WEBVTT - The Largest Data Breaches in US History: Part II 0:00:04.480 --> 0:00:12.399 Welcome to tech Stuff, a production from iHeartRadio. Hey there, 0:00:12.440 --> 0:00:15.960 and welcome to tech Stuff. I'm your host Jonathan Strickland. 0:00:15.960 --> 0:00:19.160 I'm an executive producer with iHeart Podcasts and how the 0:00:19.160 --> 0:00:22.439 tech are you? So? In our last episode, I started 0:00:22.480 --> 0:00:25.400 covering some of the largest data breaches in US history, 0:00:25.680 --> 0:00:27.720 and as a refresher, I'm using a list that was 0:00:27.720 --> 0:00:33.120 compiled by Kyle Chen of upguard dot com, and you know, 0:00:33.200 --> 0:00:37.760 biggest data breaches. That's an interesting adjective biggest, because the 0:00:37.800 --> 0:00:40.320 scope of the attack isn't always a case where the 0:00:40.360 --> 0:00:44.279 data breach affected more people than, say, the previous one 0:00:44.320 --> 0:00:46.880 on the list. There are cases in which fewer people 0:00:46.960 --> 0:00:50.840 were affected, but the types of information made the breach 0:00:51.000 --> 0:00:53.800 more severe. For example, in our last episode, I talked 0:00:53.840 --> 0:00:58.440 about al hackers stole information from millions of FriendFinder Networks customers. 0:00:58.680 --> 0:01:02.480 So friend Fighter Networks op rates lots of different businesses, 0:01:02.680 --> 0:01:06.040 including some that fall into the adult entertainment and adult 0:01:06.120 --> 0:01:10.640 lifestyle categories. So for some customers, the revelation that they 0:01:10.640 --> 0:01:14.840 were patronizing such a business could be embarrassing or damaging 0:01:14.959 --> 0:01:17.640 due to the taboo nature of the services, and so 0:01:17.800 --> 0:01:20.160 they're less likely to put up a big fuss about 0:01:20.160 --> 0:01:23.600 a data breach, because if they did, it would be 0:01:23.800 --> 0:01:26.680 admitting that they were using the service. And if you're 0:01:26.720 --> 0:01:30.080 a hacker, that kind of target is really tempting because 0:01:30.120 --> 0:01:35.039 your victims are incentivized to not come forward. Now, we 0:01:35.120 --> 0:01:37.840 left off in the last episode talking about the Cambridge 0:01:37.840 --> 0:01:41.440 Analytica scandal with Facebook. That scandal was a doozy and 0:01:41.680 --> 0:01:44.720 was hitting right around the time when Facebook, now known 0:01:44.760 --> 0:01:48.480 as Meta, was in the US government's crosshairs for multiple reasons. 0:01:48.640 --> 0:01:51.240 In fact, I'd argue that those events are in part 0:01:51.280 --> 0:01:53.560 what led to Facebook changing its name to Meta in 0:01:53.600 --> 0:01:55.440 the first place. It was an attempt to kind of 0:01:55.680 --> 0:01:59.720 distance itself from a brand that was being associated with 0:02:00.360 --> 0:02:04.840 lacks security and other shady maybe not shady shade is 0:02:04.880 --> 0:02:09.320 the wrong word, but ethically questionable actions. But as I 0:02:09.360 --> 0:02:12.320 mentioned in the last episode, the Cambridge Analytica scandal was 0:02:12.440 --> 0:02:15.360 just a little side quest in the real Number five 0:02:15.880 --> 0:02:18.920 on our top ten list of largest data breaches in 0:02:19.000 --> 0:02:22.160 US history. Chen's main target for number five was just 0:02:22.280 --> 0:02:25.120 Facebook in general, because the site has been a massive 0:02:25.160 --> 0:02:28.320 target for hackers looking to harvest a mountain of data, 0:02:28.360 --> 0:02:31.240 and that makes sense. Most estimates put the number of 0:02:31.240 --> 0:02:35.400 Facebook users in the neighborhood of three billion people billion 0:02:35.480 --> 0:02:38.000 with a B. So, if you're a hacker and if 0:02:38.040 --> 0:02:40.880 your goal is to steal as much personal information as 0:02:40.919 --> 0:02:44.679 you can, you're likely balancing a few different things when 0:02:44.680 --> 0:02:48.160 you're figuring out who you're going to attack. How valuable 0:02:48.200 --> 0:02:50.280 is the information you're going to get hold of. How 0:02:50.360 --> 0:02:52.680 much of that information do you think you can potentially 0:02:52.760 --> 0:02:56.040 get away with? How secure is the system? You know 0:02:56.080 --> 0:02:59.040 you might be able to infiltrate a relatively small target 0:02:59.080 --> 0:03:01.600 without much trouble. On the flip side, you're not likely 0:03:01.600 --> 0:03:03.760 going to end up with a ton of useful stuff 0:03:03.800 --> 0:03:07.320 in the process. But Facebook, well, Facebook has just about 0:03:07.360 --> 0:03:10.200 everyone's data on it, and heck, if you wanted to 0:03:10.240 --> 0:03:13.519 see if you could compromise specific accounts and use those 0:03:13.520 --> 0:03:16.640 to boost a misinformation campaign, that's a possibility too. It 0:03:16.680 --> 0:03:19.200 may be that you're not looking to sell information. You 0:03:19.240 --> 0:03:22.000 may want to sell a narrative, and in doing so, 0:03:22.080 --> 0:03:26.240 what you're doing is borrowing accounts that aren't yours to 0:03:26.360 --> 0:03:30.360 elevate a message. The main data breach that Chen mentions 0:03:30.440 --> 0:03:35.280 with Facebook actually happened with Facebook in twenty twenty one. 0:03:35.360 --> 0:03:38.360 You know, that's years after the Cambridge Analyticus scandal, and 0:03:38.400 --> 0:03:41.080 that's when someone posted to a black market site on 0:03:41.160 --> 0:03:44.200 the dark Web that they had data records including personal 0:03:44.240 --> 0:03:48.400 information of more than half a billion Facebook users, so 0:03:48.480 --> 0:03:50.920 more than five hundred million, like five hundred and thirty 0:03:51.040 --> 0:03:55.680 million user accounts essentially, so this information would include things 0:03:55.720 --> 0:04:00.640 like user names, the actual names, the data, birth location data, 0:04:01.080 --> 0:04:03.680 and more, all from people who were on the platform 0:04:03.720 --> 0:04:08.040 between twenty eighteen to twenty nineteen. How much data was 0:04:08.080 --> 0:04:11.560 available per person depended upon the individual and the settings 0:04:11.560 --> 0:04:14.560 that they used on Facebook, because this was another case 0:04:14.600 --> 0:04:18.200 of hackers using data scraping tools to pull publicly available 0:04:18.200 --> 0:04:21.800 information off a platform. So no different than if you 0:04:22.000 --> 0:04:25.760 were to visit each person's account and then just note 0:04:25.800 --> 0:04:29.560 down all the information that was visible to you. And 0:04:29.600 --> 0:04:31.880 you might remember from our last episode that a hacker 0:04:31.920 --> 0:04:36.160 with a handle Tomliner was offering similar information that someone 0:04:36.400 --> 0:04:41.720 presumably Tomliner themselves whoever they are, had scraped off of LinkedIn. 0:04:42.200 --> 0:04:46.240 So this Facebook instance is a similar case, except it 0:04:46.240 --> 0:04:49.240 appears that the hacker exploited a vulnerability in the Facebook 0:04:49.279 --> 0:04:54.640 platform to harvest information from profiles. Until Facebook fixed the 0:04:54.720 --> 0:04:57.960 vulnerability in late twenty nineteen, and this is based off 0:04:57.960 --> 0:05:01.200 Facebook's own statements about the data reach. The company claimed 0:05:01.240 --> 0:05:04.279 initially that the April twenty twenty one data was the 0:05:04.360 --> 0:05:07.960 same as a similar breach that happened in January, also 0:05:08.040 --> 0:05:12.320 of twenty twenty one. Now Motherboard reported in January twenty 0:05:12.320 --> 0:05:15.400 twenty one that quote a user of a low level 0:05:15.440 --> 0:05:18.840 cyber criminal forum is selling access to a database of 0:05:18.880 --> 0:05:23.159 phone numbers belonging to Facebook users and conveniently letting customers 0:05:23.200 --> 0:05:26.520 look up those numbers by using an automated Telegram bot 0:05:27.040 --> 0:05:29.640 end quote. So this person had created a database in 0:05:29.680 --> 0:05:31.800 which you could search for specific names and see if 0:05:31.800 --> 0:05:33.839 you've got a hit with a relevant phone number. But 0:05:34.000 --> 0:05:38.320 the April revelation showed more than just phone numbers, which 0:05:38.520 --> 0:05:40.600 you know already. Just the phone numbers is bad enough, 0:05:40.960 --> 0:05:44.000 But the hack that happened later in twenty twenty one 0:05:44.440 --> 0:05:47.359 included lots more stuff like that geolocation data if it 0:05:47.440 --> 0:05:50.320 was in fact part