I communicated with multiple infosec journalists (one of whose own personal data was also in the breach) and still, we got no closer. Exported from Microsoft Outlook (Do not delete) Contact Created By EvercontactĮvercontact did actually reach out and we discussed the breach privately but it got us no closer to a source. If you want to change the contact information, please open OWA and make your changes there. The closest I could get to that at all was the occurrence of the following comments which appeared over and over again: This contact information was synchronized from Exchange. " and "10/3/11 detention hrg in court 20 min plus travel split with "- Troy Hunt February 23, 2020īut nowhere - absolutely nowhere - was there any indication of where the data had originated from. It wasn't just simple day to day business interaction stuff either, there was also this:īut then there's also a bunch of legal summaries, for example "CASE CLOSING SUMMARY ON USA V. These are records of engagement the likes you'd capture in order to later call back to who had been met where and what they'd done. Met at the 6th National Pro Bono Conference in Ottawa in September 2016 Met on 15-17 October 2001 in Vancouver for the Luscar/Obed/Coal Valley arbitration. Arranged for carpenter apprentice Devon to replace bathroom vanity top at, Vancouver, on 02 October 2007. But it's the next class of data in there which makes this particularly interesting and I'm just going to quote a few snippets here: Recommended by Andie. I found that highly unusual as it wasn't someone I'd expect to see a strong association with and I couldn't see any other similar folks. Next, my record was immediately next to someone else I've interacted with in the past as though the data source understood the association. Yes, there are many places that (obviously) have it, but this isn't a scrape from, say, a public LinkedIn page. Firstly, my phone number is not usually exposed and that was in there in full. It's mostly scrapable data from public sources, albeit with some key differences. I embedded my own record which you can pore through in more detail on Pastebin: My own data is there, anyone see any clues indicating the source? - Troy Hunt February 23, 2020 Came from a cloud hosted IP so no clues there. Looks very much like a data aggregator but I can't attribute it. I'm trying to trace down the origin of a *massive* breach someone sent me. My delving into the breach began back in Feb with a tweet: I've had to give it this name because frankly, I've absolutely no idea where it came from, nor does anyone else I've worked with on this. The global unique identifier beginning with "db8151dd" features heavily on these first lines hence the name I've given the breach. It contained 103,150,616 rows in total, the first 30 of which look like this: Here's what I know:īack in Feb, Dehashed reached out to me with a massive trove of data that had been left exposed on a major cloud provider via a publicly accessible Elasticsearch instance. It's about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine. I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |