• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • About Us
  • Contact Us
  • Block Examples
  • Landing Page

iHash

News and How to's

  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

Company Detected Years-Long Breach Only After Hacker Maxed Out Servers’ Storage

Nov 14, 2019 by iHash Leave a Comment

Years-Long Breach Detected

What could be even worse than getting hacked?

It’s the “failure to detect intrusions” that always results in huge losses to the organizations.

Utah-based technology company InfoTrax Systems is the latest example of such a security blunder, as the company was breached more than 20 times from May 2014 until March 2016.

What’s ironic is that the company detected the breach only after it received an alert that its servers had reached maximum storage capacity due to a data archive file that the hacker created.

InfoTrax Systems is an American company based in Utah that provides backend operations systems to multi-level marketers, which also includes an extensive amount of sensitive data on their users’ compensation, inventory, orders, and accounting.

The breach reportedly occurred in May 2014 when the hacker exploited vulnerabilities in InfoTrax’s server and its client’s website to gain remote control over its server, allowing him to gain access to sensitive personal information for 1 million consumers.

At the time, the United States Federal Trade Commission (FTC) sued the company for failing to safeguard the personal information the company maintained on behalf of its clients.

According to the FTC complaint, the hacker remotely accessed the system 17 times over the next 21 months without being detected and then began pulling the personal information of consumers on March 2, 2016.

The stolen information included customers’ full names, social security numbers, physical addresses, email addresses, telephone numbers, usernames, and passwords for 4100 distributor and admin accounts on the InfoTrax service.

hacking

What’s even worse? The leaked data also included some customers’ payment card information (full or partial credit card and debit card numbers, CVVs, and expiration dates), as well as bank account information, including account and routing numbers.

The company discovered the breach on March 7, 2016, when it began receiving alerts that one of its servers had reached its maximum capacity, which was due to a massive data archive file that the hacker created on its customers.

Surprisingly, the intruder managed to breach the company at least two more times even after InfoTrax Systems became aware of the intrusion.

Web Application Firewall

On March 14, 2016, the hacker harvested over 2300 unique, full payment card numbers—including names, physical addresses, CVVs, and expiration dates—and other billing data newly submitted by distributors during the checkout process.

Then again, on March 29, 2016, the hacker used the user ID and password of a valid InfoTrax distributor account to upload more malicious code to collect newly submitted payment card data from that client’s website again.

According to the FTC, InfoTrax Systems failed to “inventory and delete personal information is no longer needed, conduct code review of its software and testing of its network, detect malicious file uploads, adequately segment its network, and implement cybersecurity safeguards to detect unusual activity on its network.”

On Tuesday, the FTC published a press release, announcing a proposed settlement, which requires InfoTrax Systems to implement a comprehensive data security program that corrects the failures identified in the complaint.

Besides this, the proposed settlement also requires InfoTrax Systems to obtain third-party assessments of its information security program every two years.

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: Breach, company, computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Detected, hacker, hacker news, hacking news, how to hack, information security, Maxed, network security, ransomware malware, Servers, software vulnerability, storage, the hacker news, YearsLong

Special Offers

  • Luminox Black OPS Carbon Quartz Men's Watch XL.8802.F (Store-Display Model) for $199

    Luminox Black OPS Carbon Quartz Men's Watch XL.8802.F (Store-Display Model) for $199
  • Swarovski Vintage Swan Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $52

    Swarovski Vintage Swan Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $52
  • Accordina Ambient LED Collapsible Wireless Phone Charger for $29

    Accordina Ambient LED Collapsible Wireless Phone Charger for $29
  • Swarovski "Bee A Queen" Rhodium-Plated Crystal Necklace & Earring Set (Store-Display Model) for $84

    Swarovski "Bee A Queen" Rhodium-Plated Crystal Necklace & Earring Set (Store-Display Model) for $84
  • Swarovski New Love Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $65

    Swarovski New Love Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $65

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

E-mail Newsletter

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

Swarovski Vintage Swan Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $52

Apr 15, 2021 By iHash

Accordina Ambient LED Collapsible Wireless Phone Charger for $29

Apr 14, 2021 By iHash

Tags

* Apple computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS iOS 7 iOS 8 iPad iPhone iPhone 6 Malware microsoft network security OS X Yosemite Privacy ransomware malware risk management security security breaches security vulnerabilities software vulnerability the hacker news update video web applications
Copyright iHash.eu © 2021
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.