New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I have my own Business tactics. No worries about that. Im not stupid. Most people dont think as far as i do. But Not wasting my time on a discussion now.
Ouch that would actually be pretty bad. Small reminder to anyone to never send IDs anywhere but maybe the most trusted parties on the market and always watermark/redact the living shit out of it...
As someone who works on pentests/bug bounties I think that both parties could have handled this shit better. Whomever attacked the provider's system without permission obviously committed a crime depending on how you look at it, but the attitude of the provider is also mindblowing. OMG
"The admin of LET ..." - which LET admin?
1) Omagod mommy, I'm on da tv!!
2) plz dont hack thxnbai
B) autocorrecting is uncool
This 'Scavenger' on Telegram is the hacker? He says 'we found someone to post to tell you that they did leak it, but LET admin appears to have deleted his account'. So he looked for some random person to post on LET to tell people that he actually leaked the data? I don't get it.
to the ones who are complaining that cloudie hasn't sent out an email.. its currently 4:30 AM for him
If aws and oracle haven’t asked me for an ID in the past 8 years, there is no way I am providing it to a small time host to get screwed in the end by some child looking to make quick buck off it.
Hope people learned their lesson.
Yeah, you need to be in an extremely advantageous position to request an ID and even then better expect something that's more black than ID, not to mention your name will be printed right across it in a way that's (hopefully) impossible to fully remove without making the tampering obvious. Don't like that and my life doesn't depend on doing business with you? Well, to bad, i guess...
I don't understand people that send their IDs like it's nothing. I already hate it because it's such a hassle to prepare the damn thing (my idea of doing business does not involve becoming a gimp artist...).
this thread was started way earlier than the justified time reason.
DYK many people take the whole week off between Christmas and New Year's Day?
We stand with Cloudie
I agree with that but then again the earlier mention of DB leak was way before Christmas, so still unjustified!
Well, kinda. I'm still waiting a bit if they really stored client IDs and had them leaked. Not safely deleting those after KYC is done would really come down to gross negligence.
The database was published 12 hours ago (at 4 PM), and this thread was posted 10 hours ago (at 6 PM). Additionally, the jannies in the IPv6 discord purged 24 hours of chats 8 hours ago (at 8 PM) to censor people discussing the leak.
You are forgetting the thread on 17th of December there was someone named hosting billing who got banned for sharing this, so kinda a lot more than just a "DAY".
Searching for cuss words is even more entertaining. Lots of angry MJJs
When I got my personal ASN from him, KYC is done using https://www.idenfy.com/ , he forwards idenfy verification link from ripe to his customers. So my ID is not stored on his whmcs and probably same with his other customers.
That's good to hear. Hopefully that wasn't just an exception but the norm.
This is no bueno
Some good person is reporting the leak because cloudie didn't do it.
And apparently everything related to this topic is being deleted in the "Networking: IPv6" discord (where many of us are cloudie customers).
I can confirm that I have also received information about a proxmox username/password for my service with Cloudie from a protonmail account today. It is possible that this information being leaked was specific to circumstances with my account, but it almost certainly came from the breach. Interestingly, it was not sent to the email associated with my Cloudie account, but to an email associated with my RIPE database entry, which is not what I would have expected when trying to demonstrate the extent of the breach.
I would not be surprised if all the disclosures to customers are the perpetrators punishing Cloudie for not paying the extortion here. But I will say the response from Cloudie so far has been somewhat disappointing. Breaches happen. Disclosing the breach of personal data here and giving details, so that customers could better mitigate the potential damage, would seem appropriate. It doesn't appear that either the GDPR (practically) or CCPA (at all) applies. It's not clear that there would be any legal risk to Cloudie for appropriate disclosure; it certainly wouldn't seem to create more risk than a lack of disclosure, especially when faced with an adversary willing to respond this way.
I'd note that Cloudie's disclosure does not confidently state that personal data was not breached, only that they had no reason to believe that it had been; it seems like an update to that is warranted. The immediate deletion of even non-specific questions on Discord was also disappointing, and probably does more reputational harm than good.
In my particular case, I expect most information in the breach is essentially public regardless, but it would be useful to know details about what could have been leaked.
I find it funny the 3rd party that was letting me know I was hacked via email is just as bad as the hacker for trying extorting the company. Wow, you are not doing the noble thing here sorry.
Edit: Could be the same party as the hacker also.
Would you not want to know that Cloudie was wrong (or lying, to be less charitable) about your personal data being leaked? I didn't get an email but for people not following the thread I see it as a positive to be notified of a breach + the extent of said breach, especially if the host is refusing to comment on it. There's some people who still don't use password managers, and getting their passwords exposed could end up a big deal for them.
@fluffernutter Whoever party has no right playing with my data period. But, that is the pissed off side of me. Me being a realist, people do deserve to know, but it shouldn't of have been a outside party. The provider needs to say something! Oh well my rant is over.
Cloudie Defence Force are in full throttle
Why isn't anyone talking about smarthost and letbox?
Apparently the data has been leaked too.
Cloudie was storing identity documents and the other 2 are less confidential data, is that the explanation?
According to one person in the other thread they used identify.com and didn't store documents themselves. Not sure if that's the norm but if it is documents aren't part of the picture here.
It's called "Networking:IPv6" for a reason, not Networking:Drama. Feel free to start your own server or use LET for drama as it is already
RIPE ASNs that require ID validation are always done using Idenfy as someone mentioned previously, it's something that RIPE is doing for all personal registrations, and your information gets published to a public WHOIS database anyways by RIPE which already contains your name, address, phone number, etc.
If people kept using the same passwords as used during the initial installation, that is not something I would personally fault the provider for. I always disable password authentication on my stuff after I install it and the root password gets changed via my Ansible playbooks anyways, which everyone should be changing after they have the server installed. Also, making sure that you aren't using the same password everywhere and ensuring 2FA on everything that supports it is best practice.
Sure, both parties could've handled things better, but this is a grey-hat situation where someone accessed someone else's systems without being authorized and then attempted to extort the provider for money, and are now threatening to leak the data publicly (if not already done) - all of which are crimes depending on where you are.
Put yourself in the shoes of all these providers that were hacked for a minute. If you were them, what would be going through your head and what would you be doing in this situation if you had limited staffing resources and such? Keeping in mind the various timezones that people can be in, it's possible that you would still be working with law enforcement and other agencies to confirm the extent of the situation. People do deserve to be notified, I agree on that, but things need to be done in a certain way to avoid any major consequences - and that certain way can take time.
For example, one of the smaller local events that I've been to in the past had been working with a third-party organizer earlier this year and said organizer experienced a breach almost 4 months ago, yet the attendees were only notified of said breach not even a week ago because of the legalities and intricacies with incidents like this. While not ideal, stuff like this happens - it's a matter of where and when.
Personally, as long as I get notified of something like this occurring (even if a couple months late), then that's fine. I got the email myself, so I'm aware that something happened with my data.
Do you think they felt bad?
>
The discord isn't the "Cloudie Networks discord." We have in the past and will continue to delete any messages relating to attacks or unlawful activity, as many of us have gotten attacked by people in the discord and elsewhere. This isn't even a Cloudie decision, and Cloudie hasn't been involved in the recent moderation.
We want the discord to be a provider-neutral drama free environment where people can come to join us in our mission to spread the word of IPv6. We don't want to risk turning into LET but discord.