of the account. Now companies like 0:05:50.800 --> 0:05:54.920 Meta Slash Facebook typically have policies prohibiting the mass scraping 0:05:54.960 --> 0:05:57.600 of data. As I said in the last episode, data 0:05:57.640 --> 0:06:00.640 is effectively the currency of the Internet, and when you 0:06:00.760 --> 0:06:03.760 really get down to it. User data is the commodity 0:06:03.760 --> 0:06:07.359 that Meta relies upon for its revenue. Meta's whole business 0:06:07.400 --> 0:06:12.080 model is primarily centered on advertising, and user data allows 0:06:12.160 --> 0:06:15.680 Meta to work with ad companies to target specific customer bases. 0:06:16.000 --> 0:06:19.840 So you'd better believe Meta would prefer to maintain dominion 0:06:20.200 --> 0:06:23.680 over that information rather than having someone else get a 0:06:23.720 --> 0:06:26.240 hold of it. Plus, by not keeping user information under 0:06:26.279 --> 0:06:30.000 tight control, Meta opens itself up to lawsuits and regulatory 0:06:30.080 --> 0:06:32.560 finds that sort of thing, and that certainly happened in 0:06:32.560 --> 0:06:36.520 twenty twenty one. So, for example, the Data Protection Commission 0:06:36.760 --> 0:06:40.400 or DPC, which is a regulatory agency in Ireland and 0:06:40.440 --> 0:06:43.880 thus part of the European Union, found Facebook at fault 0:06:43.880 --> 0:06:47.960 for failing to comply with the quote GDPR obligation for 0:06:48.080 --> 0:06:51.719 data protection by design and default in the quote. So 0:06:51.760 --> 0:06:54.200 as a quick reminder for those of y'all who live 0:06:54.240 --> 0:06:58.160 outside the EU like me, GDPR stands for General Data 0:06:58.160 --> 0:07:01.240 Protection Regulation and it's part of a much larger piece 0:07:01.240 --> 0:07:05.080 of legislation regarding fundamental rights. So here in the United 0:07:05.080 --> 0:07:09.600 States we have relatively little protection with regard to our 0:07:09.600 --> 0:07:14.840 private information. That may be changing, but it's long overdue. 0:07:14.920 --> 0:07:17.400 The same is not true in the EU, where citizens 0:07:17.440 --> 0:07:20.840 are supposed to have authority over their own personal information. 0:07:21.400 --> 0:07:24.320 In the wake of hackers releasing personal information about more 0:07:24.320 --> 0:07:27.840 than five hundred million Facebook users, the DPC conducted an 0:07:27.920 --> 0:07:31.880 investigation into Facebook. The DPC determined that Facebook failed to 0:07:32.000 --> 0:07:35.640 embed proper data privacy and protection measures in place, and 0:07:35.680 --> 0:07:38.600 that gave the hackers the opportunity to scrape all that data. 0:07:38.880 --> 0:07:41.760 So just having a policy saying hey, don't do that, 0:07:41.760 --> 0:07:44.040 that wasn't enough. They had to have things that actually 0:07:44.040 --> 0:07:47.160 would prohibit the practice, and that was where the failure was. 0:07:47.640 --> 0:07:50.600 The DPC then ruled that Facebook would owe a fine 0:07:50.640 --> 0:07:53.760 of two hundred and sixty five million euros, which at 0:07:53.760 --> 0:07:56.000 the time equalled to around two hundred and seventy five 0:07:56.040 --> 0:07:59.280 million dollars, And that was actually the third fine DPC 0:07:59.480 --> 0:08:02.760 levey to get Meta just that year. The first fine 0:08:02.800 --> 0:08:05.960 was for eighteen point six million dollars that related to 0:08:06.120 --> 0:08:09.360 Meta keeping really poor records that contributed to a data 0:08:09.440 --> 0:08:12.960 leak that exposed the information of around thirty million Facebook users, 0:08:12.960 --> 0:08:16.920 so a much smaller leak in that case. The second 0:08:17.240 --> 0:08:19.560 of the fines was actually the largest because this two 0:08:19.640 --> 0:08:22.280 hundred and sixty five million euros. That wasn't the most. 0:08:22.480 --> 0:08:25.440 The most was four hundred two million, and that had 0:08:25.440 --> 0:08:29.000 to do with how Facebook, well really Meta was handling 0:08:29.080 --> 0:08:32.640 data that belonged to teenage users of the app Instagram. 