- #GentrifyingGeorge thinks 152-year-old HBCU should ‘just move’ 2 Years Ago
- Watch out! Tonight’s episode of ‘Game of Thrones’ leaked online (updated) Today 3:32 PM
- Videos of people working may be the best thing on TikTok right now Today 1:46 PM
- How to watch ‘Game of Thrones’ season 8, episode 2 for free Today 7:00 AM
- Gendry is making a new weapon for Arya Stark—but what is it? Today 6:30 AM
- The live-action Halo series could be Showtime’s most ambitious project yet Today 6:00 AM
- How to watch Turner Classic Movies for free Today 5:30 AM
- How to watch Real Madrid vs. Athletic Bilbao online for free Today 5:00 AM
- ‘Star Trek’s Jonathan Frakes calls out your lies with this new meme Saturday 3:46 PM
- #JusticeForLucca trends after video shows police slam Black teen’s head into pavement Saturday 3:11 PM
- The internet is shocked to learn that Goombas do, in fact, have arms Saturday 2:02 PM
- PayPal, GoFundMe cut off armed militia that detains migrants at border Saturday 1:16 PM
- Barnwood theft may be on the rise because of ‘Fixer Upper’—and fans aren’t having it Saturday 12:23 PM
- Literary Twitter calls out Dzanc Books for Islamophobic, racist novel Saturday 11:40 AM
- How to watch Crawford vs. Khan online Saturday 10:00 AM
Data breach at online trading firm exposed customer credit reports, Social Security numbers
Photo via Chomon/Shutterstock.com (Licensed)
The leak consisted of about 70GB of data at a firm reportedly doing about $50 million in business.
A data breach at an online futures trading brokerage left exposed thousands of files, including credit reports, passport scans, and customer chat logs.
The leak, now secured, was identified and reported by Chris Vickery of the Kromtech Security Research Team. It was caused by a misconfigured backup device managed by a third-party IT vendor.
The trading firm was identified as AMP, a company that offers numerous platforms for online futures trading. According to the Online Brokers Hub, the company is based in Chicago, Illinois.
While the issue with the backup system is not uncommon, the breach is notable for the amount of money that passes through AMP’s systems. “The files indicate that AMP has over $50 million on the books and additionally include the private details of over 10,000 account applicants,” Kromtech reports.
Vickery reported that about 70GB of data had been sitting on the open web, consisting of roughly 97,000 files.
“It includes credit reports, passport scans, internal company emails, customer chat logs, and basically everything an identity thief would need in order to mount a serious campaign,” Vickery said. “I was surprised at the number of plaintext customer passwords discussed in the chat logs (by staff and customers alike).”
Security researchers who report such breaches are often met with suspicion and even hostility by the companies whose data is at risk. But AMP responded comparatively well, according to Vickery:
“The head honcho over at AMP was surprised when I fully explained the situation to him over a phone call. He rightly wondered what AMP was paying its third-party IT company for. If a third party, which specializes in IT, can’t catch this kind of leakage themselves, there is some serious improvement to be done.
“AMP’s CEO was relieved to hear that I wasn’t trying to sell him anything or attempting any sort of blackmail or extortion, and I’m thankful he understood that I merely discovered the unsecured data rather than causing it to become unsecured. That’s a distinction many people fail to grasp, especially when their company is potentially in the hot seat.”
Vickery’s disclosure comes days after reporting a massive data breach at a U.S.-based data warehouse, Schoolzilla, which held personal information on more than a million American students (K-12). The breach reportedly contained a vast amount of test scores and social security numbers. The issue was fixed within 24 hours of Vickery’s report.
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.