Monthly Archives: August 2011

So they exposed your personal info in a breach. Now what?

Posted on by

And now – what do I do now?
Oh, I don’t know
Oh, I’m leaving
And now, who’s gonna save me next time?
From Now What by Lisa Marie Presley

So there you are just minding your own business and chilling on PlayStation Network when…

Yikes! PSN has been breached! And now you and 100 million of your closest friends have been exposed. Now what?

This post on Credit.com News and Advice has some advice that you might want to check out.

Data breaches are an everyday occurrence affecting millions of Americans each year.

Just ask crafters who shop at Michael’s Stores, Sony PlayStation Network gamers and investors at Morgan Stanley Smith Barney.

They’re all vulnerable to identity theft and other fraud because their personally identifiable information (PII), such as a birth date or Social Security number, for example, was exposed. That information could be used to commit financial fraud.

Here is a condensation of their 6 tips with my comments (you didn’t think you’d get off that easy did you).

  1. Review the breached account. Find out exactly what the pwned data losers (and I mean that quite literally) had of yours that might have been exposed. Forget what they ADMIT to losing and assume they lost it all. That includes not only credit card info but your credentials (login and password) to the site.
  2. Change all user access credentials. Change your password on the immediately affected site (DUH!) and then change your password on every other site that uses the compromised password. Now would be a dandy time to quit being an idiot and either get a password safe or use another method to choose strong unique passwords for every site and service you use. If you use the same password for PSN, your bank, YouTube, Facebook and Twitter… Uh Sorry. Sucks to be you.
  3. Notify existing creditors of the breach. MasterCard and Visa are pretty good about dropping fraudulent charges – if you tell them. The sooner the better. They will likely want to close that card and open a new one. If for some reason you used your debit card online… Again, Sucks to be you.
  4. Place a fraud alert on your credit file.Often the miscreant data losers will pony up for some kind of fraud protection in the wake of a breach. If they don’t you can – and should – set something up on your own. Often your creditors will offer at least limited time versions of these services at no charge. If they don’t then consider doing business with someone else. Seriously.
    • Initial Fraud Alerts last for 90 days and require potential creditors to confirm the legitimacy of your identity before granting credit.
    • Extended Fraud Alerts last for seven years. Victims of identity theft who provide credit bureaus with an identity theft report like this one are eligible.
  5. Review your credit reports for any unusual activity. Credit.com suggests you use annualcreditreport.com to get free annual credit reports. That’s not a bad idea, but be wary about some of the extended credit monitoring services offered by the credit agencies. I’ve had a less than satisfactory experience with Experian but have had decent luck with Equifax. In any case, no service can substitute for good old due diligence on your part. Pay very close attention to not only your credit card statements, but social security or other government entitlement accounts. In general, make sure you understand every nuance of any statement from any entity that pays or bills you.
  6. Consider placing a security freeze on your credit report. This is the nuclear option. Be sure you really understand this before you push that button. Go to ConsumersUnion.org and check out the Consumers Union’s Guide to Security Freeze Protection before considering this step.

So hopefully now you have at least some idea of what to do next. Since there doesn’t seem to be much hope in preventing these epic data breaches. At least as long as the data losers aren’t really penalized for their negligence. And before you start feeling sorry for poor Sony just pay attention to the cost of their services over the next few years after they’ve sucked you back in to PSN to see who really pays. But hey, you can always unplug the PS3 and play monopoly. Or basketball. With no risk of a data breach.

Captain X-Ploit: Sara and Maxi’s magnificent monetary mischievous maneuver.

Posted on by

The Adventures of Captain X-Ploit:
Sara and Maxi’s magnificent monetary mischievous maneuver.
– Part 4 of the epic chronicle –
Strangers are just Enemies you haven’t met.

After the alien left, restoring time to its usual single dimensional, flowy self, Max and Sara found themselves at the library. Hunched over a computer, Sara was reading her way through the wiki entries on several celebrities as Maxwell was standing next to her with an awe-filled grin plastered on his face.