0:08:32.760 --> 0:08:34.680 So yeah, it was a very expensive year for Meta 0:08:34.760 --> 0:08:37.080 in terms of fines paid to the EU. I mean 0:08:37.559 --> 0:08:39.960 keep in mind that Facebook had also had to face 0:08:40.000 --> 0:08:43.480 a five billion dollar fine in the United States earlier 0:08:43.600 --> 0:08:46.480 due to other issues. So yeah, Facebook was no stranger 0:08:46.520 --> 0:08:49.240 to having to pay out hundreds of millions and even 0:08:49.400 --> 0:08:54.280 billions of dollars in fines for how the company handles information. 0:08:54.800 --> 0:08:57.440 In Chen's blog post, he also points out a few 0:08:57.480 --> 0:09:01.600 other incidents involving Meta and data security or lack of 0:09:02.000 --> 0:09:06.120 data security. So, for example, in twenty nineteen, Upguard researchers 0:09:06.160 --> 0:09:10.080 found a database of five hundred and forty million Facebook 0:09:10.160 --> 0:09:14.360 user data records on quote public Amazon S three cloud 0:09:14.440 --> 0:09:17.880 servers end quote. Now, arguably you could say this really 0:09:17.960 --> 0:09:21.600 wasn't Facebook's fault, This was the fault of a third 0:09:21.640 --> 0:09:24.760 party company that was working with Facebook. That third party 0:09:24.800 --> 0:09:29.120 company was Cultura Collectiva, which was a media and app 0:09:29.160 --> 0:09:33.119 developer company. So you could say that, you know, Cultura 0:09:33.200 --> 0:09:38.199 Collectiva was a customer for Facebook, and they had this 0:09:38.440 --> 0:09:41.560 massive database of Facebook user data, presumably so that they 0:09:41.559 --> 0:09:44.840 could develop the apps or whatever that they were working on, 0:09:45.240 --> 0:09:49.160 and they were storing this database on an Amazon S 0:09:49.240 --> 0:09:53.200 three cloud server, but they failed to actually secure that 0:09:53.240 --> 0:09:56.480 information on the cloud. They didn't put protections in place 0:09:56.720 --> 0:10:00.560 to prevent unauthorized people from being able to access, which 0:10:00.600 --> 0:10:03.319 is a big old whoopsie. But I think it's fair 0:10:03.400 --> 0:10:06.360 to say that it was not Meta's direct fault for 0:10:06.480 --> 0:10:09.400 this one. It sounded to me like this was the 0:10:09.440 --> 0:10:12.760 third party that arranged to have the database on that server. 0:10:13.080 --> 0:10:15.440 But I don't know if Facebook had done that, Like 0:10:15.480 --> 0:10:18.240 if Meta had made it available on that server and 0:10:18.280 --> 0:10:23.480 then gave access to Cultura Collectiva but failed to secure 0:10:23.520 --> 0:10:27.120 that access appropriately, then yes, it would have been Meta's fault. 0:10:27.200 --> 0:10:29.880 I honestly don't know the details where I can make 0:10:29.920 --> 0:10:33.560 a determination in that regard. Anyway, That's really just the 0:10:33.559 --> 0:10:35.800 tip of the iceberg when it comes to data breaches 0:10:35.960 --> 0:10:40.439 with Meta slash Facebook. And given the reach of platforms 0:10:40.600 --> 0:10:44.360 like Facebook and Watsapp and Instagram, you know, all these 0:10:44.360 --> 0:10:47.320 different meta properties, it really should come as no surprise 0:10:47.440 --> 0:10:50.560 that any data breach that targets Meta is going to 0:10:50.600 --> 0:10:52.560 end up being one of the largest in US history 0:10:52.760 --> 0:10:56.560 simply because they have such a huge user base, right like, 0:10:56.960 --> 0:10:59.880 just by definition, if it's an effective attack, it's going 0:10:59.880 --> 0:11:04.120 to be one of the largest ever. So again, it's 0:11:04.160 --> 0:11:06.440 one of those things that you know, it makes Meta 0:11:06.559 --> 0:11:10.040 such an attractive target for attackers, the fact that it's 0:11:10.080 --> 0:11:13.480 this huge. Okay, we've got lots more to go through, 0:11:13.840 --> 0:11:16.640 and rather than start the next entry and then just 0:11:16.679 --> 0:11:18.480 have to take a break in the middle, let's take 0:11:18.480 --> 0:11:21.880 a break. Now, we'll be back with numbers four and three. 