2.7 million medical calls breached in Sweden

hjorthjort.xyz/2019/02/20/2.7_

The calls were stored on a NAS connected to the internet with no authentication or encryption, with people's phone numbers in the file names of audio files

@Gargron wtf?! It's kind of incredible this intrusion didn't happen immediately after the data was put online.

It's also not quite correct for them to call this a breach when they put the files out there for anyone to see and take with zero controls what so ever. πŸ™„

@michelamarie We don't know who downloaded what when because they didn't have any network logging until January last year.
@tsturm It's an onion of Peter Principle and Dunning-Kruger Effect layers, from the little 3-person company that managed to snag the storage contract up via outsourcing of outsourcing up to the government-side purchasing staff. Nobody has the insight to check the level below.
Follow

@clacke I wonder how many more of these kinds of massive data leaks exist out there on open ports, just waiting for somebody to stumble over them.

@tsturm @clacke

I always try to imagine the guy responsible for this storage, who reads about all the hacks and leaks everywhere at Spotify, Google+, Equifax, and then goes back to work on his unencrypted public NAS with medical calls recordings thinking "Yeah, yeah, just another day at work". I'm trying to imagine it, but I just never quite get it.

@chebra "We'll block SYN packages on the incoming port. There, done."

... is literally what they did in terms of mitigation.

@chebra @clacke On every level, nobody ever went like "Hey, all these phone calls, where are we storing them?"

Either none of these people is at all technical, which means it's a miracle any of that stuff works, or they are technical and criminally incompetent.

@tsturm A friend realized that he has worked with/for two of them. He says criminally nontechnical.
Sign in to participate in the conversation
mastodon.cloud

Generalistic and moderated instance.