If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Reuters)   You know that credit reporting agency that Target offered free service for its customers after it got hacked? It got hacked too. FARK: Over 200 million Social Security numbers may have been stolen   (reuters.com) divider line 51
    More: Fail, credit reporting, Experian, U.S., consumer credits, U.S. states, payment card, U.S. Secret Service, Illinois Attorney General Lisa Madigan  
•       •       •

2083 clicks; posted to Business » on 06 Apr 2014 at 9:25 AM (16 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



51 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2014-04-06 09:32:12 AM
"We should hire Indians to code for us. It's just as good at 1/10th the price. Our stocks will soar on this news!"
 
2014-04-06 09:33:12 AM
I'd be a little less cynical about the credit report companies if they had some kind of financial disincentive for when they make "mistakes".
 
2014-04-06 09:36:36 AM
200mm SSNs... that'd be most of them, no?

Can we admit they're a known identifier and stop treating them like a password yet?
 
2014-04-06 09:38:05 AM
It sounds like there was no "hacking" in this case, just a criminal who found a way to appear to be a legitimate customer.
 
2014-04-06 09:44:17 AM

Lawnchair: 200mm SSNs... that'd be most of them, no?

Can we admit they're a known identifier and stop treating them like a password yet?


THIS.

It's an antiquated system that has been abused by just about any company or landlord you do business with asking for it.

There needs to be a better, more secure way for credit card companies and landlords and even mortgage lenders to check the credit of a potential customer.

I'm not sure what that is, but we need it.

How are things like this handled in the EU?
 
2014-04-06 09:50:19 AM
There are worse things than this.  I can't think of any, but I'm sure we can come up with something.
 
2014-04-06 09:55:40 AM

itcamefromschenectady: It sounds like there was no "hacking" in this case, just a criminal who found a way to appear to be a legitimate customer.


If there is a net difference between the two, please explain it to the class and provide your work.
blog.angelatung.com
 
2014-04-06 09:56:05 AM
1- FTFA there was no reported compromise of the main Experian databases.

2- The access was stopped in December of 2012. A year before the breach at Target.

So it has fark all to do with the Target breach or the credit monitoring offered by Target. It's still a shiat sandwich, but it's not Target's to eat this time.
 
2014-04-06 09:56:40 AM

gfid: Lawnchair: 200mm SSNs... that'd be most of them, no?

Can we admit they're a known identifier and stop treating them like a password yet?

THIS.

It's an antiquated system that has been abused by just about any company or landlord you do business with asking for it.

There needs to be a better, more secure way for credit card companies and landlords and even mortgage lenders to check the credit of a potential customer.

I'm not sure what that is, but we need it.

How are things like this handled in the EU?

Not just SSNs. Credit cards themselves as well. The idea that a sixteen-digit number and a date (Month/Year only, natch) and optionally another three-digit number (slight differences in digit counts apply for AmEx) is somehow "secure" needs to go away. That may have worked okay when credit cards were invented early in the latter ½ of the previous century, when the only computers were huge room-filling installations in banks and large companies and large universities and government agencies. Now? Not so much.
 
2014-04-06 09:59:05 AM

itcamefromschenectady: It sounds like there was no "hacking" in this case, just a criminal who found a way to appear to be a legitimate customer.


Social Engineering is the most common and accepted form of "hack."
 
2014-04-06 10:04:44 AM

ajgeek: itcamefromschenectady: It sounds like there was no "hacking" in this case, just a criminal who found a way to appear to be a legitimate customer.

Social Engineering is the most common and accepted form of "hack."


What white-collar crime isn't a hack then?
 
2014-04-06 10:17:16 AM
Has nothing to do with target, but I guess you feel good shouting about your irrational hatreds online?
 
2014-04-06 10:23:30 AM

itcamefromschenectady: ajgeek: itcamefromschenectady: It sounds like there was no "hacking" in this case, just a criminal who found a way to appear to be a legitimate customer.

Social Engineering is the most common and accepted form of "hack."

What white-collar crime isn't a hack then?


"Hacking" is gaining unauthorized access to a computer system or body of information stored electronically.  If you're an employee at a company that has granted access to secure systems as part of your job, and you abuse that access, then that's not a "hack".  If you're a third party that has made his/her way into secure systems that you should not have access to in the first place, then that's a "hack".

The word "hack" has been misused plenty in recent years, though.  Jailbreaking a phone or physically modifying a pair of headphones is not "hacking".
 
2014-04-06 10:38:13 AM

valkore: "Hacking" is gaining unauthorized access to a computer system or body of information stored electronically.  If you're an employee at a company that has granted access to secure systems as part of your job, and you abuse that access, then that's not a "hack".  If you're a third party that has made his/her way into secure systems that you should not have access to in the first place, then that's a "hack".

The word "hack" has been misused plenty in recent years, though.  Jailbreaking a phone or physically modifying a pair of headphones is not "hacking".


Languages change and evolve. News at 11.

/ you seem a bit hacked off
 
hej
2014-04-06 10:39:34 AM
Doesn't Fark have an IRONIC tag? Cause it's not often yuppy have a legitimate use for it.
 
2014-04-06 10:44:34 AM
gfid:

There needs to be a better, more secure way for credit card companies and landlords and even mortgage lenders to check the credit of a potential customer.

I'm not sure what that is, but we need it.

How are things like this handled in the EU?


That side of things isn't tremendously better anywhere in the world.  Encryption-based (chip) cards are a least an improvement in the particular case of in-person transactions.

Technologically, I or anyone else who cares could propose a system of public-key encryption/signatures with PINs and/or biometrics that would be a tremendous improvement against most hackers (aside from NSA people).

Good luck with that, though.  My employer has implemented a PKI system internally, and when 99% of users "sign their e-mail", they attach a GIF of their signature to their e-mail.
 
2014-04-06 10:49:05 AM

valkore: itcamefromschenectady: ajgeek: itcamefromschenectady: It sounds like there was no "hacking" in this case, just a criminal who found a way to appear to be a legitimate customer.

Social Engineering is the most common and accepted form of "hack."

What white-collar crime isn't a hack then?

"Hacking" is gaining unauthorized access to a computer system or body of information stored electronically.  If you're an employee at a company that has granted access to secure systems as part of your job, and you abuse that access, then that's not a "hack".  If you're a third party that has made his/her way into secure systems that you should not have access to in the first place, then that's a "hack".

The word "hack" has been misused plenty in recent years, though.  Jailbreaking a phone or physically modifying a pair of headphones is not "hacking".


The access in this case was authorized. The guy was paying Experian through normal channels. He abused that access by selling the data through a site for identity thieves.
 
2014-04-06 10:51:19 AM

itcamefromschenectady: ajgeek: itcamefromschenectady: It sounds like there was no "hacking" in this case, just a criminal who found a way to appear to be a legitimate customer.

Social Engineering is the most common and accepted form of "hack."

What white-collar crime isn't a hack then?


Extortion....embezzlement....tax-evasion....

/could go on
 
2014-04-06 10:54:27 AM

Man On A Mission: valkore: "Hacking" is gaining unauthorized access to a computer system or body of information stored electronically.  If you're an employee at a company that has granted access to secure systems as part of your job, and you abuse that access, then that's not a "hack".  If you're a third party that has made his/her way into secure systems that you should not have access to in the first place, then that's a "hack".

The word "hack" has been misused plenty in recent years, though.  Jailbreaking a phone or physically modifying a pair of headphones is not "hacking".

Languages change and evolve. News at 11.

/ you seem a bit hacked off


And he doesn't seem to realize the original definition of hacking didn't require any nefarious intent.  He sounds young.
 
2014-04-06 10:56:53 AM
Why such a "service" should exist in the first place escapes my comprehension.
 
