New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
The price is indeed alright, but you will have to have some faith in the hacker to not ask for more money in the future and/or keep the data safe or deleted. It could buy you some time, but it's just not a guarantee that customer data would stay safe in the future, just that it probably won't be leaked immediately. Maybe you could pay it, but you should still inform clients of the breach.
Yea no guarantee. But you can Chat with your counterparty before and If your a bit into psychology you will find Out how they tick and decide upon that. Social skills.
I dont see full conversation but seeing cloudie Response might have gotten the attacker angry to finally Release The Data it seeems.
Its basically saying "idc"
That could have been Handled different
Those who pay are probably the same people that think they are going to get a decryption key for their files once they've instructed WU or sent Bitcoin. All they are likely going to get is a remark next to their name saying "profitable" and another message...
If anything, it would make more like to go after them than paying. Especially when they seem this dumb, but maybe that's just me. I wouldn't let anyone attack my business and get away with it.
Yeah and like i've said, giving in to demands is basically encouragement.
It's not like saying "ic" will make things go differently. It's all about money, I am pretty sure they will sell the database dump regardless cloudie paying them or not.
There is a good chance if they maintained to their racketeering they would never release it. I also don't think its good to say 'i dont care' when you're a one man band. But, honestly what do you do?
Damned if you do, damne if you dont.
They will definitely ask for more in the future. The targets in these cases, if they pay, will become a pay pig.
Well seems like I can't login on my vps now from cloudie.
I will gift you a copy of wirusbuster latest version.
Might be in leaked db who knows 🙀
companies should put a page putting a price on bounty so that they can pay with right reason and not succumbing to demands as encouragement
Has @Cloudie informed customers of this yet?
Nope, nada, nothing at all, looks like he really doesn't care now.
Mods of his discord are deleting discussions of the breach, so technically the opposite.
Jesus.
Does not surprise me that much to be honest. @Cloudie seems to be one of those companies that think disclosing their physical location is optional (or it's really well hidden / i'm blind once again) aka does not want serious business anyways.
They are indeed one of those companies. There is no address listed on their website. They have a postal forwarding facility address on their ASN website, and the address listed in the Whois is a lawyer's office.
So the provider that was breached is just going to sweep this under the rug? When at the same time the dump is being passed around?
Yup.
Extortion is extortion. No matter the justification. They are having fun and making money on the side. They have zero ethical high ground. Zero.
The customers data is the equivalent of human shields in a conflict.
Unless someone decides to sue for GDPR breach
I've seen spicy shit in emails in this dump, ID scan links etc.
They appear to do KYC in-house.
Yeah I'm not impacted so I'll leave the lawsuits for someone else, but someone could probably get something out of it.
Condolences to their customers.
That's the wrong way to go about this. They will always, I repeat, always come back for more and still end up extorting your clients anyways. Beside, saying you'll pay means you're the kind of "client" they're looking for.
I'm sure Quadranet will be emailing them soon with some specials, so it's okay. /s
That's basically why i wanted to see where they are located. I'd guess it isn't Europe though as then they probably wouldn't be playing to no-physical-address game anyways. If they aren't located in Europe GDPR is bogus since as much as the EU would love to have extraterritorial jurisdiction they still don't have any.
Or maybe special refugee offers from a Romanian provider. /s
This is why I tell providers who ask me to submit an ID to cancel my services. I’ll just go host stuff at AWS / Oracle.
My government does a fine job of leaking my ID already lol