ColoCrossing full disclosure

[drmike]

I don't agree or disagree with all this CC thing, but how is it "good"/legal to post pieces of stolen database?

Well, if the right pieces were posted it would show the shell games and intertwining.

At the point where something is stolen and posted online it's public reference material.  I referenced this database a while back or parts of it.

I cut the line where someone would post credentials or credit cards or similar victim info.

 

[Francisco]

Thanks, I was not aware of that... not good indeed, but does it justify making parts of the said database even "more available"?

I haven't read much of the ticket dump past a few snips and keywords, but i don't think there's any customer interaction in there, just them<>CC.

There was at least 1 ticket that showed Chris N testing that their contact form worked and such.

Francisco

 

[DomainBop]

That's just it.


VPSACE refuses to comment on it and hasn't contacted their own customers about the credit cards stored inside said dump.


Until they make a statement, there can only be a 'pretty sure' basis that it's what it is. FYI, to date they still haven't notified anyone. Someone should inform VISA I think.


Francisco

When credit card information is involved Visa needs to be notified immediately by the merchant and there are 6-figure penalties for not notifying them in a timely manner.  I'll just repost what I wrote on LET earlier today about a WHMCS breach involving another provider.

Among those who don't give free passes when there is a database breach and the provider doesn't follow proper notification policies are Visa and Mastercard, and the Attorney Generals of the 46 states that have database breach notification laws.

Hell, Visa even requires timely notification when "only 3%" of the customers in the WHMCS database of a provider who directly accepts credit cards have their info compromised and downloaded like happened to CVPS in October


From Visa's policy:

If a Visa member fails to immediately notify Visa Inc. Fraud Control of the suspected or confirmed loss or theft of any Visa transaction information, the member will be subject to a penalty of $100,000 per incident.

Members are subject to fines, up to $500,000 per incident, for any merchant or service provider that is compromised and not compliant at the time of the incident.

http://usa.visa.com/merchants/risk_management/cisp_if_compromised.html

 

[Francisco]

When credit card information is involved Visa needs to be notified immediately by the merchant and there are 6-figure penalties for not notifying them in a timely manner.  I'll just repost what I wrote on LET earlier today about a WHMCS breach involving another provider.

Have they been informed?

 

[SrsX]

Decided to post over at Lowendtalk for fun with this; suddenly my account was banned and the post was deleted

 

[rds100]

I suppose it was because of the family FB links. There is no need to involve the families in this.

 

[MartinD]

Decided to post over at Lowendtalk for fun with this; suddenly my account was banned and the post was deleted

What do you expect?

"I decided to post on a forum and stir the shit, implicate people who are innocent... for shits and giggles"

Grow up for god's sake.

 

[SrsX]

What do you expect?

"I decided to post on a forum and stir the shit, implicate people who are innocent... for shits and giggles"

Grow up for god's sake.

My bad, I guess this whole "full disclosure" stuff and "transparency" you guys preach isn't important anymore, right?

 

[Aldryic C'boas]

"Full Disclosure" does not include collateral damage.  When you go after someone's uninvolved family, you deserve any scorn you get.

 

[SrsX]

Aldryic, so you're now saying the FBI is a criminal, because they have a lot of collateral damage. When they raid and arrest someone they don't just stop there, they first dig in to all of the persons family also to collect as much information as possible.

 

[MannDude]

My bad, I guess this whole "full disclosure" stuff and "transparency" you guys preach isn't important anymore, right?

I don't mind the posting of things regarding people involved, but no one here needs to know addresses of family members and what not that are not involved. All I did was snip out the URL containing this information, as it's unrelated and not needed. Elsewhere it'd not be so lax.

 

[Aldryic C'boas]

I never said the FBI wasn't criminal.  Being former 97E and former DOD, I know exactly how criminal/evil/<your adj here> government agencies can be.  And you'll find (if you notice all the privacy and anti-PRISM/etc threads here) that many of us feel the same.

However, nobody's actions will ever excuse or justify your own.  You posted information on people completely unrelated to all of the CC/CVPS drama, and opened the door to grief being thrown their way for no reason.  YOU, and nobody else, are responsible for that poor judgement.

 

[MannDude]

Aldryic, so you're now saying the FBI is a criminal, because they have a lot of collateral damage. When they raid and arrest someone they don't just stop there, they first dig in to all of the persons family also to collect as much information as possible.

Law enforcement agencies have a long history of getting things wrong and raiding the wrong houses and negatively impacting lives of individuals who are innocent, even after their research. Look, I just don't want this place to become some 4chan-esque hackforum hybrid where people 'dox' family members of people who do shitty things. I already get enough flack and people hating on the site the level of freedom I already allow of posting things that on other places would be removed, locked, sunk or hidden.

 

[Reece-DM]

Why is this even in "industry News" hardly news.

 

[SrsX]

I completely agree with you MannDude and I respect that, as per what I said in original post you can remove the information if you wish. It was just there because that is what was in my document.

 

[XFS_Duke]

My bad, I guess this whole "full disclosure" stuff and "transparency" you guys preach isn't important anymore, right?

While we're speaking on full disclosure, how about giving everyone your information? Such as phone number, address, age, date of birth, SSN, DL ID, all your family information as well? How about that? You're not any law enforcement agency, you're just some kid behind a computer that knows how to use Facebook, you're awesome in your own little world...

 

[SrsX]

While we're speaking on full disclosure, how about giving everyone your information? Such as phone number, address, age, date of birth, SSN, DL ID, all your family information as well? How about that? You're not any law enforcement agency, you're just some kid behind a computer that knows how to use Facebook, you're awesome in your own little world...

Sure.

James M

06550 22 ** ** (removed)


Ansbacher Strasse ** (removed)


Dahnen, Hessen 546** (removed)

Germany

Need any more information? I'd be happy to share.

 

[MannDude]

Why is this even in "industry News" hardly news.

Good eye, didn't realize it was posted there.

 

[Aldryic C'boas]

I already get enough flack and people hating on the site the level of freedom I already allow of posting things that on other places would be removed, locked, sunk or hidden.

I find that to be rather sad, to be honest =\

 

[MannDude]

I find that to be rather sad, to be honest =\

Can't please everyone. <shrugs>