Thursday, September 20th 2018
NCIX Database Servers Containing Unencrypted User Data Cause Yet Another Data Breach
As if the Newegg data breach reported yesterday was not enough, NCIX decided to haunt everyone from the grave when news of a much larger data breach came out today. Readers of our website may have been aware that NCIX declared bankruptcy last December, and all their assets were put up for sale as part of a multi-day auction by the Able Auctions firm earlier this year. Most of the items on sale were innocuous, including remaining PC DIY components and office supplies, but an investigation coming out of Privacy Fly, a cyber security firm from Canada, is showing that something much more sinister ended up in the hands of people who also knew what they were doing. In particular, an unidentified male who called himself "Jeff", acting either independently or on behalf of another company, had procured the entire NCIX server farm at the auction and then sorted through the data to determine what was "useful" and what was not.
By this, he was referring to unencrypted and/or easily-cracked user data stored on the servers that NCIX had not bothered to remove or put behind a stronger password as the contents were laid bare for Privacy Fly to examine after the server was unlocked. These servers were put up for sale for $1500 (CAD) on Craigslist of all places, in a bold move effectively selling user data by the tens of thousands. "Jeff" confirmed he was in possession of hundreds of desktops, hard drives and more servers which, along with the StarWind iSCSI Software that was included in the auction and used by NCIX for all their years of existence meant every single customer and former employee was exposed by the breach. To be more specific, we are talking about financial records including payroll information, residence and email addresses, payment information and even Canadian SIN numbers all available to be seen and purchased by the lot. Be it the fault of NCIX or Able Auction, knowing that unencrypted data servers were sold without being wiped is terrifying, and we recommend taking appropriate actions as deemed for your country of residence.
Source:
Privacy Fly
By this, he was referring to unencrypted and/or easily-cracked user data stored on the servers that NCIX had not bothered to remove or put behind a stronger password as the contents were laid bare for Privacy Fly to examine after the server was unlocked. These servers were put up for sale for $1500 (CAD) on Craigslist of all places, in a bold move effectively selling user data by the tens of thousands. "Jeff" confirmed he was in possession of hundreds of desktops, hard drives and more servers which, along with the StarWind iSCSI Software that was included in the auction and used by NCIX for all their years of existence meant every single customer and former employee was exposed by the breach. To be more specific, we are talking about financial records including payroll information, residence and email addresses, payment information and even Canadian SIN numbers all available to be seen and purchased by the lot. Be it the fault of NCIX or Able Auction, knowing that unencrypted data servers were sold without being wiped is terrifying, and we recommend taking appropriate actions as deemed for your country of residence.
19 Comments on NCIX Database Servers Containing Unencrypted User Data Cause Yet Another Data Breach
Legally they should be liable if anything criminal results from this.
I don't think the landlord was legally obligated to wipe data. Maybe morally though.
What bothers me was all this data was stored unencrypted! That's just dumb.
if this happen in usa propaganda will use -russia hackers russia russia )))
Booth countries (usa and canada) is now third world!
just watch charlieboo313 youtube channel..
Their e-commerce platform software they developed would probably have a development cost well in the tens of thousands of dollars, maybe as high as a hundred grand. Think, they would've had barcode integration and tying in with accounting. That would've had some value to the right buyer. With their web servers and source code, any talk of anything having been encrypted goes out the window.
I guess industries mature and they consolidate with fewer players, and NewEgg and Amazon have upped the burden of competing in e-commerce.