WHY WERE THEY STORING UNENCRYPTED CARD INFORMATION ON THEIR SERVER IN THE FIRST PLACE

WHY WERE THEY STORING UNENCRYPTED CARD INFORMATION ON THEIR SERVER IN THE FIRST PLACE

POSIWID: The Purpose Of A System Is What It Does Shirt $21.68

The Kind of Tired That Sleep Won’t Fix Shirt $21.68

POSIWID: The Purpose Of A System Is What It Does Shirt $21.68

  1. 1 week ago
    Anonymous

    500 kilodollars seems low

  2. 1 week ago
    Anonymous

    Scumbag company. I hate that they have a monopoly over events and have exclusive sales of some stuff.

    I hope the DOJ frick them up big time

    • 1 week ago
      Anonymous

      DOJ fricking up a monopoly?
      In this corporatocracy?
      You're dreaming.
      You will eat ze bugs.

  3. 1 week ago
    Anonymous

    imagine having a credit card and buying stuff online
    you get what you deserve
    now go back

    • 1 week ago
      Anonymous

      This wasn't actually Ticketmaster's fault.
      https://www.theregister.com/2024/05/31/snowflake_breach_report/
      >Today, Hudson Rock claimed all that info from Ticketmaster and Santander, and potentially hundreds of other organizations, was stolen from one vendor in particular: Snowflake. Hudson Rock said it came to this conclusion after speaking to crooks claiming responsibility for the cyber-heist.

      >Snowflake provides cloud data storage services to many of the largest enterprises in the world. This alleged intrusion and exfiltration of data from Snowflake, which Hudson characterizes as "one of the largest data breaches to date," is said to have involved the use of a Snowflake employee's login details obtained in October using info-stealing malware some believe was Lumma.

      >These credentials were supposedly used to sign into the employee's ServiceNow account, apparently side-stepping Snowflake's Okta-based access management system. Once inside, it's claimed, the criminals were able to generate session tokens that were used to exfiltrate large quantities of customer data from Snowflake's systems, with the apparent goal of holding it for a claimed $20 million ransom. It doesn't appear the money was ever paid, if Snowflake was indeed compromised.

      If you're using your debt card for purchases you need to grow up.

      • 1 week ago
        Anonymous

        >is said to have involved the use of a Snowflake employee's login details obtained in October using info-stealing malware
        damn shitty employees who don't know how to keep their private and work data separate.

        • 1 week ago
          Anonymous

          human error is always the #1 cause of cybercrime usually

          • 1 week ago
            Anonymous

            large percentage of people are idiots. it's why such phishing campaigns usually work.

        • 1 week ago
          Anonymous

          >don't know how to keep their private and work data separate

          average wageslave has absolutely no abstract concept due to fluoridated calcified pineal gland and not having the third (3d mind) eye in result, that the electronic device given to them to do the work for the contract period is not their personal property even if they are physically close to it and hold it, nor a new toy for their kid, and they are fully liable and that it may endanger many other people if any information leaks from there

          • 1 week ago
            Anonymous

            and then IQfy is baffled and bamboozled why google is able to market shit like "remote attestation". that's why. it takes a very high iq <1% of the population have to competently and safely operate a consumer-grade computer operating system.

          • 1 week ago
            Anonymous

            You are autistic and coping. Consumer grade os’ literally run themselves. Even managing a linux system takes just time, not a top 1% iq you dribbling moron.

          • 1 week ago
            Anonymous

            i don't think you realize how moronic most people are

      • 1 week ago
        Anonymous

        Ok I take back

        Encryption isn't magic. Why do morons say this? Eventually someone has to be able to observe the value.
        >B-but muh row level encrypted database bros
        Such idiotic garbage. Cyber sec is full of the dumbest Black folk on Earth.

        If you use a 3rd party storage service, why are you storing unencrypted blobs? This seems a bit incompetent given I use CryFS for all of my cloud bullshit.

      • 1 week ago
        Anonymous

        >If you're using your debt card for purchases you need to grow up.
        i dont have bank and dont pay for stuff online
        learn2read

      • 1 week ago
        Anonymous

        Service now is a lame company that will eventually die. But they are creeping into the federal space so they'll be around for 15 more years

      • 1 week ago
        Anonymous

        Why don't they have two factor authentication?