0:11:21.960 --> 0:11:34.120 I think, okay, we're back. So number four on our 0:11:34.160 --> 0:11:37.800 list of largest data breaches in US history is another 0:11:37.840 --> 0:11:41.120 financial institution. So in the last episode, I mentioned how 0:11:41.160 --> 0:11:45.080 a twenty fourteen hack on JP Morgan Chase demonstrated that 0:11:45.160 --> 0:11:48.079 it wasn't just web based companies that were at risk. 0:11:48.400 --> 0:11:51.880 In May twenty nineteen, that lesson was reinforced when poor 0:11:52.000 --> 0:11:57.240 data security practices meant the first American financial corporation inadvertently 0:11:57.320 --> 0:12:01.120 made it possible for anyone with a particular weblink and 0:12:01.679 --> 0:12:05.400 able to access some really sensitive financial information. There was 0:12:05.440 --> 0:12:09.880 no hacking required. Literally, all you needed was the URL 0:12:10.000 --> 0:12:12.400 and boom you could view a whole bunch of files, 0:12:12.520 --> 0:12:16.640 and by whole bunch, I mean nine hundred million files almost, 0:12:16.760 --> 0:12:18.920 so you know, more than eight hundred billion. I think 0:12:18.960 --> 0:12:21.040 it was like eight hundred and eighty million something along 0:12:21.120 --> 0:12:24.520 those lines. So what the heck happened? Well, whomever first 0:12:24.559 --> 0:12:27.840 American financial corporation hired to do web design made a 0:12:28.040 --> 0:12:30.120 major boo boo, And I'd like to think it was 0:12:30.160 --> 0:12:33.319 an honest but dumb mistake and not you know, some 0:12:33.400 --> 0:12:36.560 sort of malicious or premeditated attempt to gain access to 0:12:36.640 --> 0:12:40.520 sensitive information. So essentially, the web developer failed to include 0:12:40.600 --> 0:12:44.880 any sort of authorization or verification process to access this 0:12:45.440 --> 0:12:49.280 list of files. So maybe the thought was just that, 0:12:49.720 --> 0:12:52.120 you know, the URL for the web directory wouldn't be 0:12:52.160 --> 0:12:55.160 published anywhere, so the only people who would even have 0:12:55.240 --> 0:12:56.959 access to it were the ones who knew what the 0:12:57.080 --> 0:12:59.920 UURL was. And if that was the thought, like if 0:12:59.920 --> 0:13:02.240 it was like, oh, we don't need to institute anything 0:13:02.240 --> 0:13:05.920 else because this is a private web address, who's going 0:13:06.000 --> 0:13:08.280 to see it? That would be a practice that's called 0:13:08.480 --> 0:13:12.040 security through obscurity, which by the way, is not very 0:13:12.080 --> 0:13:14.920 secure at all. And as the name implies, the hope 0:13:14.960 --> 0:13:18.360 is that by flying below the radar of attackers, no 0:13:18.440 --> 0:13:21.120 one takes notice of you, so you remain safe, not 0:13:21.200 --> 0:13:24.640 because you're practicing really good security, but because no one 0:13:24.679 --> 0:13:27.200 has spotted you, and so no one has decided to 0:13:27.280 --> 0:13:31.319 target you. Sometimes this isn't something that you're actively practicing, 0:13:31.360 --> 0:13:34.520 it's just kind of in effect. I have argued in 0:13:34.559 --> 0:13:39.280 the past that Apple enjoyed security through obscurity. For many years, 0:13:39.679 --> 0:13:44.560 you didn't see much malware targeting Apple systems. Apple fans 0:13:44.760 --> 0:13:47.760 would argue this was because Apple was just better at 0:13:47.840 --> 0:13:51.160 security than companies like Microsoft or IBM. In fact, some 0:13:51.200 --> 0:13:54.720 of Apple's own ads seemed to me at least to 0:13:54.880 --> 0:13:59.079 imply that one advantage Apple computers had over Windows based 0:13:59.080 --> 0:14:02.040 PCs is that they were more secure. Now, I would 0:14:02.040 --> 0:14:06.240 counter that I don't think Apple was necessarily so much 0:14:06.280 --> 0:14:10.319 better at security. I mean, granted, they were using proprietary systems, 0:14:10.360 --> 0:14:14.880 including proprietary software and hardware, which does make it harder 0:14:15.160 --> 0:14:18.599 to develop malware for those platforms. It doesn't make it impossible, 0:14:18.760 --> 0:14:21.000 but it makes it harder. But I think that the 0:14:21.120 --> 0:14:24.000 vast majority of people, I don't think this this is true. 0:14:24.040 --> 0:14:26.920 The vast majority of people were not using Apple computers. 