classic opsec mistake - eviltoast

cross-posted from: https://discuss.tchncs.de/post/10692187

so, the company was Vastaamo. was because it got bankrupt after the breach, and GDPR violations.

the “hacker”(or rather cracker) was extradited from France to Finland.
you can read about how terrible the company’s security was here: https://tietosuoja.fi/en/-/administrative-fine-imposed-on-psychotherapy-centre-vastaamo-for-data-protection-violations

or watch mental outlaw’s video on the matter, or the Wikipedia article on the breach.

now there are several things that shouldn’t have happened (e.g.: don’t do these things on your main OS, have root access disabled, etc.), but I’ll leave that to you experts.

  • bamboo@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    10
    ·
    9 months ago

    I just was reading Wikipedia and it said he was arrested previously for hacking.

    In 2015, when he was still a teenager, a Finnish court found Kivimäki guilty of more than 50,000 aggravated computer break-ins. Among other targets, he attacked large educational institutions in the US, hijacking emails, stealing credit card details and blocking site traffic.

    Kivimäki received a two year suspended sentence for those charges.

    https://yle.fi/a/3-12669196

    You’re probably right he had some connection and stumbled onto the data, but this wasn’t his first rodeo.

    • haui@lemmy.giftedmc.com
      link
      fedilink
      arrow-up
      5
      ·
      9 months ago

      Thanks for pointing it out. This makes it even more embarassing that he made a mistake like this. But I can still see how it could happen.