“Sara?” he asked, “Yes, Maxi?” Sara responded with a stunning smile on her face. “So like… wow, you’re telling me I can take any of these books and no one would care?” he asked. His fascination with this concept had less to do with the concept of taking things without people caring and more with the concept that other places were supposed to operate differently. Being famous, handsome, and lucky he had never found people to be opposed to him taking whatever he wanted anyway.

“Well, yes… but you have to run them through the little machine over there,” she gestured with a hand, not removing her eyes from the screen, “before you can leave with it.”

“Weird,” Max said trailing off, distracted by a girl walking by. “I think I’ve got all the information I need,” she said snapping Max’s attention back to her.  “So like… what are we doing again?” Max asked, looking confused as Sara began to scribble several notes onto her hand. She smiled at Max without a hint of exasperation even though she’d explained it over thirty times on the way to the library.

Later that day at the bank:

Sara walked in confidently, leaving Max outside to ponder the complex plan. “Hi, I’m Sara Paylyn,” she said to the teller, “and I’d like to withdraw all my monies.”

“Sure thing Mrs. Paylyn, we just need to ask a question. For security reasons, of course.” Sara nodded and the lady began her list of questions.

“What is your pet’s name?”

Sara hastily glanced at her hand and responded quickly “Birstal.”

“Fantastic, Mrs. Paylyn! How much would you like to withdraw.”

Sara pretended to think for a moment before responding “All of it, I think.”

Several moments later:

Sara was standing outside the bank with $4,312,632.13, explaining to Max how she would surely win the contest now, when Max interrupted, “CONTEST!!! Oh man, I love contests… I wanna be a part of it!” Sara smiled at him wondering if every clone had hacking skill.

“Go for it, Maxi! What’s your plan?” she asked.

Max just shook his head, not wanting to reveal his brilliant plan, and walked confidently into the bank. At the counter the teller looked at him and said, “How can I help you, handsome?”

“Ya, hi, I’m some, like, rich dude and I want to, like, get my money… you know, like, for spending.”

“Okay…,” the lady said, her smile wavering for a moment, “What’s your name.”

“Maxwe…,” he stopped himself, “ahh… I mean,” his eyes dashed about wildly for a name he could use, “Trisha Smith” he exclaimed with a smile as he read her name tag.

Her eyes went wide for moment in shock as she responded “That’s my name, sir… what is YOUR name” she said.

His eyebrows furrowed in deep thought before reading another name off the business card on the counter. “Emmet Brown” he responded with a smile.

“You’re not Mr. Brown! Mr. Brown owns this bank and you’re far more handsome than he is.”

“I had plastic surgery…” Max smiled his perfect smile at her.

“Okay, well I have to ask you this question to be sure. What is your favorite color?”

Max puzzled for a moment thinking how to respond before he finally decided to guess at random, “Hot Pink”

Trisha looked astonished, staring at him “Emmet, is that really you?”

“Yes, now, I’d like to take the money please.”

“Of course, sir,” she said shuddering a little, “How much do you need?”

“All of it would be nice,” he responded without hesitation.

All of the money in the bank?” she asked in amazement.

“Yes.” He responded politely with a smile.

That night at midnight:

Sara and Max were standing waiting for David to appear. Sara couldn’t help but feel a little crestfallen. As much as she liked Max and enjoyed seeing him win, she had only $4 million to her name whereas Max had walked off with the entire contents of the bank. Which happened to be transported at the moment in the truck of a man he had paid $1,000.

At least I can still beat David, that smug jerk, she thought as she saw David and Tedward walking up the street toward her.

At last we’re back to the hacking contest betwixt David and Sara – and Maxwell it seems – with Sara (and Max) using a tried and true exploit against weak authentication. I love the part where Maxi (AKA the stupidest life form in existence) is the one to hit the mother-lode by sheer dumb (and I mean that in the nicest way possible) luck. Much like the “hackers”, script kiddies and others who are routinely publicized by the panic-stricken (and panic-mongering) popular press. It ain’t rocket science folks. But it works. Really, really well. I’m still pulling for David and his mouse minions, though. How can you not be partial to plans involving cohorts like Mr. Biscuits, Señor Sparkles and Dr. Whiskers?