0:14:26.960 --> 0:14:29.600 They were on Windows based machines. So, yeah, there were 0:14:29.640 --> 0:14:32.720 people using Apple computers, but if you looked at the percentages, 0:14:32.800 --> 0:14:36.920 I mean, Apple was just dwarfed by Windows machines. So 0:14:37.440 --> 0:14:40.120 if you are a hacker and you're going to dedicate 0:14:40.200 --> 0:14:43.000 the time and effort into developing malware, and you have 0:14:43.040 --> 0:14:45.360 a specific goal in mind, whatever that goal might be, 0:14:45.760 --> 0:14:48.520 you're more likely going to aim at the largest target 0:14:48.760 --> 0:14:50.960 in order to have the biggest impact. Like, that's going 0:14:51.040 --> 0:14:54.560 to make more of a difference than affecting a relatively 0:14:54.720 --> 0:14:58.440 small population of Apple users. Go for the bigger population 0:14:58.520 --> 0:15:03.520 of Windows users. That's security through obscurity, right, Like, yes, 0:15:03.960 --> 0:15:07.520 the security might have been better to some degree, but 0:15:07.640 --> 0:15:10.440 that's not why Apple was so safe for the longest time. 0:15:10.640 --> 0:15:13.480 It was also safe or what was not the only reason? 0:15:13.520 --> 0:15:15.640 I guess I should say it was also safe because 0:15:15.960 --> 0:15:19.440 the company's market share was small enough that a lot 0:15:19.440 --> 0:15:22.720 of hackers just didn't see the return on investment to 0:15:22.800 --> 0:15:26.560 develop malware for Apple when most people were using Windows 0:15:26.640 --> 0:15:30.920 machines anyway, Whether the thought was that no one who 0:15:31.040 --> 0:15:34.560 was unauthorized would even find their way to this URL, 0:15:34.960 --> 0:15:38.280 or it was just an oversight and the web developer 0:15:38.320 --> 0:15:40.920 failed to take steps that they should have taken the 0:15:41.000 --> 0:15:44.400 vulnerability was in place, and this type of vulnerability is 0:15:44.520 --> 0:15:48.880 called an insecure direct object reference. So this is just 0:15:48.960 --> 0:15:52.360 a category for vulnerabilities, and essentially it just means that 0:15:52.640 --> 0:15:55.840 if a user has the ability to submit a specific 0:15:55.960 --> 0:15:59.720 input into a system and they can gain access to 0:15:59.760 --> 0:16:03.000 that system without having to pass through any control measures, 0:16:03.240 --> 0:16:07.880 that is an insecure direct object reference. So in this case, 0:16:08.240 --> 0:16:11.680 the input was just a web address, so the only 0:16:11.840 --> 0:16:14.440 tool that you needed was a browser. You did not 0:16:14.560 --> 0:16:16.680 have to be a hacker. You needed a web browser 0:16:16.760 --> 0:16:19.320 and you needed to put a URL into the address 0:16:19.400 --> 0:16:22.360 bar and boom, you would be taken to one of 0:16:22.360 --> 0:16:25.680 these documents. Now, adding to this problem was the fact 0:16:25.680 --> 0:16:29.960 that First American Financial Corporation was using a sequential numbering 0:16:30.000 --> 0:16:33.680 system for their documents, which meant if you had discovered 0:16:33.720 --> 0:16:37.520 a URL that brought you to one of these documents, 0:16:37.800 --> 0:16:40.480 you could then adjust the numeral that was at the 0:16:40.720 --> 0:16:43.920 end of the file name, and if you went down one, 0:16:44.200 --> 0:16:46.760 then you'd see the previous record, and if you went 0:16:46.840 --> 0:16:48.920 up one, you'd see the next record. So what kind 0:16:48.920 --> 0:16:52.320 of records are we talking about. Well, it included stuff 0:16:52.400 --> 0:16:58.520 like bank statements, receipts, actual bank account numbers, drivers licenses, 0:16:58.560 --> 0:17:01.520 and other stuff. Now, on the bright side, while security 0:17:01.560 --> 0:17:04.680 researcher Brian Krebs reported on the discovery of the issue, 0:17:04.720 --> 0:17:08.800 it appeared that no unauthorized third parties with malicious intent 0:17:09.080 --> 0:17:13.159 had actually accessed this information. You could argue, really just 0:17:13.200 --> 0:17:15.119 a matter of luck. Also, there was no way to 0:17:15.200 --> 0:17:18.160 really know. But it just didn't seem like this stuff 0:17:18.240 --> 0:17:21.560 was showing up anywhere where you would say, oh, the 0:17:21.600 --> 0:17:23.639 bad guys got hold of this, right. It wasn't like 0:17:23.680 --> 0:17:26.919 it was popping up on the dark web. Perhaps because 0:17:27.000 --> 0:17:29.639 it seemed that no criminals had found out about this 0:17:29.760 --> 0:17:33.520 problem before First American could actually, you know, address it, 0:17:33.680 --> 0:17:37.800 the SEC went fairly light on the financial institution, at 0:17:37.880 --> 0:17:40.680 least in my opinion. First American was ordered to pay 0:17:40.720 --> 0:17:43.960 a five hundred thousand dollars fine. Now, five hundred thousand 0:17:43.960 --> 0:17:45.639 dollars is a lot of money. If you hit me 0:17:45.680 --> 0:17:48.159 with a five hundred thousand dollars fine, I would be 0:17:48.359 --> 0:17:51.400 up the creek. I would be so deep in trouble. 