2014-04-06 11:09:15 AM

ajgeek: itcamefromschenectady: It sounds like there was no "hacking" in this case, just a criminal who found a way to appear to be a legitimate customer.

Social Engineering is the most common and accepted form of "hack."


And the most effective - phishing has been argued to be as effective but not on point targets.
 
2014-04-06 11:14:24 AM

gfid: Man On A Mission: valkore: "Hacking" is gaining unauthorized access to a computer system or body of information stored electronically.  If you're an employee at a company that has granted access to secure systems as part of your job, and you abuse that access, then that's not a "hack".  If you're a third party that has made his/her way into secure systems that you should not have access to in the first place, then that's a "hack".

The word "hack" has been misused plenty in recent years, though.  Jailbreaking a phone or physically modifying a pair of headphones is not "hacking".

Languages change and evolve. News at 11.

/ you seem a bit hacked off

And he doesn't seem to realize the original definition of hacking didn't require any nefarious intent.  He sounds young.


Wasn't the original term meant to describe a charlatan or an amateur? "He's a hack of a doctor"
 
2014-04-06 11:18:55 AM

valkore: itcamefromschenectady: ajgeek: itcamefromschenectady: It sounds like there was no "hacking" in this case, just a criminal who found a way to appear to be a legitimate customer.

Social Engineering is the most common and accepted form of "hack."

What white-collar crime isn't a hack then?

"Hacking" is gaining unauthorized access to a computer system or body of information stored electronically.  If you're an employee at a company that has granted access to secure systems as part of your job, and you abuse that access, then that's not a "hack".  If you're a third party that has made his/her way into secure systems that you should not have access to in the first place, then that's a "hack".

The word "hack" has been misused plenty in recent years, though.  Jailbreaking a phone or physically modifying a pair of headphones is not "hacking".


Also, taking your friend's phone and posting a goofy status under their FB account isn't hacking, either.
 
2014-04-06 11:20:51 AM

gfid: Man On A Mission: valkore: "Hacking" is gaining unauthorized access to a computer system or body of information stored electronically.  If you're an employee at a company that has granted access to secure systems as part of your job, and you abuse that access, then that's not a "hack".  If you're a third party that has made his/her way into secure systems that you should not have access to in the first place, then that's a "hack".

The word "hack" has been misused plenty in recent years, though.  Jailbreaking a phone or physically modifying a pair of headphones is not "hacking".

Languages change and evolve. News at 11.

/ you seem a bit hacked off

And he doesn't seem to realize the original definition of hacking didn't require any nefarious intent.  He sounds young.


Where in my definition did I say it required nefarious intent?  Been online since the BBS days, BTW.
 
2014-04-06 11:23:57 AM

itcamefromschenectady: valkore: itcamefromschenectady: ajgeek: itcamefromschenectady: It sounds like there was no "hacking" in this case, just a criminal who found a way to appear to be a legitimate customer.

Social Engineering is the most common and accepted form of "hack."

What white-collar crime isn't a hack then?

"Hacking" is gaining unauthorized access to a computer system or body of information stored electronically.  If you're an employee at a company that has granted access to secure systems as part of your job, and you abuse that access, then that's not a "hack".  If you're a third party that has made his/her way into secure systems that you should not have access to in the first place, then that's a "hack".

The word "hack" has been misused plenty in recent years, though.  Jailbreaking a phone or physically modifying a pair of headphones is not "hacking".

The access in this case was authorized. The guy was paying Experian through normal channels. He abused that access by selling the data through a site for identity thieves.


Okay, so this particular case wasn't hacking.  I was responding to the question "What white-collar crime isn't a hack then?"
 
2014-04-06 12:17:48 PM
"Hacking" (I maintain) is the art of finding novel or unexpected uses for a system.

This would include but is not limited to malicious applications. I would also say it now includes but is not limited to computer systems.

/My proposed modern definition, anyway.
 