        • 1 week ago
          Anonymous

          moron fell for a stealer, 2FA doesn't save you from that, they have the cookies/tokens

        • 1 week ago
          Anonymous

          >he thinks 2FA protects from this
          >isn't a potential vector in itself
          2FA is a meme.

      • 1 week ago
        Anonymous

        >If you're using your debt card for purchases you need to grow up.
        I assume you mean debit card, now why would I borrow money to buy things when I could just use my own money?

        • 1 week ago
          Anonymous

          >why use my own money when i could use someone else's money

          • 1 week ago
            Anonymous

            Because you have to pay them later, possibly with interest. Also, because your incurred debt is used as a financial instrument in the madness that is the modern economy. Basically, by using a credit card, you help israelites get richer, and you still need to pay as much as if you had just paid up front, or possibly more.

          • 1 week ago
            Anonymous

            only if you're moronic when using a credit card, which 90% of people are

          • 1 week ago
            Anonymous

            It's a contract violation to not pay your credit card bills, you are not "moronic" for paying the bill. And there is no way (other than not using a credit card) to avoid your debt being a security for some other debt, thus making some israelite richer. So, apart from people who simply refuse to pay bills, I'd say it's 100% not 90%.

          • 1 week ago
            Anonymous

            they make money if you have money sitting in an account too

          • 1 week ago
            Anonymous

            They make more or less 7 times more per dollar of credit card debt than they do per dollar of checking account balance

          • 1 week ago
            Anonymous

            That's why you pay your credit card bill in full every month, then they make zero money plus they give me 1.5% cashback on every purchase. It's free money you are just leaving on the table because you can't pay your bills

          • 1 week ago
            Anonymous

            They don't make money on late bills (well they do, but so little it's irrelevant). When you pay a bill in full they already made more money than your entire bill just on the 99.7% chance that you'd pay it. You think that cashback is for free? It's not, you are getting their scraps.

          • 1 week ago
            Anonymous

            And that already comes from merchants in terms of higher prices. You think the processing fee isn't already incorporated into the item's price?
            And the fees paid by other people.

            Something else that I do is open a card for the $200 bonus. spend the money I would have already spent. pay the minimum for the 15 months 0% interest and put the money I would have spent paying the credit card bills in a high yield savings account where I'll pay off the card when the 15 months are up.

          • 1 week ago
            Anonymous

            >being a Black person instead of just using your debit card and putting the overflow into stocks
            Literally why

          • 1 week ago
            Anonymous

            more money this way and it sucks for the credit card companies with the high interest rates but I'm paying 0

          • 1 week ago
            Anonymous

            Okay, you try buying stuff with cryptocurrency and see how many online stores you can shop at. Clearly the stores have to grow up a bit themselves before the rest of us can.

          • 1 week ago
            Anonymous

            Because you have to pay them later, possibly with interest. Also, because your incurred debt is used as a financial instrument in the madness that is the modern economy. Basically, by using a credit card, you help israelites get richer, and you still need to pay as much as if you had just paid up front, or possibly more.

            Wrong. Smart people optimize credit spending based on cash back rewards and just pay off the bill in full every month.
            You don't incur interest if you pay off the balance when you're sent the statement. And you get a free 4-5% cash back on things like gas or groceries that you aren't going to avoid paying for any ways.

            But yeah, a lot of people are moronic when they use credit and maintain running balances

          • 1 week ago
            Anonymous

            Smart people realise it's not worth more than an hour of their time every month micro-optimising which cards to use to get an extra $3 of cashback or airline miles or whatever
            Just get an Amex card with flat cashback and use that for everything (and pay it in full every month because their interest rates are astronomical)

          • 1 week ago
            Anonymous

            Wrong. Smart people buy 1 expensive thing on a credit card and take the full year to pay it off because that's how you increase your score.

            Smart people use charge cards for purchases they intend to completely pay within the month because that's how you use charge cards.

          • 1 week ago
            Anonymous

            That's not how it works, paying your card off in full every month counts the same because you're still repaying a debt even if you didn't hold it long enough for any interest to accumulate

        • 1 week ago
          Anonymous

          >now why would I borrow money to buy things when I could just use my own money?
          At minimum you should be using your credit card as a shield for your real bank account. You also get cashback/other benefits for using this service. You might think you're being smart, but at some point you're going to need a loan and having zero credit history is going to frick you. You beat the israelite by using their system responsibly.

          • 1 week ago
            Anonymous

            >at some point you're going to need a loan and having zero credit history is going to frick you
            god I'm glad I'm not American. I'd probably be fine since I'm not a lower middle class pesant but it all sounds so exhausting and unfair

      • 1 week ago
        Anonymous

        >Snowflake
        >jeet ceo
        ah I get it now

      • 1 week ago
        Anonymous

        >sign into the employee's ServiceNow account, apparently side-stepping Snowflake's Okta-based access
        GOOD MORNING SAARVICENOW

      • 1 week ago
        Anonymous

        That's not how debit cards work lmao.
        >See unauthorised payment made on debit card
        >Gets marked as pending like all new purchases.
        >Temporary disable the card (can enable/disable any time)
        >Contact bank CS to mark as fraudulent
        >Get a new temporary card to integrate in phone NFC.
        >Refund given if/when payment goes through.
        >New physical card in the mail 2 days later.

      • 1 week ago
        Anonymous

        human error is always the #1 cause of cybercrime usually

        >relying on 3rd parties because no ability
        >having a poor procedure in the workplace to begin with that allowed this to happen
        >but it's not their fault that they got hacked through their overreliance on 3rd parties and through poor workplace protocols

      • 1 week ago
        Anonymous

        >contrarianism has hit the point where using a debit card to buy things is somehow childish
        What do you propose in your totally-not-a-larp scenario? Cash? Writing checks?

        • 1 week ago
          Anonymous

          Credit cards. There is no reason not to use one, they have stronger consumer protection & if you set them to auto pay in full every month they cost no more than using a debit card
          The only "downside" is you have to have enough self-control to not spend money you can't afford to pay off at the end of the month

          • 1 week ago
            Anonymous

            >le trve advlthood is relying entirely on usury and credit

    • 1 week ago
      Anonymous

      banks have better fraud prevention and reimbursement for credit cards compared to debit.

  4. 1 week ago
    Anonymous

    another win for paypal

  5. 1 week ago
    Anonymous

    Encryption isn't magic. Why do morons say this? Eventually someone has to be able to observe the value.
    >B-but muh row level encrypted database bros
    Such idiotic garbage. Cyber sec is full of the dumbest Black folk on Earth.

    • 1 week ago
      Anonymous

      Cybersec as a profession is quite dumb generally. They don't have any power to dictate good practices but are on the hook to be responsible for the inevitable vulnerabilities organisations produce from too much complexity. It's literally a scapegoat industry.

      • 1 week ago
        Anonymous

        Cybersec basically doesn't exist as a profession, for every real person employed in cybersec they're thousands of 'cybersec' blog/twitters.

    • 1 week ago
      Anonymous

      >Eventually someone has to be able to observe the value.
      no lol, they only need to know that the encrypted value matches another known valid encrypted value.

      • 1 week ago
        Anonymous

        The credit card info isn't supposed to be visible to anyone except the customer and the payment card processor.

    • 1 week ago
      Anonymous

      >what is hashing
      You're dumb as shit

      • 1 week ago
        Anonymous

        Hashing credit cards makes no sense, as they need to send the real value to the payment processor.

      • 1 week ago
        Anonymous

        Congratulations, you probably qualify for disability payments cause you’re certifiably moronic

    • 1 week ago
      Anonymous

      >Encryption isn't magic.
      This. Unless they reveal how the attack was carried out there is no way to tell if it could have been prevented by encryption. It might have been corporate espionage.

    • 1 week ago
      Anonymous

      >Such idiotic garbage. Cyber sec is full of the dumbest Black folk on Earth.
      I know a guy that vehemently insists that "anything open source is always secure", this was literally like 2 days after the XZ thing but even then, it's not like open source software can't have huge issues in general.
      Sad thing is he probably makes more than most people I know since he's "Head of Security" or some shit.

