIE/2020/651923/EPRS_BRI(2020)651923_EN.pdf
-
Whoops. The data broker giant LexisNexis has suffered another data breach. LN says the data taken was no big deal. The group claiming credit for the breach claims otherwise, of course.
This brings back memories of previous breach stories. One of my first big scoops that made the WaPo dead tree edition's front page involved a breach at LexisNexis in 2005 that exposed >300k consumer records. That breach was from a group of 15-18y/os in the US who also social engineered T-Mobile into giving them access to Paris Hilton's cell phone and the nudes w/in.
In 2013, I published a scoop about a LexisNexis breach that came from group of criminal hackers who had seized control over ssndob[.]ru, then the largest ID theft service in the underground. In that months-long investigation, we found the hackers had installed backdoors on servers at LexisNexis, Dun & Bradstreet, and Kroll and were using them as part of a small and custom data broker botnet.
https://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/
And you get 2 years of free credit monitoring, if you update your PII.
We will claim we were hacked later after we sold the data.
Come back in 2 years. Rinse, lather, repeat.
-
@karlauerbach @suzannealdrich @paul_ipv6 @briankrebs Here's a great history source: https://www.europarl.europa.eu/RegData/etudes/BRIE/2020/651923/EPRS_BRI(2020)651923_EN.pdf
@SteveBellovin @karlauerbach @suzannealdrich @paul_ipv6 @briankrebs I usd to work for Lexis Nexis (Quicklaw in Canada, the real part) and we called the company "Monica", after Monica DeVertebrae
-
undefined oblomov@sociale.network shared this topic
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@kenobit Grazie davvero, anche solo la disponibilità aiuta molto <3
-
Do European leaders represent Europe?
For me, apart from Sánchez, the others are barely burgomasters.
They should also be kicked out of their respective governments. An European national leader today cannot afford not to be a leader at an European level.
-
@OKdad no need to apologize, thank you for all your insights!
My child is much younger (5) and thus blissfully offline. That's why I do so much work now advocating for the Fediverse and FOSS... I wanna help support better alternatives for her and her peers 🥲
-
Ma i leader europei rappresentano l'Europa?
Per me, a parte Sánchez, gli altri sono a malapena borgomastri
Andrebbero cacciati anche dai rispettivi governi, un leader nazionale europeo oggi non può permettersi di non essere un leader di livello europeo
-
@lisyarus @jonikorpi also js means doubles
-
@sharirvek My 0.02$ (source: sono laureato in mediazione linguistica e ho fatto il traduttore): chi sa tradurre sa esprimere un concetto, pertanto sa parlare e sa comunicare. Si tratta di soft skills che si applicano a una marea di contesti, soprattutto ambiti di governance e interfaccia tra servizi e clienti. E infatti è quello che faccio adesso. Farlo nativamente in più lingue è un plus notevole.
-
@jonikorpi I'm using the same method (I think) in my C++ engine, but I guess the perf cost in JS is somehow much higher due to dynamic typing or smth?
-
@stefano @thomholwerda In fairness, these are 5K displays, so have about 77% more pixels than 4K ones. So the additional bandwidth required is nontrivial, and there aren‘t a lot of 5K+ ~120Hz displays on the market. As far as I'm aware the others don't use a USB-C port for those data rates. (Of course, Mini-DP ports are no longer fashionable in Cupertino; and I fully agree the displays are overpriced for most users, video professionals may disagree however.)
