this post was submitted on 30 May 2024
412 points (98.8% liked)

Technology

59440 readers
5498 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

ShinyHunters posted on Tuesday night in a hacking forum that it obtained data from Ticketmaster and its parent company, Live Nation, including customers’ names, addresses, emails, phone numbers, and order details, Cyber Daily wrote. The group is reportedly attempting to sell the stolen data for $500 million.

From this other link: https://www.abc.net.au/news/2024-05-29/ticketmaster-hack-allegedlyshinyhunter-customers-data-leaked/103908614

It said 1.3 terabytes of customer data possessed by Ticketmaster including names, addresses, credit card numbers, phone numbers and payment details is up for sale.

top 38 comments
sorted by: hot top controversial new old
[–] [email protected] 138 points 5 months ago (1 children)

I'll look forward to my $0.50 check and exactly zero consequences for the higher-ups that I'm sure slashed IT/cybersecurity budgets.

[–] [email protected] 87 points 5 months ago (1 children)

"Did you cut security staff?"

"Yes."

"How much?"

"70%"

"And did that lack of security cause a security breach?"

"Yes."

"And how much money did that cost us?"

"2 million dollars."

"And how much did the security team that was let go cost us?"

"$500,000 per year."

"So, we break even after 4 years, and profit after 5?"

"Uhhhhhhh..........I guess?"

"Good work Johnson".

[–] [email protected] 58 points 5 months ago (1 children)

heh, you don't know how true this is. I've worked in IT for 2 decades. IT is pretty much always seen as a cost center.

If everything is running smoothly - "what are we paying you for?!"

If everything is on fire - " What are we paying you for!?"

And now with companies getting the tiniest of slaps on the wrists for willful negligence it's cheaper to cut IT funding, outsource it, whatever.

If the cost of the fine is less than the profits gained by doing "x" then that's just the cost of doing business. Execs will continue to do this until there are real consequences for the company and them directly.

[–] [email protected] 13 points 5 months ago (1 children)

Until there are proper incentives for executives (e.g. full asset seizure and mandatory multi-year community service in roles such as junior janitor, junior hospice care specialist, live-in support for late stage alzheimer's patients) that require them to take ownership and responsibility for their actions (or lack of thereof), this will continue.

Just look at the 2017 Equifax breach in the US:

Wikipedia background:

An Equifax internal audit in 2015 showed that there was a large backlog of vulnerabilities to patch, that Equifax wasn't following its own timescales on patching them, that IT staff did not have a comprehensive asset inventory, that Equifax didn't consider how critical an IT asset was when prioritising patches, and that the patching process worked on an 'Honour system'. The report set out actions to improve the process, but the time of the breach, two years later, many of them had not been completed.

Equifax press release states that CIO and CSO can now enjoy retirement:

As part of the company's ongoing review of the cybersecurity incident announced September 7, 2017, Equifax Inc. (NYSE: EFX) today made personnel changes and released additional information regarding its preliminary findings about the incident.

The company announced that the Chief Information Officer and Chief Security Officer are retiring.

Richard Smith, the CEO under whose watch this happened, got to retire at the ripe old age of 57 and got a nice bonus of $90 M

Richard Smith, 57, is the third Equifax executive to retire under pressure following the company's massive data breach revealed earlier this month, putting the personal information of as many as 143 million people at risk.

But the CEO is still set to collect about $72 million this year alone (including nine months' worth of his $1,450,000 salary), plus another $17.9 million over the next few years. That's when the rest of Smith's stock compensation hits a few important milestones or "vests," allowing Smith to essentially put it in his bank account. Altogether, it adds up to a total potential paycheck of more than $90.1 million, according to Fortune's calculations based on Equifax securities filings.

[–] [email protected] 2 points 5 months ago (1 children)

Are you salivating at the mere thought of this, then?

Amazon execs may be personally liable for tricking users into Prime sign-ups

[–] [email protected] 3 points 5 months ago (1 children)

This is a start, but the fact that they come up with this:

Executives had urged the court to dismiss the FTC's claims against them. They argued that the FTC "singled them out 'for an ‘unprecedented sanction'" when the agency had "only recently started prosecuting companies for using 'dark patterns'" under Restore Online Shoppers' Confidence Act (ROSCA) and the FTC Act. They claimed that the FTC never alerted them to any wrongdoing before filing the lawsuit, so how could they have known they were violating the law?

Suggests that they are not being serious.

And I doubt the fine will be sufficient for them to re-evaluate their attitudes. What we need is full asset seizure (every last cent, home, car, everything) and to send them to do a decade as junior support personnel at a late stage Alzheimer's care facility (my dad had Alzheimer, so I am not being callous for the sake of it).

They can also do 20 years in prison with no parole if they are too good for community service.

[–] [email protected] 2 points 5 months ago (1 children)

I'm not sure how that's indicative of the FTC not being serious? You're quoting a defense argument, of course they're going to argue the agency is wrong.

[–] [email protected] 2 points 5 months ago (1 children)

With respect to the US regulatory/judicial actions, I find it difficult to believe that they will be sufficient to nudge the criminals towards genuine self-reflection and a desire to change their behaviour. Similarly, other criminals are likely see enforcement action as more of a "risk to be managed" as opposed to a strong incentive to re-evaluate their approach to criminal schemes.

This is of course not a US only problem, albeit there are countries were consumer rights and business criminality is less socially acceptable.

I didn't interpret their argument as stating "the agency is wrong". More like "we weren't told this was wrong, we were one of the caught ... so this claim should be dismissed."

I would even go as far as saying that this is a sign of disrespect towards judicial processes.

[–] [email protected] 1 points 5 months ago (1 children)

It's a fairly routine argument by the defense (we're being singled out/the regulations are unclear). And regarding federal enforcement, there's a lot of hamstringing by Congress.

All that to say, this is arguably a good sign of the FTC properly enforcing, not a reason for pessimism.

[–] [email protected] 2 points 5 months ago

I hope you're right. :)

[–] [email protected] 67 points 5 months ago (1 children)

All those convenience fees hard at work I see.

[–] [email protected] 28 points 5 months ago (1 children)

So convenient to automatically give everyone access to your credit card number without any action or knowledge on your end. It happens all on its own.

[–] [email protected] 5 points 5 months ago (3 children)

👍

Does anyone have reccomendations for a good (open source) Android keyboard mine doesn't have a search function for emoji

[–] [email protected] 2 points 5 months ago (1 children)

I was about to recommend Heliboard since that's the best one so far IMO, but it also doesn't have emoji search. Turns out I was using the "recent emojis" menu

That might help in the meantime till a better recommendation comes around

[–] [email protected] 2 points 5 months ago

That's actually what I'm using

[–] [email protected] 1 points 5 months ago

I just want iOS to ALWAYS suggest emoji when one’s available for that word. Never use the autocomplete function on iPhone besides for when it suggests an emoji 😎

(It worked that time! For “cool”)

[–] [email protected] 0 points 5 months ago (1 children)

I was going to reccomend the samsung keyboard specifically BECAUSE it doesn't have that swiping, or emojis. Yep. Just a good ol standard reliable keyboard. Which means any typos in this message are my own stupid fingers fault.

...............but you WANT emojis in your keyboard. Must be a generational thing.

/hankhill

[–] [email protected] 3 points 5 months ago

Why wouldnt you want emoji?

[–] [email protected] 41 points 5 months ago (1 children)

Meanwhile, earlier this month, I had to literally disable quite a few bits of adblocks and other extensions just so that Ticketmaster's crappy CAPTCHA thing would allow me to even log in. Literally screamed "Why are you pestering me, I'm just trying to buy a ticket to a local car show, not a fucking Madonna concert"

[–] [email protected] 32 points 5 months ago (1 children)

And you had to pay a "convenience" fee for the privilege too.

[–] [email protected] 2 points 5 months ago

Oh last year I paid the ticket in cash, 20€, no problem. This year? 20€, plus 1+bits euros of processing fees. To "deliver" my ticket to the platform of my choice. (...Mobile app.)

So I went to the car show. They still had the cash booth. Mild failure to communicate. I just dodged the field of view of the booth guys, out of shame, and entered like normal, glad the ticket guards were accommodating.

Oh I forgot the best part! When I was trying to log on and the security interfered with CAPTCHAs, Ticketmaster reset my password several times. That's how you know this company take security seriously. /s (Literally no site does this.)

[–] [email protected] 29 points 5 months ago (2 children)

Proof they don't care:

The company’s share price remained relatively flat following reports of its massive data leak.

[–] [email protected] 22 points 5 months ago

Just another Tuesday in our boring dystopia.

[–] [email protected] 1 points 5 months ago

“Yes, and “ - the stock price didn’t go UP, so they might have cared :/

[–] [email protected] 18 points 5 months ago

Guess I have a new wave of spam calls to look forward to.

[–] [email protected] 11 points 5 months ago

Save this Card# for later?

Fuck no!

[–] [email protected] 9 points 5 months ago

If that data is really worth $500 million, Ticketmaster probably “hacked” itself. One last score before the DOJ breaks them up.

[–] [email protected] 6 points 5 months ago (1 children)

Glad I've never used the scummy fuckers.

[–] [email protected] 2 points 5 months ago (3 children)

I mean......they are scummy fuckers, but.........do you just NOT go to concerts?

[–] [email protected] 8 points 5 months ago (1 children)

Not by venues the size that are whored out to TM, is an option. Just because something is slammed at you 1m times by radio, advertisers, YouTube, etc., you can still choose the music you listen to and like.

[–] [email protected] 7 points 5 months ago (2 children)

I've been to concert venues that hold 30 max occupants still had to go through ticketmaster for $5 tickets, with $13.79 in fees.

They are EVERYWHERE.

[–] [email protected] 1 points 5 months ago

Plenty of other things to do in a city that size, then.

[–] [email protected] 1 points 5 months ago

Didn't mean to say venues have many options, TM needs to be broken up. Even non-profits and the like have had to sign the Ursula contract with TM as they dominate the industry so

[–] [email protected] 8 points 5 months ago

In this economy?

[–] [email protected] 1 points 5 months ago

Not LN/Ticketmaster shows.

[–] [email protected] 5 points 5 months ago

Unfortunately it was just another Wednesday for the higher ups there. Sigh.

[–] [email protected] 5 points 5 months ago

My brokeass can't do shit so I will just give you an upvote. Bank refused to give me loan because of my credit rating. The funny part is I never had a credit card or any other loan. Later I found out my that Tangerine Telecom fucked me by giving my data to hackers and someone used my info to get a credit card.

[–] [email protected] 0 points 5 months ago

I'm not one of those 560 million.