  6. 1 week ago
    Anonymous

    >WHY WERE THEY STORING UNENCRYPTED CARD INFORMATION ON THEIR SERVER
    They weren't

  7. 1 week ago
    Anonymous

    Why did Snowflake have all this data in the first place? Why did they need credit card data? That does not scan with what I know about Snowflake.

    • 1 week ago
      Anonymous

      Why is everyone assuming the data was stored in plaintext? I fricking hate this board. The data can still have been encrypted, but decrypted by the db application to export the data.

      Are you stupid? Snowflake was providing the compute and storage for the data. It was not running the payment application.

      • 1 week ago
        Anonymous

        Ya it's hard to know exactly who's doing what which is why just blanket saying, "muh encryption." Doesn't mean much.
        If this is something like a managed S3 like storage service though, you should at a minimum do something though. The provider might be smash and grab resistant (at rest), but you can't assume access is bad. If they were doing both storage and processing though, you're kind of SoL since homomorphic encryption is a meme.

        • 1 week ago
          Anonymous

          From my experience at an MSP, you get sometimes credentials for things you're not supposed to have, like, for example, read only permissioning into a db or local admin for a VM.

          This probably is the case since Snowflake is saying it was customer creds used to exfiltrate from Ticketmaster's environment.

          >Are you wiblywiblywoo? Snowflake was providing the compute and storage for the data. It was not running the payment application.
          That is why I asked. I will ask again. Why did they have the credit card data in the first place? Why was it stored there and not stored where the processing was taking place?

          And say again. Snowflake was providing the compute and storage for the data. Or do you not grasp the concept that many companies have moved away from onprem?

          • 1 week ago
            Anonymous

            Black person are you really so daft or are you just pretending to be clinically braindead? He isn't talking about their fricking cloud provider.

          • 1 week ago
            Anonymous

            >And say again. Snowflake was providing the compute and storage for the data. Or do you not grasp the concept that many companies have moved away from onprem?
            Your response is orthogonal to my question. Cloud vs onprem has no relevance here. Credit cards must remain in the documented PCI environment. There is no possible way this was the case as the PCI auditor would have spotted the unencrypted data and that the data was traversing a 3rd party for storage. If their auditor accepted this configuration then multiple parties are very much open to criminal and civil penalties as I expect will be the case.

          • 1 week ago
            Anonymous

            >From my experience at an MSP, you get sometimes credentials for things you're not supposed to have, like, for example, read only permissioning into a db or local admin for a VM.
            unironically this. we use a system for managing creds and my company is moronic and despite me not being in networking I bascally have creds to everything

      • 1 week ago
        Anonymous

        >Are you wiblywiblywoo? Snowflake was providing the compute and storage for the data. It was not running the payment application.
        That is why I asked. I will ask again. Why did they have the credit card data in the first place? Why was it stored there and not stored where the processing was taking place?

  8. 1 week ago
    Anonymous

    who the frick stores credit card number in plaintext? I thought it was all salted and hashed at this point for pci-dss compliance?

    • 1 week ago
      Anonymous

      >ummm actually you can never EVER recover encrypted data.... t. cybersecurity gay

      Is there a field that's as full of grifter as 'cibersecurity experts'? You bring nothing to the table.

      • 1 week ago
        Anonymous

        If you use something like cryfs, I'd challenge you to do it since it intentionally obfuscates metadata, like size, filename, etc unlike most "encrypted" uses. I agree if you're an idiot and use some generic AES container on something an attacker can observe changes to, but for an attack like this, I doubt it.

        • 1 week ago
          Anonymous

          >ackchyually if you use this thing no one uses it's not a problem

          • 1 week ago
            Anonymous

            Yes. problem, moron?

      • 1 week ago
        Anonymous

        I'm talking about industry level compliance you dumb code monkey

      • 1 week ago
        Anonymous

        >confusing hashing with encryption
        ironically you're the moron here

        • 1 week ago
          Anonymous

          not relevant, both are indistinguishable when done right

          • 1 week ago
            Anonymous

            what? hashing is literally completely different than encrypting by definition

            are you trolling or moronic?

        • 1 week ago
          Anonymous

          >implying you can hash a fricking credit card info
          for what purpose animehomosexual?

    • 1 week ago
      Anonymous

      Complete bullshit can pass PCI compliance certification. I worked with a payment gateway the was totally insecure but somehow PCI certified. Management didn't care, or they knew and wanted it insecure. They're in Federal prison now.

