Follow

2.7 million medical calls breached in Sweden

hjorthjort.xyz/2019/02/20/2.7_

The calls were stored on a NAS connected to the internet with no authentication or encryption, with people's phone numbers in the file names of audio files

@Gargron why did they give the guy who made illmatic all that data

@girl @Gargron

I absolutely love the guys explanation:
"There is a internet cable connected to the harddrive"

@selea @Gargron the joke is that a rapper named nas made an album called illmatic

@gargron can we really call it a "breach" when you just put it in an open cardboard box in the middle of the town square tho :think_unamused:

@Gargron wtf?! It's kind of incredible this intrusion didn't happen immediately after the data was put online.

It's also not quite correct for them to call this a breach when they put the files out there for anyone to see and take with zero controls what so ever. 🙄

@michelamarie We don't know who downloaded what when because they didn't have any network logging until January last year.

@clacke Hah. Then it's pretty safe to assume that stuff has been downloaded lots since the time it was put on the Internet. :o

@tsturm It's an onion of Peter Principle and Dunning-Kruger Effect layers, from the little 3-person company that managed to snag the storage contract up via outsourcing of outsourcing up to the government-side purchasing staff. Nobody has the insight to check the level below.

@clacke I wonder how many more of these kinds of massive data leaks exist out there on open ports, just waiting for somebody to stumble over them.

@tsturm @clacke

I always try to imagine the guy responsible for this storage, who reads about all the hacks and leaks everywhere at Spotify, Google+, Equifax, and then goes back to work on his unencrypted public NAS with medical calls recordings thinking "Yeah, yeah, just another day at work". I'm trying to imagine it, but I just never quite get it.

@chebra "We'll block SYN packages on the incoming port. There, done."

... is literally what they did in terms of mitigation.

@chebra @clacke On every level, nobody ever went like "Hey, all these phone calls, where are we storing them?"

Either none of these people is at all technical, which means it's a miracle any of that stuff works, or they are technical and criminally incompetent.

@tsturm A friend realized that he has worked with/for two of them. He says criminally nontechnical.
Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!