Recently I posted about being one of the people whose personal information was potentially exposed due to allegedly lax security at Seisint (owned by LexisNexis (0wn3d by hackers)). Today a story appeared on Wired.com on the hackers who claim to have initiated the break-in. At first I was relieved to read that it was a “cyberjoyride that got out of hand”.
Further into the article, though, I learned that these teen hackers created lots of extra accounts and shared them with others. So, while they may have broken in for entertainment and ego gratification, they have no idea what anyone else may have done.
It’s got to be painful for the people at LexisNexis to read the following quote from the Santa Clara County Deputy DA:
I’m just saying it’s not one group that’s compromised LexisNexis. Their security is really bad. This isn’t a situation where you’re talking about needing an überhacker to compromise (the system). Their passwords weren’t as secure as your average porn site.
While I’m happy to get a year of free access to the Experian Credit Watch service out of the deal, I’m not sure it’s really that valuable. The first alert I received indicated that the blanace amount changed on one of my credit card accounts. Great. I’m going to get an email everytime a credit card company sends me a bill, even though I’ve paid off all my accounts in full every month since I graduated from college.
Worse, though, is that the link in the HTML email was bad. The actual link started with “https://https://”. I’m still not sure why, but the link actually sent me to PayPal. That seemed really suspicious, but I spent a bunch of time verifying that it was the real PayPal site. I sent email to the customer service account on the Experian website, but I received only a very generic form letter response that ignored my question and told me nothing useful. I persist in believing that companies will provide good quality support by email, since it cheaper than providing support by phone. However, my experience has been that email support is generally far worse than phone support. Not just a little worse, but a lot worse. Fortunately, there are a few exceptions, such as the company that hosts my website. But I digress.