2014-04-06 12:19:17 PM
searchengineland.com

What hacking might look like.
 
2014-04-06 01:23:06 PM

gfid: There needs to be a better, more secure way for credit card companies and landlords and even mortgage lenders to check the credit of a potential customer.

I'm not sure what that is, but we need it.

How are things like this handled in the EU?


First Name, Last Name, Address, Done

That's all that is needed for a bank or other company to run a credit check on you. And if you want credit, then you have to prove who you are with your passport which every citizen is required to own.
 
2014-04-06 01:33:18 PM
So taking someones phone and sending the nude pics of themselves to everyone one thier contact list is hacking too?
 
2014-04-06 01:43:50 PM
This is an interesting discussion, but I am just going to go back to allowing journalists and politicians to decide the definitions of my words, since they are pillars of sobriety, sanity, and wisdom.

/my commas are oxford but my dictionary is totes buzzfeed
 
2014-04-06 01:50:54 PM
U.S. Info Search Chief Executive Officer Marc Martin told Reuters he cannot identify the victims of the breach because he is unable to ascertain which queries that came from Court Ventures were from Ngo's account and which were from other clients.

BULLSHIAT
 
2014-04-06 02:07:01 PM
Yes, keep your data safe by giving your critical financial information to ANOTHER organization, BRILLIANT!

Instead, freeze your credit, stop giving out your SSN except when absolutely necessary.
 
2014-04-06 02:20:32 PM

COMALite J: Not just SSNs. Credit cards themselves as well. The idea that a sixteen-digit number and a date (Month/Year only, natch) and optionally another three-digit number (slight differences in digit counts apply for AmEx) is somehow "secure" needs to go away. That may have worked okay when credit cards were invented early in the latter ½ of the previous century, when the only computers were huge room-filling installations in banks and large companies and large universities and government agencies. Now? Not so much.


It's barely a sixteen-digit number as well.  The first 6 digits identify the issuer.  So if you know a bit about the card, you can figure out what those are.  The next 10 digits are the account number and a check digit, the first two of which are often zeroes, and the last 4 of which are often printed on receipts and such.

So if someone is digging through your trash, it's really more like a 4 digit number which they'd have some information about due to the check digit.
 
2014-04-06 02:37:07 PM
It's a good thing my credit rating is two points lower than "Dogsh*t". I feel sorry for the poor dumb bastard that tries to assume my identity.
 
2014-04-06 02:42:11 PM
One time when talking with my cable company's customer service, the ghetto hag at the other end insisted on my ENTIRE Social Security number. Not the last 4 digits which should be sufficient to identify my account. She demanded ALL of it and got more and more belligerent when I refused to give away the whole number.  Reported her ass to the upper management. She was either too damn dumb to do her job right or she was obviously fishing for SSN numbers to sell when not at work. Either way, the biznatch needed to get fired and I hope that's what happened once she was on Cox Security's radar.
 
2014-04-06 03:17:56 PM
Case in Point: Target, nor any other retailer, has no business needing your SS number.   nor would i ever give it to any retailer.


sounds about as dumb as needing good credit to get a job at mcdonalds.  what business is it for mcdonalds to know your financial dealings/status with your credit union/bank??   mcdonalds doesn't disclose their financial dealings with workers or their banks.

'murica is dumb as dirt.

duh!
 
2014-04-06 04:37:12 PM

bingo the psych-o: What hacking might look like.


"MOVE THE CAT OFF THE BED!!!"

/hack hack hooooork
//"DAMNIT!"
 
2014-04-06 05:22:30 PM

Linux_Yes: sounds about as dumb as needing good credit to get a job at mcdonalds.  what business is it for mcdonalds to know your financial dealings/status with your credit union/bank??   mcdonalds doesn't disclose their financial dealings with workers or their banks.


If you have bad credit - you are a greater fraud risk and shouldn't be handling money (and yes I know there are many instances were bad credit isn't the individuals fault but I am just stating in general).

/and Target offers its customers credit and needs SS to perform credit checks
//pay in cash if you really care
 
2014-04-06 05:26:24 PM
We need a more secure way of paying for things over the Internet.
 
2014-04-06 06:49:17 PM

gfid: Lawnchair: 200mm SSNs... that'd be most of them, no?

Can we admit they're a known identifier and stop treating them like a password yet?

THIS.

It's an antiquated system that has been abused by just about any company or landlord you do business with asking for it.

There needs to be a better, more secure way for credit card companies and landlords and even mortgage lenders to check the credit of a potential customer.

I'm not sure what that is, but we need it.

How are things like this handled in the EU?


I would ask why we even need a personal identity that is used and abused by companies that seem to either seem to hate me or don't care that a number represents a person.

Disgusting and dehumanizing. An easy way for people with too much money to cheaply and easily grab more with pay-for-play.
 
2014-04-06 08:04:52 PM

wambu: We need a more secure way of paying for things over the Internet.


Lots of companies  hadvirtual credit card numbers... generate a new number/expiration/ccv online for one-time use.  A lot of credit cards had that, oh say ten years ago, and virtually none do now.  I'm not sure I've ever gotten a good reason why they went away.

More advanced?  How about, you go to a merchant site and enter your card number.  They pass it up to Visa/your bank.  Within seconds you get a text message with a five-digit auth code. Which you type into the merchant site to complete the transaction.  Very weak two-factor.  There are far better solutions (especially if people can be trusted to have good passwords on their credit card website login... which they can't).   But that would at least be a start.
 
2014-04-07 09:23:25 AM

gfid: Lawnchair: 200mm SSNs... that'd be most of them, no?

Can we admit they're a known identifier and stop treating them like a password yet?

THIS.

It's an antiquated system that has been abused by just about any company or landlord you do business with asking for it.

There needs to be a better, more secure way for credit card companies and landlords and even mortgage lenders to check the credit of a potential customer.

I'm not sure what that is, but we need it.

How are things like this handled in the EU?


What we need to do is for a single group to get them all. All the SSNS.

Then make a website in a safe offshore locale, and publish all of it. Names, SSNS, age, ect...

Make it very public and that way, break the system so completely that the credit agencies will have to figure out a better way.
 
2014-04-07 01:38:25 PM

TV's Vinnie: One time when talking with my cable company's customer service, the ghetto hag at the other end insisted on my ENTIRE Social Security number. Not the last 4 digits which should be sufficient to identify my account. She demanded ALL of it and got more and more belligerent when I refused to give away the whole number.  Reported her ass to the upper management. She was either too damn dumb to do her job right or she was obviously fishing for SSN numbers to sell when not at work. Either way, the biznatch needed to get fired and I hope that's what happened once she was on Cox Security's radar.


When I ditched cable in favor of DSL (fast enough for me and much cheaper) I simply told them I didn't have a SSN.  They were completely fine with that as long as I paid for the first month up front.

Towards the end of my cable service, I also convinced them to delete my SSN, which was interesting when I cancelled and asked for the last 4 digits.  They had been changed in Comcrap's system to 0000.
 
2014-04-07 04:24:19 PM

Linux_Yes: Case in Point: Target, nor any other retailer, has no business needing your SS number.   nor would i ever give it to any retailer.


Unless, you're, you know, applying for the Target Credit Card. I feel like your credit may be somehow relevant before being issued a CREDIT CARD.

Like the Macy's Credit Card.
Or the Kohl's Credit Card.
Or the Lowes Credit Card.
...the list goes on.

/why are people so stupid these days...
 
2014-04-07 04:25:10 PM

wambu: We need a more secure way of paying for things over the Internet.


Bitcoins.
 
2014-04-07 04:27:10 PM

Lawnchair: wambu: We need a more secure way of paying for things over the Internet.

