Weekly Update 399
2024-5-12 13:22:22 Author: www.troyhunt.com(查看原文) 阅读量:6 收藏

The Post Millennial breach in this week's video is an interesting one, most notably because of the presence of the mailing lists. Now, as I've said in every piece of communication I've put out on this incident, the lists are what whoever defaced the site said TPM had and they certainly posted that data in the defacement message, but we're yet to hear a statement from the company itself. Taking it at face value, where does their responsibility lie as it relates to individuals in this data set? I mean, let's say you signed a petition aligned to your political ideals many years ago and agreed to the terms and conditions (which you didn't read, because you're a normal human) then your data pops up somewhere like TPM. Is it their responsibility to let you know? Or the service that sold your data to them? Or... something else? It's messy, real messy, and the only thing I'm confident in saying is that the most likely thing to happen is the same as every other time we see this pattern: nothing.

Listen on Apple Podcasts

Get it on Google Play

Download via RSS

References

  1. Sponsored by: Kolide believes that maintaining endpoint security shouldn’t mean compromising employee privacy. Check out our manifesto: Honest Security.
  2. LockBitSupp got seriously pwned by the NCA and friends (crimes include running an international ransomware syndicate and wearing AirPods in a weird way)
  3. Dell got themselves breached and data is being sold online (that link is to a story I saw after recording this video that says there was an enumerable API accessible from their partner portal)
  4. Tappware had a breach that leaked a whole bunch of national ID card pics (also, have we ever seen a national CERT post a screen cap with the PII of breach victims before? 🤔)
  5. The Post Millennial got very breached (site defacement, editor PII, subscriber PII and a large trove of mailing list data)
Weekly update

文章来源: https://www.troyhunt.com/weekly-update-399/
如有侵权请联系:admin#unsafe.sh