classic opsec mistake - eviltoast

cross-posted from: https://discuss.tchncs.de/post/10692187

so, the company was Vastaamo. was because it got bankrupt after the breach, and GDPR violations.

the “hacker”(or rather cracker) was extradited from France to Finland.
you can read about how terrible the company’s security was here: https://tietosuoja.fi/en/-/administrative-fine-imposed-on-psychotherapy-centre-vastaamo-for-data-protection-violations

or watch mental outlaw’s video on the matter, or the Wikipedia article on the breach.

now there are several things that shouldn’t have happened (e.g.: don’t do these things on your main OS, have root access disabled, etc.), but I’ll leave that to you experts.

  • lemmesay@discuss.tchncs.deOP
    link
    fedilink
    arrow-up
    115
    arrow-down
    1
    ·
    edit-2
    11 months ago

    you’re underestimating people’s capability to make such mistakes. remember silk road? the guy used the same username in two places, and gave his email id(which had his full name) in one of them.

      • lemmesay@discuss.tchncs.deOP
        link
        fedilink
        English
        arrow-up
        59
        ·
        11 months ago

        it was late 2000s(he was arrested in 2013, before snowden leaks). and the guy wasn’t a “hacker”. he created the website where stuff(both legal and illegal) was sold. so, you have to keep that perspective in mind.

        • THE MASTERMIND@feddit.ch
          link
          fedilink
          arrow-up
          8
          ·
          edit-2
          11 months ago

          Oh yeah i remember that guy i i thought you were talking about someone else. And in my opinion they should just free him he has done more time that he should have to whie other bigger criminals than him with money are running around free . But still it was a very noob mistake of course unless he did it delibretly because he didn’t care about anonymity.