Who left a database of emails, credit cards, plain-text passwords, and more open to the web this week? Tech Data, come on down! • The Register Forums

Thursday 6th June 2019 21:41 GMT Bronek Kozicki

Should I hold my breath ...

... until they report themselves to ICO?

7 0 Reply

Thursday 6th June 2019 22:06 GMT elDog

I'm absolutely sure that the tech giants have massive indemnity clauses

written into their contract with Tech Data. Clauses that will protect the giants but not the consumers (products).

In any case, misery loves company; so all of us should feel well loved.

4 0 Reply

Friday 7th June 2019 07:06 GMT Pascal Monett

"The [..] company did not mention the incident in its most recent SEC filings"

Ooh, that's a big no-no. You can apparently lie to Congress with impunity, but not mentioning a serious incident to SEC ? That's gonna hurt.

8 0 Reply

Friday 7th June 2019 21:00 GMT J. Cook

Re: "The [..] company did not mention the incident in its most recent SEC filings"

The PCI security standards council Might be interested as well, you lose your compliance certification and none of the payment processors will touch you with a ten foot pole...

1 0 Reply

Friday 7th June 2019 07:42 GMT DrM

Never ends

http://bluephotons.com/

0 1 Reply

Friday 7th June 2019 08:01 GMT Anonymous Coward

Re: Never ends

¿Qué?

2 0 Reply

Friday 7th June 2019 08:44 GMT Valeyard

wheres the quote?

I need to be reassured that my security and privacy is of upmost importance

20 0 Reply

Friday 7th June 2019 15:33 GMT Bibbit

Re: wheres the quote?

Do not worry. They take their customers' security very seriously.

2 0 Reply
1. Friday 7th June 2019 19:38 GMT Brian Miller
  
  Re: wheres the quote?
  
  They take their customers' security very seriously.
  
  Tequila!
  
  If security were a drinking game, all participants would end up with 0.9 blood alcohol content.
  
  1 0 Reply
  1. Saturday 8th June 2019 06:08 GMT stiine
    
    Re: wheres the quote?
    
    Oh, come on, we can all drink more than that.
    
    0 0 Reply

Friday 7th June 2019 08:46 GMT BebopWeBop

No matter how good your security and privacy controls are, they are typically no better than those of your (lowest cost) subcontractor

6 0 Reply

Friday 7th June 2019 13:03 GMT Anonymous Coward

"your (lowest cost) subcontractor"

Stop pretending the expensive commissions you pay to third party sales people, management or shareholders will somehow result in better quality while they continue to use the cheapest resources available.

Your suppliers will meet their contractual obligations. Experienced suppliers already have the get out of jail clauses included in the contracts. If your contracts don't clearly specify responsibility and how risk/damages will be assigned in the event of data loss, your company probably carries a significant proportion of the third parties risk.

0 0 Reply
1. Sunday 9th June 2019 17:46 GMT Doctor Syntax
  
  "Experienced suppliers already have the get out of jail clauses included in the contracts."
  
  They may mitigate civil damages by passing them on to the customer but they can't override statutory requirements which will include criminal liability. In more enlightened jurisdictions consumer rights are also likely covered by statute, B2B less so.
  
  0 0 Reply

Friday 7th June 2019 09:23 GMT MachDiamond

Gift cards

I think I'll just keep using gift cards when I need plastic money. Limiting in some ways, but losing one won't affect my credit or leave me liable for thousands in purchases I didn't make.

2 0 Reply

Friday 7th June 2019 10:51 GMT TonyJ

Re: Gift cards

Pre-paid credit card topped up when needed.

Kids' gaming consoles etc - buy a top up card in the supermarket.

Pain in the backside sometimes and doesn't mitigate the whole username, passwords, emails, inside leg measurements issues but it is one less thing to worry about.

2 0 Reply

Friday 7th June 2019 09:26 GMT Cuddles

"Who left a database of emails, credit cards, plain-text passwords, and more open to the web this week?"

Let's be honest, the real question these days is "Who didn't?".

5 0 Reply

Friday 7th June 2019 09:51 GMT Dan 55

Huawei, but according to GCHQ's big cheese they're "shoddy".

This isn't shoddy, this is an open server.

0 0 Reply

Friday 7th June 2019 09:45 GMT unimaginative

Graylog requires users to login by default if you have your own install, and I imagine it is the same for their hosted service, so someone had to deliberately make it publicly accessible.

1 0 Reply

Friday 7th June 2019 10:49 GMT sal II

I bet it was only done "temporarily" to troubleshoot an issue etc. and never revisited again...

2 0 Reply
Friday 7th June 2019 12:53 GMT Bendolfc

Graylog does yes, but I would imagine that it wasn't Graylog that was open but the elasticsearch cluster that it was running off.

2 0 Reply
Friday 7th June 2019 13:05 GMT Anonymous Coward

And who exposes credit cards and plain-text passwords over the Internet?

Someone (or more than one) who doesn't know what they were doing in an environment that doesn't have the necessary controls. This isn't just one thing wrong....everything appears to be wrong/bad practice.

3 0 Reply
1. Saturday 8th June 2019 06:11 GMT stiine
  
  The alternatives are 1) they were hacked and since they aren't using a P2PE vendor, their card information was written to a database or 2) they have been writing card information to a database since before PCI and haven't been found out until now.
  
  0 0 Reply
  1. Sunday 9th June 2019 17:48 GMT Doctor Syntax
    
    3) Marketing didn't like IT's attitude and rolled their own with a cloud vendor and a company credit card.
    
    0 0 Reply

Friday 7th June 2019 11:00 GMT adam payne

Tech Data did not respond to a request for comment from The Register.

What no stock statement to say that you take privacy and security seriously.

Coloured be shocked.

3 1 Reply

Friday 7th June 2019 11:46 GMT Roj Blake

Just US, or Everywhere?

The article doesn't make it clear whether this is something that just affects TD's US operation, or whether it extends to other countries as well.

1 0 Reply

Friday 7th June 2019 12:31 GMT clintos

Too much information stored to protect

I work for a large corporate company. They got hit by ransomeware a while ago. Too big for their boots and too many idiots working in IT, probably the same impact from this scenario. When I done server and network admin inhouse. I nailed everything to the floor, you got nothing, unless you give me a great reason for wanting access to it. Written in stone is good and signed by every pen pusher onsite.

2 1 Reply

Friday 7th June 2019 13:07 GMT tentimes

Buy it on the dark web for $5 a login/CC

What people don't understand is that this type of stuff is permanently up for sale on the darknet for anyone that wants it. Netflix accounts, database dumps etc etc. The fact this is known about is the unusual bit. This is only the tip of a very big iceburg that most people just don't know about. I don't have any interest in buying this stuff, I just noticed it all up for sale when I was investigating (cough) the darknet.

4 0 Reply

Friday 7th June 2019 15:22 GMT waldo kitty

almost gotta wonder if they've done or are doing any forensics to find out if anyone outside has accessed the system(s) and if they've pulled data off... another question is how long was the system(s) open in this manner... when and why...

2 1 Reply

Sunday 9th June 2019 17:50 GMT Doctor Syntax

That might be information they really don't want to know.

1 0 Reply

Friday 7th June 2019 17:11 GMT hatti

Snafu

Get ready for the "only a handful of customers appear to have been compromised" corporate statement

3 0 Reply

Topics

Special Features

Vendor Voice

Resources

COMMENTS

Should I hold my breath ...

I'm absolutely sure that the tech giants have massive indemnity clauses

"The [..] company did not mention the incident in its most recent SEC filings"

Re: "The [..] company did not mention the incident in its most recent SEC filings"

Never ends

Re: Never ends

wheres the quote?

Re: wheres the quote?

Re: wheres the quote?

Re: wheres the quote?

Gift cards

Re: Gift cards

Just US, or Everywhere?

Too much information stored to protect

Buy it on the dark web for $5 a login/CC

Snafu

POST COMMENT House rules

Enter your comment

Add an icon

Other stories you might like

A year on, Valkey charts path to v9 after break from Redis

NASA jettisons Neo4j database for Memgraph citing costs

Eeek! p0wned Alabama hit by unspecified 'cybersecurity event'

Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a SNAFU

Marks & Spencer admits cybercrooks made off with customer info

Redis 'returns' to open source with AGPL license

Disney Slack attack wasn't Russian protesters, just a Cali dude with malware

Healthcare group Ascension discloses second cyberattack on patients' data

Vector search is the new black for enterprise databases

Back online after 'catastrophic' attack, 4chan says it's too broke for good IT

From 112K to 4M folks' data – HR biz attack goes from bad to mega bad

Blue Shield says it shared health info on up to 4.7M patients with Google Ads

About Us

Our Websites

Your Privacy