Article 4V455 Breach affecting 1 million was caught only after hacker maxed out target’s storage

Breach affecting 1 million was caught only after hacker maxed out target’s storage

by
Dan Goodin
from Ars Technica - All content on (#4V455)
hard-disk-800x532.jpg

Enlarge (credit: Ryan Adams / Flickr)

The US Federal Trade Commission has sued an IT provider for failing to detect 20 hacking intrusions over a 22-month period, allowing the hacker to access the data for 1 million consumers. The provider only discovered the breach when the hacker maxed out the provider's storage system.

Utah-based InfoTrax Systems was first breached in May 2014, when a hacker exploited vulnerabilities in the company's network that gave remote control over its server, FTC lawyers alleged in a complaint. According to the complaint, the hacker used that control to access the system undetected 17 times over the next 21 months. Then on March 2, 2016, the intruder accessed personal information for about 1 million consumers. The data included full names, social security numbers, physical addresses, email addresses, phone numbers, and usernames and passwords for accounts on the InfoTrax service.

The intruder accessed the site later that day and again on March 6, stealing 4,100 usernames, passwords stored in clear-text, and hundreds of names, addresses, social security numbers, and data for payment cards.

Read 5 remaining paragraphs | Comments

index?i=bRFYf9dLyPU:g1tY_LsArCg:V_sGLiPB index?i=bRFYf9dLyPU:g1tY_LsArCg:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments