FTC gives two companies a slap on the wrist after appalling hacks
Source: ZDNet
FTC gives two companies a slap on the wrist after appalling hacks
No encryption. User data in plaintext. All user data stolen in a simple hack. No problem. The FTC doesn't care.
By Catalin Cimpanu for Zero Day | April 25, 2019 -- 22:32 GMT (15:32 PDT) | Topic: Security
The US Federal Trade Commission has agreed to settle two legal cases against two companies that suffered catastrophic hacks in 2016.
Both got the equivalent of a slap on the wrist, despite having appalling security measures, not using any type of encryption, and storing data in plaintext, which, in turn, allowed hackers to steal millions of user records from each.
-snip-
But the court documents also reveal details of ClixSense's hack that have not been made public before. According to court documents, hackers ran amok inside the company's network, accessing documents, email accounts, and credentials stored on employee laptops; changing employees' passwords; redirecting email notifications for multiple network and cloud accounts; and even changing DNS records to point the company's website to an adult-themed website.
Despite the company's obvious security failings and the damage done to consumers, the FTC has not come down hard on the company, which failed even at the most basic tasks of securing its infrastructure.
Per the settlement, the ClixSense and its CEO, James Grago, must not make false claims about the security and privacy of their service and must obtain independent biennial security assessments.
-snip-
Read more:
https://www.zdnet.com/article/ftc-gives-two-companies-a-slap-on-the-wrist-after-appalling-hacks/