Alright mate, have a listen to this. Yesterday, I stumbled on a juicy bit of news about an unfortunate scenario that a UK-based photo business, DEphoto, found itself in. This lot are well known for their work in medley of fields like school photography, sports events, you name it.
Our protagonist, a bloke who goes by the handle 0mid16B, decided to give us a shout about something he’d accomplished. Turned out he’d gone ahead and breached DEphoto’s system. What about the date you ask? Conveniently, it was on Christmas day. Talk about a Christmas miracle, only the wrong sort, you feel me?
He went on to tell us that he’d raked in personal details of over half a million customers, complete with orders and quite a few records containing credit card information in plain text. If that didn’t knock your socks off, he also nicked hundreds of gigabytes of photos and other data. That’s like robbing the corner shop and making away with top shelf whiskey too! He was kind enough to show us some unredacted screenshots detailing his adventure in the DEphoto network.
After that, the cheeky so-and-so went for a second helping! He claimed that DEphoto had been given the heads up by him but had ignored it and the system had been left unsecured. Apparently, they tried to patch things up but it didn’t work. He came back for the second attack, picking up where he left off, using logins from his previous visit to gain entry to the system’s frontline.
And it’s not all about creating havoc, mind you. This chap tried to swing a deal with DEphoto’s IT lads, demanding a ransom for his silence. He suggested a cool GBP 50,000. Imagine someone’s audacity to ask that much money for data they had no right to in the first place.
Meanwhile, DEphoto did manage to act quickly, promptly sending out an apology note to affected customers. Quite a few of them seemed a bit sore that DEphoto had held onto their data for a decade. One of the customers grumbled about DEphoto having access to his personal data from a football match featuring his son from ten years ago.
When asked what he intended to do with the nicked data, our hacker mate announced that he intended to flog the database of 500k customers and leak the rest of the data so all and sundry could feasted their eyes on it. Whether he followed through with his threat is a question we can only speculate on.
And you’d think DEphoto would own up to the mess on their website, right? Sadly, not even a whiff of it. Goes to show, it’s a wild world full of surprises we live in. Watch out for your personal data, you never know who might get their hands on it.
by Parker Bytes