      • 1 week ago
        Anonymous

        >Complete bullshit can pass PCI compliance certification
        >They're in Federal prison now.

    • 1 week ago
      Anonymous

      we're also supposed to be PCI compliant at my company. in reality pci-dss compliance is just a bunch of bullshit checklists. it doesn't magically make your infrastructure secure only because you got your attestation of compliance.

      it's all smoke and mirrors and it's only purpose is to satisfy your moronic compliance department so you won't be liable when you get pwned by some script kiddy

    • 1 week ago
      Anonymous

      whats the point of salting/hashing credit card info?

      • 1 week ago
        Anonymous

        so for salting hashing, it allows you to store the salted hash of the credit card number instead of the actual number. the system compares the hashed value instead of the actual value
        the salt is an extra bit of hash it adds as a unique value in order to avoid hash collision (two identical input values generating the same hash output)

        • 1 week ago
          Anonymous

          Sure but whats the point of that? Why would you ever want to compare equality in credit card numbers?

          Also, that's not why salting is done.

    • 1 week ago
      Anonymous

      so you can save credit card numbers so people can purchase without having to enter details. you know literally any website which saves your CC info? hashes do frick all here and it is all stored in plaintext

      • 1 week ago
        Anonymous

        normally, you still don't store the card info, only at the VERY VERY MOST you are allowed to store it with digits 6 through 12 and the cvc taken out (so, like #### ##XX XXXX #### ##/## XXX where # is stored and X is not)
        instead, you get a token back that you save which represents that card number but only between you and the issuer
        not exactly that complex so i dont know why anyone would need to save full details

    • 1 week ago
      Anonymous

      Small businesses with little capability might if they're moronic.
      But even then, you use a card machine and 3rd parties take care of that shit.

  9. 1 week ago
    Anonymous

    >don't worry you fricking morons, our TOS prevents us from legally abusing your data
    >oops we got "hacked" now the "hackers" can use your mysteriously unencrypted data for whatever the frick we I mean they want

    • 1 week ago
      Anonymous

      >oops we got "hacked" now the "hackers" can use your mysteriously unencrypted data for whatever the frick we I mean they want
      Data brokers buying it on the sly ? Interesting

      • 1 week ago
        Anonymous

        lmao ticketmaster is unironically cashing out on people’s stupidity & ignorance

  10. 1 week ago
    Anonymous

    Anyone who saves cc detail on online services deserve it...
    Also, its not fully cc information, only first/last digits or some shit like that

    • 1 week ago
      Anonymous

      Since like 2015 there is no reason for online retailers to ever store CC information at all, even encrypted. You should only be storing tokens, even for recurring payments. The token is far less valuable to an attacker because it can only be used to make a payment to that retailer.

  11. 1 week ago
    Anonymous

    Because Terry A. Davis said that encryption is bloat.

    • 1 week ago
      Anonymous

      Well there shouldn't be exploits to begin with, but you know how bloated the software already is with these things and the exploits that creates.

  12. 1 week ago
    Anonymous

    they socially engineered access to ticketmaster employee user keys, moron. what, do you think they raided the cloud with a bunch of armed people in a van and took the drives? how tech-illiterate are you?

    • 1 week ago
      Anonymous

      the average IQfy user doesn't know shit about social engineering or infoSEC lol.

      • 1 week ago
        Anonymous

        average IQfy user gets socially engineered into replying to same 3 bait threads

  13. 1 week ago
    Anonymous

    >israelitet master
    normies deserve to be abused, lmao

  14. 1 week ago
    Anonymous

    >WHY
    DEI

  15. 1 week ago
    Anonymous

    WHY WERE THEY STORING UNENCRYPTED CARD INFORMATION ON THEIR SERVER
    ?

  16. 1 week ago
    Anonymous

    Reminds me of when Terry said ticketmaster was storing prices in floats when he got there.

  17. 1 week ago
    Anonymous

    $500k seems low for that type of info on millions of people.

    • 1 week ago
      Anonymous

      because companies never pay, not their problem if your CC info becomes public, and the PR damage is already done

      • 1 week ago
        Anonymous

        Paying bit seems to be the opposite given even the feds try to crack down/encourage these companies not to pay as they claim it incites hackers to try even more.

  18. 1 week ago
    Anonymous

    if that was true why ask for only 500k?

  19. 1 week ago
    Anonymous

    It's the government's fault ticketmaster is so big

  20. 1 week ago
    Anonymous

    kek
    reminds me of that one about that ad company that has been given info from various social media to sell storing all their shit on public servers

  21. 1 week ago
    Anonymous

    The real question is why this stuff is accessible all the time and anywhere. Every company wants to hold on to 10+ years of transaction history then wants to avoid responsibility for tens of millions of people's information being stolen. I know of a certain town with an incident where the SSN of every resident was stolen, I don't know how the people in the IT department/top executives don't get doxxed outed for allowing poor infosec.

  22. 1 week ago
    Anonymous

    this company has been literally fricking people for years in all sorts of ways, and this is not the first time this has happened

  23. 1 week ago
    Anonymous

    Shitty company cared more about monopolizing all ticket sales and forcing moronic fees on everything was too moronic to actually vet out a company that handled their transactions.

  24. 1 week ago
    Anonymous

    yes, storing card detail on retail is comfy, but then again i do not have much on card

  25. 1 week ago
    Anonymous

    Why did the US Department of Justice decide to sue them within 48 hours of them being hacked??

    • 1 week ago
      Anonymous

      This is because taylor swift fans and Black screeching morons are asshurt over ticket prices. Nothing in that lawsuit is for a settlement for people whose information was stolen

    • 1 week ago
      Anonymous

      Only 48 hours?
      Lawyers could get a case ready in mere hours if they have a good procedure of discovery and expertise in the field.

  26. 1 week ago
    Anonymous

    why do you schizos care about privacy so much? just let 3rd world peasants take your credit card numbers, literally how does it affect you?

    • 1 week ago
      Anonymous

      It has always baffled me how we went from "don't give details online" for security to "give 3 times as many details, your phone number, your email, your mother's maiden name, your dog's name and your chastity cage size" within years of Snowden.
      And people just accepted it. Went "yep this is secure and not subversion by ngos or intel agencies/ corporate hackers". Now look at the data machine. It's a massive industry and they get away with this shit for "security reasons" even though time and time again they get caught selling your authentication data for money using unencrypted means, sometimes with an open interface to the internet.

      This world is clown world nowadays. Real world really did end in 2012. Mayans were right.

  27. 1 week ago
    Anonymous

    Because business people don't understand this in-depth and assume the people/services they contract out with aren't leaving a massive fricking security hole and if and when it does happen a insurance company and the government protects them from any real losses. When some street shitter buys tons of gift cards on your credit card it's not their problem.

    • 1 week ago
      Anonymous

      They certainly are 20th century corporations.
      21st century corporatocracy wouldn't trust contractors at all. They force leverage over you and make sure you're sophisticated with hacking.

      Google is a 20th century corporation pretending to be 21st.
      Ticketmaster is a relic of a long lost time.

  28. 1 week ago
    Anonymous

    Worst part is that I remember an audit or something warning people 10 years or so ago that their security wasn't up to par.

  29. 1 week ago
    Anonymous

    >In filing with the US Securities and Exchange Commission, Ticketmaster's parent company, Live Nation Entertainment, said it had "identified unauthorised activity within a third-party cloud database environment."

    >They believed the cloud is secure meme.

  30. 1 week ago
    Anonymous

    Welp time to change the password, I guess

    • 1 week ago
      Anonymous

      I'm kinda fricked because I cannot remember any ancient accounts I used to have 15 yrs or so ago. I just assumed back then I'd remember them because I was very young.

  31. 1 week ago
    Anonymous

    only 500K?

  32. 1 week ago
    Anonymous

    Because nobody gives a frick bucko. The regulatory institutions that govern big corpos are the same profit-driven scam rackets as the big corpos are. Good things are rare in this gay world and you certainly won't find them in corpos or gov rackets

  33. 1 week ago
    Anonymous

    KILL ALL BANKERS

  34. 1 week ago
    Anonymous

    Imagine having the details of 1/16th of the world and asking for $500k

Your email address will not be published. Required fields are marked *