As many in MN know, the Norm Coleman campaign had a pretty serious security breach, to the tune of exposing 40,000+ e-mail addresses and 4,500+ credit card numbers to any anonymous person on the internet.
This was not a case of a web site being forced-entry hacked. Rather, as the Mpls-based consultant who discovered it explains, the database was actually published - without any security layer at all - to their web server. It may have been a database backup and not live data, but the fact remains that irresponsible action - backing up a sensitive database in public view - by someone who (presumably) did not know what they were doing has jeopardized the personal information of tens of thousands of people.
The vulnerability was secured fairly shortly after it happened back in January, but it was open long enough for ne'er-do-wells to acquire the database and it has now been posted for download (with credit card numbers strategically scrubbed) on a site which shall remain nameless (shameless?).
This opens debate on another issue altogether. It's certainly not legal to publish an e-mail list that you gather yourself; why should posting someone else's data breach be any different? It's going to make a very bad situation into a complete nightmare for thousands of people, and it's disappointing to me that (apparently) no legal action has/can be taken to stop this posting. It's surely serving as a nice little source for a whole array of scam artists. I can't for the life of me figure out how it could be that now, almost two full days after the list was posted on the internet, the ISP of the poster has not been petitioned to take it down. I'm not on the list, but for those who are . . .
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment