Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Group Demands "Idiot Tax" From Payday Lender

Posted by samzenpus on from the cost-of-business dept.

snydeq writes "Hacker group Rex Mundi has made good on its promise to publish thousands of loan-applicant records it swiped from AmeriCash Advance after the payday lender refused to fork over between $15,000 and $20,000 as an extortion fee — or, in Rex Mundi's terms, an 'idiot tax.' The group announced on June 15 that it was able to steal AmeriCash's customer data because the company had left a confidential page unsecured on one of its servers. 'This page allows its affiliates to see how many loan applicants they recruited and how much money they made,' according to the group's post on dpaste.com. 'Not only was this page unsecured, it was actually referenced in their robots.txt file.'"

3 of 263 comments (clear)

  1. Re:Strange sense of morals by mwvdlee · · Score: 5, Interesting

    If it was explicitely mentions in their robots.txt file, I assume it was done so to be excluded from robots.

    More like having an unlocked door with a sign saying "Do not enter".

    Yes, it was pretty damn stupid and very easy to avoid. That still doesn't make it okay for anybody to copy the data. If you see such security failures on a website, the right response is to inform the website owners. As I said; it's a strange sense of morals.

    If those hackers get caught and fined, I assume the hackers will consider that an "idiot tax" as well. Afterall, they were idiotic enough to get caught.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  2. Re:Strange sense of morals by Anonymous Coward · · Score: 5, Interesting

    Accessing a page referenced in robots.txt is not "hostile penetration analysis." It's basically just picking up a dollar bill left on the ground. Just because half the population doesn't know how to look at the ground (metaphorically) doesn't mean that it's stealing.

  3. Re:Strange sense of morals by mjr167 · · Score: 5, Interesting

    So if I set up a public webserver and send out an internal memo saying only certain people can access my web page and then google finds my webpage and you click on the link, I can have you charged with a computer crime?

    robots.txt doesn't say "do not go here," instead it says "do not index this page." You can put a page in robots.txt that is meant to be accessed.