Lots of companies  hadvirtual credit card numbers... generate a new number/expiration/ccv online for one-time use.  A lot of credit cards had that, oh say ten years ago, and virtually none do now.  I'm not sure I've ever gotten a good reason why they went away.

More advanced?   How about, you go to a merchant site and enter your card number.  They pass it up to Visa/your bank.  Within seconds you get a text message with a five-digit auth code. Which you type into the merchant site to complete the transaction.  Very weak two-factor.  There are far better solutions (especially if people can be trusted to have good passwords on their credit card website login... which they can't).   But that would at least be a start.


They advertise that on TV every day. Go pay for it at your bank/credit card company.

/but it is racist against the poors who cannot afford cell phones or something
 
2014-04-07 04:44:24 PM

Bullseyed: /but it is racist against the poors who cannot afford cell phones or something


I was approached by a fellow while I was putting gas in my car. He "looked poor" by the condition of his clothes and car. He gave me the usual hard luck story about his mom in the hospital and a sick kid at home and just needed some gas for his car because he was almost on empty and he had been down on his luck for months, etc., etc. Just then his car window gets rolled down by some drunk chick waving an I-phone at him saying "It's your farking mother again. Did you get her damn cigarettes and some more farking beer?" He and I locked eyes and he just got in his car and left.

/so poor people have cell phones
 
2014-04-07 04:50:16 PM

Bullseyed: Linux_Yes: Case in Point: Target, nor any other retailer, has no business needing your SS number.   nor would i ever give it to any retailer.

Unless, you're, you know, applying for the Target Credit Card. I feel like your credit may be somehow relevant before being issued a CREDIT CARD.

Like the Macy's Credit Card.
Or the Kohl's Credit Card.
Or the Lowes Credit Card.
...the list goes on.

/why are people so stupid these days...



that is why the Smart Money only applies for Credit Union/Bank credit cards.  that way, only one or two institutions has your SS instead of everybody under the f*cking sun.

true, why are people so stupid these days.........

i guess you also love the idea of your potential employer requiring you to have good credit before you are hirable.   well done, you just gave your owner/employer more power over you, dipsh*t.  well done, Freedom Lover.  well done, Mr. Democracy.
 
2014-04-07 04:54:38 PM

gingerjet: Linux_Yes: sounds about as dumb as needing good credit to get a job at mcdonalds.  what business is it for mcdonalds to know your financial dealings/status with your credit union/bank??   mcdonalds doesn't disclose their financial dealings with workers or their banks.

If you have bad credit - you are a greater fraud risk and shouldn't be handling money (and yes I know there are many instances were bad credit isn't the individuals fault but I am just stating in general).

/and Target offers its customers credit and needs SS to perform credit checks
//pay in cash if you really care


can't pay in cash.  then all the Banks and their credit card companies would go out of business.  their job is to put as many people in debt as possible. that is their Cash making Cow.   cash is backed the the U.S. Federal Government, so its 'socialism'.  using cash is un'murican.
 
2014-04-07 05:00:27 PM

gingerjet: Linux_Yes: sounds about as dumb as needing good credit to get a job at mcdonalds.  what business is it for mcdonalds to know your financial dealings/status with your credit union/bank??   mcdonalds doesn't disclose their financial dealings with workers or their banks.

If you have bad credit - you are a greater fraud risk and shouldn't be handling money (and yes I know there are many instances were bad credit isn't the individuals fault but I am just stating in general).

/and Target offers its customers credit and needs SS to perform credit checks
//pay in cash if you really care



god forbid McDonalds has to take any risks (after all, who ever thought of a company having to take risks) and the possibility of losing 50 dollars in the register before firing the new employee/crook.

after all, EVERYONE should be penalized and have Mcdonalds scrutinize their personal financial history with their bank so Mcdonalds doesn't have to risk any petty theft.  its only fair.  its so Democratic.

you clowns are giving your owners the keys to your store.  one day, you'll regret it.....
 
Displayed 50 of 51 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report