Slashdot Mirror

← Back to Stories (view on slashdot.org)

Acxiom Hacking Details Made Public

Posted by michael on from the may-not-need-new-credit-cards-after-all dept.

pgrote writes "As mentioned previously, the Acxiom consumer database company was compromised. More details have emerged including the background of the alleged hacker and the method used to gather access. It turns out he had access since December of 2002 and came in through an unsecured FTP server. The suspect was not a former employee of Acxiom as previously reported, but an employee of data mining company."

5 of 142 comments (clear)

  1. So what? by zifty · · Score: 3, Interesting

    If this wasn't known since December of 2002, what cause do I have not to believe it's been happening everywhere? Being a victim hasn't affected ME yet, once it does, I'll fight the bill, get a new card number, and be on my way. This is relatively meaningless to us.

  2. Keep going by Pig+Hogger · · Score: 5, Interesting

    Keep going at it. Eventually, people are going to be SO PISSED at their personal data being spewed forth all over the place, there will be a terrible backlash that will make the European Data-Protection and Privacy laws seem tame enough...

  3. Re:Question by rainer_d · · Score: 5, Interesting
    According to one of the the articles, he broke the encryption on the passwords

    When was the last time you saw a FTP-server that allowed to download its own password-file ? 1990 ?
    This is ridiculous - if I'd encounter one, I'd ask myself if it was a honeypot.

    Also, the various journalists' view (and the subsequent picture created by them for their readers) of "hacking", "cracking", "security" etc. is sometimes so distorted, so far-off from the reality of the people closer involved with the subject that reading a mainstream-press article about it is often only marginally better than just making-up the facts from slashdot-postings !

    Rainer

    --
    Windows 2000 - from the guys who brought us edlin
  4. jaded by dpletche · · Score: 4, Interesting

    My first inclination was to deplore this latest breach in the handling of our most sensitive personal data by its self-appointed custodians at Acxiom. But after reflecting for a couple hours, I realize that this makes no difference at all. Is this guy in trouble just because he took the data without paying for it? I'm sure that Acxiom could have accomodated him if he had just created his own marketing firm and forked over some $$$.

    "But Acxiom would never sell your most sensitive personal data! They only use for internal modeling, aggregated statistical profiling, {cancer|AIDS} research, finding loving homes for stray kitties and puppies, etc." Or for sharing with affliliated partners, i.e. anyone who is willing to pay for it.

    If Acxiom wasn't selling the information, you could still count on the DMV to sell your information to all comers.

  5. Re:ftp server? by DrSkwid · · Score: 4, Interesting

    then you'd like plan9's ftp

    it doesn't even use passwords

    it uses a kind of public key encryption called NetKey

    ftp DrSkwid@plan9ftp
    Welcome DrSkwid to the plan9 ftp server
    challenge : 345345
    response :

    And you have to run netkey locally and encrypt the challenge using your password.
    The server checks to see if its encrypted version matches and if so you're in.

    You can't replay it and good luck cracking it.

    If you don't want to be broken into don't use insecure things, oh and "root" is considered harmful. If you there is nothing to escalate privileges to then what point that rootkit?

    Makes me laugh people talking security with such a single point of failure waiting for exploitation.

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter