Slashdot Mirror


Acxiom Hacking Details Made Public

pgrote writes "As mentioned previously, the Acxiom consumer database company was compromised. More details have emerged including the background of the alleged hacker and the method used to gather access. It turns out he had access since December of 2002 and came in through an unsecured FTP server. The suspect was not a former employee of Acxiom as previously reported, but an employee of data mining company."

11 of 142 comments (clear)

  1. So what? by zifty · · Score: 3, Interesting

    If this wasn't known since December of 2002, what cause do I have not to believe it's been happening everywhere? Being a victim hasn't affected ME yet, once it does, I'll fight the bill, get a new card number, and be on my way. This is relatively meaningless to us.

  2. Keep going by Pig+Hogger · · Score: 5, Interesting

    Keep going at it. Eventually, people are going to be SO PISSED at their personal data being spewed forth all over the place, there will be a terrible backlash that will make the European Data-Protection and Privacy laws seem tame enough...

  3. history of axicom by Anonymous Coward · · Score: -1, Interesting

    For years now, the common American penis bird has been a staple of every American's daily diet. Whether it be penis bird sandwiches, fried penis bird, or perhaps penis bird under glass (for the rich), we all have penis bird at least once a day. Many Americans have no clue how the penis bird became so important in the pyramid of a balanced diet, so in this article I will attempt to explain its history and why it is so useful.

    In the early 1870s, Francis Zefran became the first penis bird breeder in North America. He started his famous Penis Bird Ranch in Canton, OH. At the time, not much was known of the penis bird's nutritional value, but the Penis Bird Ranch changed all of that. Not only did Francis Zefran raise penis birds to sell their colorful plumes (a VERY lucrative business), he also set up the world's first research lab dedicated solely to the study of the penis bird.

    The lab found many interesting things. First, it was discovered that thepenis bird was actually semi-sentient. Second, the scientists found that the meat of the penis bird was high in protein, vitamin A, vitamin B, and calcium, while low in fat, cholestorol, and sodium. Never before had such a nutritious meal been had without supplement or fortification. The scientists of the lab recommended immediately that the penis bird become a part of every American's daily diet.

    When the news of the penis bird's usefulness reached president Rutherford B. Hayes, he was absolutely ecstatic. You see, President Hayes owed a number of favors to Francis Zefran because as I said earlier, the penis bird plume trade was an extremely lucrative business and Mr. Zefran was important in getting RBH elected through a number of monetary gifts. President Hayes immediately asked Congress to pass what we all know today as the Hayes/Zefran Penis Bird Consumption Act.

    The act did a number of things to make the penis bird a daily meal, most important of which was the requirement that for every four people in a household, one penis bird must consumed every day. Another thing the act did was create an artificial monopoly for Francis Zefran's Penis Bird Industries. The act stated that the only supplier of penis bird meat in the US would be PBI. As one would imagine, this quickly made Francis Zefran into the richest man in the world. He was soon a multi-billionaire (quadrillionaire with today's inflation). Never before had a single man seen such wealth.

    Many challenges were made to the Hayes/Zefran Penis Bird Consumption Act, and several even made it the Supreme Court. It was argued that the act was unconstitutional and went against liberty itself, but once the detractors tasted delicious penis bird meat for the first time, they immediately dropped their cases and followed the law to the letter. We all know today that penis bird is the most delicious meat man has ever known, but at that time, the only meats people ate were pork and beef.

    In the early 1970s, though, challenges to the act began again. Many argued that the monopoly given to Penis Bird Industries by the act was in all ways unamerican. The Supreme Court finally agreed, and in 1974, Section II of the act was struck down. This in effect opened the market to competition for all.

    Today, Penis Bird Industries is almost no more. Today we have the market leader Penis Bird Meat International facing against Penissoft, a recent startup. Where will the future lead the penis bird market? Only time will tell us, but one thing is certain: penis birds are here to stay!

    < )
    ( \
    X
    8====D

    -klerck (Reproduced by AC)

  4. Employee of Data Mining Company? by perimorph · · Score: 2, Interesting

    This was done by an employee of a data mining company? To gather information about consumers? Hmmmm.. The RIAA been hiring some of those lately.. This could be a fun little conspiracy...

  5. Re:Question by rainer_d · · Score: 5, Interesting
    According to one of the the articles, he broke the encryption on the passwords

    When was the last time you saw a FTP-server that allowed to download its own password-file ? 1990 ?
    This is ridiculous - if I'd encounter one, I'd ask myself if it was a honeypot.

    Also, the various journalists' view (and the subsequent picture created by them for their readers) of "hacking", "cracking", "security" etc. is sometimes so distorted, so far-off from the reality of the people closer involved with the subject that reading a mainstream-press article about it is often only marginally better than just making-up the facts from slashdot-postings !

    Rainer

    --
    Windows 2000 - from the guys who brought us edlin
  6. Re:Disturbing by garett_spencley · · Score: 1, Interesting

    I disagree.

    Let's say I have a single lock on the handle of my front door... with no dead bolt. Along comes someone and kicks the door open and proceeds to rob my house. While he's robbing my house he steals a cd that I borrowed from my friend. Are you saying that *I* should be arrested because I failed to install an adequate dead bolt on my front door and thus the robber stole a cd that didn't belong to me?

    What's adequate? Let's say I did install a dead bolt but the robber was sophisticated enough to pick both locks? In this case I shouldn't be arrested because I had "adequate" security and was victimized by a "skilled" robber who had the proper knowledge that surpassed my own in lock technology?

    The fact is that the hacker got a password. It was a weak password, but in my analogy that's the equivalent of having a single handle lock and no dead bolt. He simply kicked the door open. It's still breaking and entering. What happens if the server was "adequately" secured but the hacker managed to gain access via a remote exploit in the FTP server that he himself discovered and no one else knew about? How will the law define that they "adequately" secured the server?

    --
    Garett

  7. jaded by dpletche · · Score: 4, Interesting

    My first inclination was to deplore this latest breach in the handling of our most sensitive personal data by its self-appointed custodians at Acxiom. But after reflecting for a couple hours, I realize that this makes no difference at all. Is this guy in trouble just because he took the data without paying for it? I'm sure that Acxiom could have accomodated him if he had just created his own marketing firm and forked over some $$$.

    "But Acxiom would never sell your most sensitive personal data! They only use for internal modeling, aggregated statistical profiling, {cancer|AIDS} research, finding loving homes for stray kitties and puppies, etc." Or for sharing with affliliated partners, i.e. anyone who is willing to pay for it.

    If Acxiom wasn't selling the information, you could still count on the DMV to sell your information to all comers.

    1. Re:jaded by Anonymous Coward · · Score: 2, Interesting
      If Acxiom wasn't selling the information, you could still count on the DMV to sell your information to all comers.
      I don't know about other states, but here in Tennessee, when you fill out a drivers license application/renewal, there is an option to opt out of datasharing by initialing a few boxes on the form. The same option is present on the license plate renewal form they send each year.

      Granted, most people probably skip over it, but if you read the fine print and initial in the right places, the DMV is prohibited from sharing your information with anyone but law enforcement agencies.

      Read those forms! This is especially true with banks and credit cards. All of them are required to give you the option to opt-out of datasharing, though the process usually involves sending an extra letter to a special address. It's worth it, doing so will majorly cut back on your financial related postal junk mail, and also keep you out of a few databases.
  8. Re:ftp server? by DrSkwid · · Score: 4, Interesting

    then you'd like plan9's ftp

    it doesn't even use passwords

    it uses a kind of public key encryption called NetKey

    ftp DrSkwid@plan9ftp
    Welcome DrSkwid to the plan9 ftp server
    challenge : 345345
    response :

    And you have to run netkey locally and encrypt the challenge using your password.
    The server checks to see if its encrypted version matches and if so you're in.

    You can't replay it and good luck cracking it.

    If you don't want to be broken into don't use insecure things, oh and "root" is considered harmful. If you there is nothing to escalate privileges to then what point that rootkit?

    Makes me laugh people talking security with such a single point of failure waiting for exploitation.

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  9. That guy is my cousin by Synithium · · Score: 2, Interesting

    The guy they arrested, Dan Baas, is my cousin. This is super funny and not the first time he's been involved in stuff like this.

  10. Re:yeah, that's what they said . . . . by Anonymous Coward · · Score: 1, Interesting

    What is this: anarchist capitalist neo-nazi samuray ninja rebel yapi hippy fighter?

    Fight for my protection?
    I'm not a stupid consumer, I always give as much false information as I can on the internet, and I sure as hell don't give personal data to stupid companies.

    If stupid lusers are damaged by these, I laugh. I support the hackers 100% on this one.