This did not include a batch of hard drives with 13TB of SQL databases, though, because someone had already purchased them for CAD15,000, and received remote access to the data. Jeff offered to sell Doering the desktops and server hardware, including the data on it for CAD 35,000. Including their backup files which had been kept in a segregated air-gapped machine that regardless of skill level no external attacker would have plundered," Doering writes. "Data breaches by external actors are common in today's digital world but what makes this set of data so damaging is that it contains every record NCIX ever held. One backup image belonging to NCIX former owner Steve Wu, had data going back 13 years, with financial documents, employment letters containing social insurance numbers, and personal data from Wu's personal computer.Īn inventory of the data trove Doering analyzed includes credentials, invoices, ID photos, bills, usernames and passwords in clear text and in unsalted MD5 hashes, email addresses, financial documents, social insurance numbers, phone numbers, and full payment card data in clear text. All included 109 storage units with unwiped data. Jeff told Doering that he was in possession of about 300 desktop computers from NCIX corporate offices and retail stores, as well as 18 DELL PowerEdge servers, two SuperMicro servers with StarWind iSCSI software for back purposes. In his examination of the storage drives as a potential buyer, Doering saw customer service inquiries containing full payment card details in plain text belonging to 258,000 users in the United States and Canada.Īdditional entries in the database included 385,000 names, serial numbers with dates of purchase, addresses, company names, email addresses, phone numbers, IP addresses, and unsalted MD5 hashed passwords, which are easy to crack with today's computer equipment. In an updated version he found corresponding email addresses. One he's analyzed includes 3,848,000 order details between 20, with names, company names, items purchased and their serial numbers, addresses, phone numbers, and payment data. Server equipment and 109 unwiped disk drivesĪt least one data collection covers 15 years of orders in multiple database backup versions, Doering says. In a reply on Reddit, Doering clearly says that the person he met most likely used an alias and he was definitely not Jeff Chiang. Many people erroneously believe that the Jeff selling the NCIX databases is the company's CEO Jeff Chiang. Jeff told Doering that he was a former systems administrator for a Richmond-based telecommunications company and was helping the NCIX former landlord recover some of the money. The retailer's merchandise was auctioned earlier this year, but corporate computers were abandoned by NCIX in a warehouse in Richmond, British Columbia, when they couldn't pay CAD150,000 in rent. Security consultant Travis Doering of Privacy Fly decided to act on a selling offer on Craigslist that promised two NCIX database servers for CAD 1,500, but he later found that the seller, identified as Jeff, actually had "NCIX’s entire server farm from the east coast." NCIX abandoned company computers in a warehouse It competed with Amazon and Newegg but its focus on walk-in outlets rather than online sales brought the company down. Up until December 1, 2017, when it filed for bankruptcy, NCIX was a privately-held company in Canada in the business of selling computer hardware and software. Servers and storage disks filled with millions of unencrypted confidential records of employees, customers and business partners of computer retailer NCIX turned up for sale via a Craigslist advertisement.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |