How Attackers Will Use Epsilon Data Against You

Trailrunner7 writes "What might the criminals who broke into Epsilon do with the email lists they have? The easiest thing to do is to sell these data sets on the black market or, potentially, to competitors of victim firms. According to the latest data from data-breaches.net, totals are up to 57 customers including credit card providers with branded cards — Visa (notices sent for at least 3 cards), the World Financial Network National Bank (12 cards) and Citi (3 cards). The criminals may make some money there and re-invest it into technology or services for other efforts. Once an attacker has gained a foothold on one or more systems used by their mark, they can begin harvesting credentials. The frequency with which average consumers use the same username/password combination across multiple sites is such that such information could lead to accessing other potentially-existing accounts on high-profile social networks."

Re:Will the bad formatting here EVER get fixed??

[blair1q]

The score display/hiding seems to be totally random.

Worse is the article expand/collapse misfeature. When I go to do a reply, every time I click in the text box it thinks I want to expand the thread further. Basically I have to expand every article in the thread (and many run to 20 levels) just to start entering my reply.

Total #fail on someone's scripty little part.

And in the article-submission dialog, the edit box is about 20% wider than the box, so the right half of every line is hidden. Only way to deal with that is to compose in an editor and paste it into the box. Plus the tag entry is bollocks. It enters the tag if you hit the spacebar, orders the tags randomly, and trying to delete one only succeeds in giving you the negation of the tag, not the deletion of it. The only way to deal with that is to close the submission form, clear your history and cookies (stuff in that form is ultra-sticky) and start over.

But at least I can use the word "replace" in a posting now, without some eval code bunging that up.

Re:Passwords not compromised

[zuckerj]

Unfortunately MANY major companies practice procedures that put their customers at risk by sending emails with links. Any official communication from a credible institution should not include ANY links, or phone numbers. They should simply say, please visit our website, or call us via the phone umber printed on your bill or the back of your card. I complain to companies time and again that they are indeed part of the security threat problem and putting their customers at risk. I recently got an email from Bank of America telling me that they saw unusual activity on my Check Card and they gave me a phone number to call. I called the number and the representative starts off the conversation by asking me for my driver's license number! I told him how ridiculous and dangerous their procedures were, and told him I'd not answer any questions without calling back from a known number. Unfortunately, when I called back, I was informed that it was indeed Bank of America and everything was legit. I say unfortunately because it just confirmed my worst fears that a Major institution such as Bank of America, was knowingly putting their customers at increased risk. Also unfortunately, after trying to explain to the representative, for the 3rd time, why this was a dangerous practice, I realized I have better luck educating a brick by banging my head on it. So while you may call victims STUPID for falling prey to these sinister ploys to farm information, it is in fact the companies we trust that are failing us and making our attempts to safeguard our information more and more difficult.