0:17:51.600 --> 0:17:54.560 But when you think of like a financial institution and 0:17:54.600 --> 0:17:58.640 the fact that this this data leak scope was nearly 0:17:58.760 --> 0:18:04.040 a billion records of incredibly sensitive financial information. I think 0:18:04.080 --> 0:18:06.920 it's still a fairly light fine to have to pay. 0:18:07.320 --> 0:18:09.640 The State of New York would actually secure a million 0:18:09.720 --> 0:18:13.000 dollar payout from First American in a lawsuit settlement, so 0:18:13.240 --> 0:18:15.280 that was twice as much. Now it may be, and 0:18:15.320 --> 0:18:18.040 I haven't looked at this. It maybe that the SEC 0:18:18.359 --> 0:18:22.040 just had limitations on how much it could find an institution, 0:18:22.440 --> 0:18:24.840 in which case, you know, no fault on them. It's 0:18:24.880 --> 0:18:26.840 not like it's not like they could do more. If 0:18:26.920 --> 0:18:30.080 you throw the book at someone, you don't typically assume 0:18:30.160 --> 0:18:32.800 the person has a second book to throw. More recently, 0:18:33.119 --> 0:18:36.040 First American was in the news again in late twenty 0:18:36.119 --> 0:18:38.560 twenty three when hackers claiming to be part of the 0:18:38.600 --> 0:18:43.199 infamous Alpha and black Cat groups infiltrated company systems and 0:18:43.359 --> 0:18:47.760 encrypted several directories as a ransomware attack. Now, this disrupted 0:18:47.800 --> 0:18:50.720 First Americans operations for a short while, but the company 0:18:50.800 --> 0:18:53.160 assured the public that the attackers had failed to lock 0:18:53.200 --> 0:18:57.080 off anything that was absolutely critical for operations, and at 0:18:57.119 --> 0:19:01.320 first they believe that customer records weren't act. However, very 0:19:01.400 --> 0:19:05.399 recently First American revealed that quote personal information pertaining to 0:19:05.440 --> 0:19:09.679 approximately forty four thousand individuals may have been accessed without 0:19:09.760 --> 0:19:12.760 authorization as a result of the incident. End quote. This 0:19:12.800 --> 0:19:16.600 is according to the title report dot com. So the 0:19:16.600 --> 0:19:19.040 company is going to be contacting those who are potentially 0:19:19.040 --> 0:19:23.199 affected and offer identity protection services and credit monitoring for 0:19:23.280 --> 0:19:25.560 free for you know, some amount of time. I don't 0:19:25.600 --> 0:19:27.960 know for how long. Number three on our list is 0:19:28.000 --> 0:19:31.200 a real estate education company. It is called the Real 0:19:31.320 --> 0:19:34.919 Estate Wealth Network. Now, before I did any research on 0:19:34.960 --> 0:19:38.080 this episode, I had not heard about this particular data breach. 0:19:38.200 --> 0:19:40.480 This one I just missed. When it happened, it was 0:19:40.520 --> 0:19:42.919 big news, and somehow I didn't see it, And it 0:19:42.960 --> 0:19:45.480 really was a data leak. So similar to what we 0:19:45.720 --> 0:19:48.320 just talked about with First American. As opposed to you know, 0:19:48.400 --> 0:19:51.840 hackers compromising a system, this is more of a company 0:19:52.040 --> 0:19:56.520 failing to put in the proper measures to protect information. 0:19:56.920 --> 0:20:03.080 Before I read about this particular situation, my imagination went wild, right, 0:20:03.080 --> 0:20:06.960 because it's the Real Estate Wealth Network. I in my 0:20:07.040 --> 0:20:10.719 imagination thought, aha, this is going to be a story 0:20:10.760 --> 0:20:15.040 about some sort of crypto anarchist, right, because here's a 0:20:15.040 --> 0:20:17.920 company that's dedicated to teaching folks how to build wealth 0:20:17.960 --> 0:20:20.440 by buying up real estate in many parts of the 0:20:20.560 --> 0:20:23.760 United States. Right now, we're in sort of a housing crisis. 