Experian, T-Mobile US settle data spills for mere $16m Experian and T-Mobile US have reached separate settlements with 40 states in America following a pair of data security breaches in 2012 and 2015. The settlement will net authorities $16 million, along with assurances it won't happen again. Experian will be bearing the largest brunt of the fine, with $14 million coming from the …
I've received maybe 200 SMS spams for fake stores hosted by a gang with a consistent hosting combination of Namecheap, Salesforce, Amazon, Cloudflare, High Speed Web, and Google. Some of those systems have trivial APIs that can be browsed to examine the database. My information source was listed as T-Mobile.
I'd like to give a special F-U to T-Mo for leaking my data and the lawyers for making sure there's no meaningful compensation. That's on top of the ongoing F-U to Namecheap, Salesforce, Amazon, Cloudflare, High Speed Web, and Google for playing dumb (or being authentically dumb) when they receive an abuse complaint.
Bollocks. There's so much that doesn't ring true here that I simply can't enumerate it.
If you had the evidence you describe it'd be a slam dunk in court or for any regulator. I very much doubt any hacker expecting a profit would have a "database" on the host system to gain access to with your expert knowledge, it'll be a simple list to blast through.
I could carry on more or less forever but the bell for last orders has just gone.
Plenty of scammers have large, long-running infrastructures. This specific scammer had REST services at https://safety-links.com/ that was used to pre-populate web forms and downstream trackers. You could query it with parameter 'phone' from 0000000000 to 9999999999 and get back JSON describing all customers' names, addresses, gender, age, various PI, successful scams, and the origin of the data. It was quite fun to explore. The scammer eventually caught on and switched to using identifier codes rather than plain text.
The scammer is rotating domain names but still alive and well on the same infrastructure. Have your browser impersonate an iPhone and load http://meszd.com/86qhp5Ys while recording requests.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
