Yes, we are on track for the billion-person data leak.
Everything is proceeding as planned.
The American Securities and Exchange Commission is said to be investigating a US insurance company that allegedly left 885 million personal records accessible "without authentication to anyone with a web browser". As revealed by infosec journalist Brian Krebs in May this year, First American Financial Corporation was said to …
885,000,000 is rather a large number -- 16% of the population of the planet ... give or take a bit. I suspect that what was intended was either 885,000 persons or, probably more likely, 885,000,000 sequentially numbered transaction records including data on an unknown number of entities.
First American's document identification numbers were sequential
Please tell me someone got the bullet for this?!?!
First American issued a statement claiming that it had identified just 32 customers whose "non-public personal information" was "likely accessed without authorisation", and offered them free credit-monitoring services.
That is still 32 more than there needed to be.
So you make everything better you offered the 32 people credit monitoring for a year, go you.
And the Second American, and the Third......
At a certain company I worked for, I gave every customer its own sequence generator. The feature was for those special people on the front-end team who appeared to be committing espionage, or at least had an abnormally high number of OWASP Top-10 bugs despite training. It was no longer possible to access anything without reading the user ID from the secure identification token. (They found other ways to make security "mistakes" and were shown the door)
Seem to generate URLs with dozens and in a few cases I've seen HUNDREDS of characters of gibberish, and an insurance company with personal information to protect use sequential numbers in theirs?
Outsource to the lowest cost provider, who hired the lowest cost offshore team, who were probably freshly out of "college" but faked their degrees to get the entry level IT job and this is what you get, I suppose.
Biting the hand that feeds IT © 1998–2020