0:20:23.920 --> 0:20:26.880 There are a lot of middle class Americans who cannot 0:20:26.960 --> 0:20:30.480 afford to buy a house, which is a change from 0:20:30.640 --> 0:20:33.840 previous generations. Right like, you have people who are in 0:20:33.920 --> 0:20:40.280 the same relative space in middle class, who, unlike earlier generations, 0:20:40.640 --> 0:20:44.199 cannot buy an average home or a suitable home. So 0:20:44.240 --> 0:20:47.879 the housing prices have skyrocketed in various regions throughout the 0:20:47.960 --> 0:20:50.359 United States in recent years, and a lot of properties 0:20:50.400 --> 0:20:53.280 seem to get scooped up by people or companies determined 0:20:53.320 --> 0:20:56.960 to turn the houses into lucrative vacation rental properties a 0:20:57.080 --> 0:21:01.000 la Airbnb and such. So I am imagine this data 0:21:01.040 --> 0:21:04.439 breach was the work of some crypto anarchist akin to 0:21:04.520 --> 0:21:06.919 the main character in v for Vendetta. You know, a 0:21:06.960 --> 0:21:09.400 person who was determined to take down the system by 0:21:09.400 --> 0:21:14.120 targeting a wealth generation platform that by its very existence 0:21:14.240 --> 0:21:17.520 seemed to put the common person at a disadvantage. But no, 0:21:18.040 --> 0:21:20.520 it's nothing quite so dramatic as that. This is another 0:21:20.560 --> 0:21:23.640 case of a company failing to institute basic security measures 0:21:23.640 --> 0:21:26.920 in place in order to protect sensitive information. So let's 0:21:26.960 --> 0:21:30.240 talk about that information first, and then I will talk 0:21:30.240 --> 0:21:35.480 about what actually happened. So the leaked info included all 0:21:35.560 --> 0:21:39.200 the top hits, you know, your basic stuff like customer names, 0:21:39.359 --> 0:21:42.280 their phone numbers, addresses, that kind of thing. But it 0:21:42.280 --> 0:21:45.760 also included other stuff like tax IDs, or whether or 0:21:45.840 --> 0:21:48.800 not the entity that owned the property had ever gone 0:21:48.800 --> 0:21:52.880 through bankruptcy, or if there were any court judgments against 0:21:52.920 --> 0:21:56.880 the property owner. Obviously, it also included property history records 0:21:56.920 --> 0:21:59.000 like when it was bought and sold and who bought 0:21:59.080 --> 0:22:01.800 it or sold it. And there were a lot of 0:22:01.840 --> 0:22:04.119 these data records, or like a one and a half 0:22:04.640 --> 0:22:08.760 billion data records in total. Some of them included information 0:22:08.800 --> 0:22:13.240 about very notable people, you know, like politicians and celebrities 0:22:13.320 --> 0:22:15.359 and that kind of thing. And you could imagine this 0:22:15.440 --> 0:22:19.479 sort of crime meant that the people who had access 0:22:19.480 --> 0:22:22.600 to this information could do all sorts of other crimes, 0:22:23.040 --> 0:22:25.879 everything from spearfishing, which would be a breeze because you 0:22:25.880 --> 0:22:28.640 would have so much information about your target, you could 0:22:28.640 --> 0:22:33.679 craft a very convincing attack that would potentially compromise them further. 0:22:34.160 --> 0:22:36.280 You would have all the information you needed to commit 0:22:36.359 --> 0:22:39.479 some pretty nasty fraud crimes in the name of some 0:22:39.520 --> 0:22:41.800 of these victims. Not to mention now that you have 0:22:41.880 --> 0:22:45.760 these notable people like politicians and celebrities. You have information 0:22:45.920 --> 0:22:48.879 that you know, stalkers would really like, or people who 0:22:48.920 --> 0:22:53.000 have a particular desire to hurt somebody specific they might 0:22:53.080 --> 0:22:55.200 really want the information. So yeah, there's a whole host 0:22:55.200 --> 0:22:57.640 of crimes that can happen as a result of this. 0:22:58.200 --> 0:23:02.360 So what actually happened? How did this come about? Well, 0:23:02.359 --> 0:23:04.959 the simple explanation is that the Real Estate Wealth Network 0:23:05.000 --> 0:23:08.680 failed to put any security around accessing this database, which 0:23:08.720 --> 0:23:11.919