Fedex bought a company that stored 119,000 pieces of scanned customer IDs in a public Amazon cloud server, shut the company down, left the scans online for anyone to download

Fedex acquired a company called Bongo International in 2014; Bongo specialized in helping North American companies sell overseas and after the acquisition, Fedex renamed the company FedEx Cross-Border International. Read the rest

New York Times profiles a sleazy Twitter follower-farm, the sleazy serial liar who made millions on it, and the celebs, politicians, sports figures and "influencers" who paid him

Devumi is a sleazy Twitter-bot farm founded by German Calas, a serial liar who buys wholesale Twitter bots from even scummier bottom-feeders than him, and pays a series of low-waged patsies to direct them to follow people who want to seem more popular and influential than their actual Twitter follower-count suggests. Read the rest

Wired releases a surveillance self-defense guide

Wired's new Guide to Digital Security is an excellent addition to the genre of simple-to-follow how-tos for reducing the likelihood that you'll be victimized by computer-assisted crime and harassment, and that if you are, the harms will be mitigated. Read the rest

Democratic Senators propose federal breach disclosure law with 5-year prison sentences for covering up data-loss

The Data Security and Breach Notification Act (S2179) was introduced by three Senate Commerce Committee Democrats, Bill Nelson [D-FL], Richard Blumenthal [D-CT] and Tammy Baldwin [D-WI] in the wake of the revelation that Uber hid a breach involving 50,000,000 riders and 7,000,000 drivers for over a year after paying hush-money to the criminals who stole the data. Read the rest

Once you have a student's name, birthday and SSN, the US Department of Education will give you EVERYTHING else

The US Department of Education's Free Application for Federal Student Aid program requires any student applying for federal aid for college or university to turn over an enormous amount of compromising personal information, including current and previous addresses, driver's license numbers, Green Card numbers, marital details, drug convictions, educational history, tax return details, total cash/savings/checking balances, net worth of all investments, child support received, veterans' benefits, children's details, homelessness status, parents details including SSNs, and much, much more. Read the rest

Motherboard's excellent, accessible guide to internet security

The Motherboard Guide To Not Getting Hacked is an excellent adjunct to existing guides (I like EFF's Surveillance Self-Defense and The Cryptoparty Handbook) to defending yourself against criminals, stalkers, cops, and other potential intruders into your digital life. Read the rest

A quantitative analysis of doxing: who gets doxed, and how can we detect doxing automatically?

A group of NYU and University of Illinois at Chicago computer scientists have presented a paper at the 2017 ACM Internet Measurement Conference in London presenting their findings in a large-scale study of online doxings, with statistics on who gets doxed (the largest cohort being Americann, male, gamers, and in their early 20s), why they get doxed ("revenge" and "justice") and whether software can detect doxing automatically, so that human moderators can take down doxing posts quickly. Read the rest

Woman blames 15 identity thefts on Equifax breach

Katie Van Fleet has suffered 15 identity thefts since the Equifax breach and she believes the criminals who've targeted her are using information from the breach to open credit cards in her name; she's started a class-action suit against Equifax. Read the rest

Equifax will give your salary history to anyone with your SSN and date of birth

Equifax division TALX has a product called The Work Number, where prospective employers can verify job applicants' work history and previous salaries (it's also used by mortgage lenders and others): you can create an account on this system in anyone's name, provided you have their date of birth and Social Security Number. The former is a matter of public record, the latter is often available thanks to the many breaches that have dumped millions of SSNs (the latest being Equifax's catastrophic breach of 145,000,000 Americans' data). Read the rest

Predictably, Wells Fargo loves Equifax and suggests investing heavily in the company

Wells Fargo analyst William Warmington Jr has upgraded shares in Equifax to "outperform," predicting that the company will bounce back from the 30% haircut its market cap took when it was revealed that the firm committed the worst commercial data-crime in world history and then twiddled its thumbs for a couple of months before telling anyone and then allowing its CEO to resign. Read the rest

Equifax was always dirty, it bills the US government for millions, and was repeatedly hacked

Before Equifax changed its name in 1976 -- in the midst of a Congressional investigation and a national scandal -- it was the Retail Credit Company, founded in Atlanta in 1899. Read the rest

A startup wants to buy your grievance against Equifax for 30% of your court award

Legalist is a Peter Thiel-funded startup whose business-model is to buy legal grievances in exchange for a license to sue on behalf of its users, a practice called champerty that was most notoriously used by Thiel himself when he backed the lawsuits that brought down Gawker Media in an act of petty vengeance. Read the rest

Equifax has terrible information security practices, and that resulted in multiple breaches

Equifax's world-beating breach of 143 million Americans' sensitive personal and financial information was the result of the company's failure to patch a two-month-old bug in Apache Struts, despite multiple reports of the bug being exploited in the wild. Read the rest

Josh Duggar sued by guy who claims Duggar used his photo on Ashley Madison

Conservative christian TV star Josh Duggar (previously) was ditched by television after he admitted sexually abusing kids as an adolescent. Now he's being sued by a guy whose photo he allegedly stole and used on hookup sites. [via]

Josh Duggar is headed for a jury trial in the Ashley Madison lawsuit brought against him by a D.J. and model. The latter is claiming damages, after alleging Duggar family’s eldest child used his images on the adult website.

Los Angles-based D.J. Matthew McCarthy has alleged Josh Duggar stole his image for use on Ashley Madison and OkCupid to solicit sex. Josh’s actions reportedly brought him infamy and led to loss of work, People reported, while quoting from the lawsuit McCarthy filed. The D.J. further alleged that his “religious” family was hurt and the reality star’s actions were malicious and deliberate.

It seems quite the self-own: finding a more handsome person who strongly resembles but would never actually be mistaken for oneself, stealing their photo for use on Ashley Madison, then getting caught. Read the rest

Equifax waited 5 weeks to admit it had doxed 44% of America, did nothing to help us while its execs sold stock

From mid-May to July 2017, Equifax exposed the financial and personal identifying information of 143 million Americans -- 44% of the country -- to hackers, who made off with credit-card details, Social Security Numbers, sensitive credit history data, driver's license numbers, birth dates, addresses, and then, in the five weeks between discovering the breach and disclosing it, the company allowed its top execs to sell millions of dollars' worth of stock in the company, while preparing a visibly defective and ineffective website that provides no useful information to the people whom Equifax has put in grave financial and personal danger through their recklessness. Read the rest

For sale: any Australian's full health record for a mere $22

A hacker who appears to have ongoing, continuous access to Australia's electronic health care records is selling access to any full record for 0.0089 bitcoin, or about USD22. Read the rest

The anti-Net Neutrality bots that flooded the FCC impersonated dead people

Half a million fake, identical anti-Net Neutrality comments were posted on the FCC's docket on killing Net Neutrality, using identities that appear to have been stolen from a voter registration breach. Read the rest

More posts