IIRC he had some kind of insurance file against that, I think there used to be some encrypted file you could download from Wikileaks and if he died the password would be released.
No idea what it was (if anything, it could have just been a bluff of course) but it seems to have had the desired effect so far.
No worries!
I’m not OP but running it through Wayback Machine worked for me: https://web.archive.org/web/20240612133701/https://www.404media.co/hacker-accesses-internal-tile-tool-that-provides-location-data-to-cops/
If not here’s the text of the article (but the link has a bunch of images too that might be useful):
A hacker has gained access to internal tools used by the location tracking company Tile, including one that processes location data requests for law enforcement, and stolen a large amount of customer data, such as their names, physical addresses, email addresses, and phone numbers, according to samples of the data and screenshots of the tools obtained by 404 Media.
The stolen data itself does not include the location of Tile devices, which are small pieces of hardware users attach to their keys or other items to monitor remotely. But it is still a significant breach that shows how tools intended for internal use by company workers can be accessed and then leveraged by hackers to collect sensitive data en masse. It also shows that this type of company, one which tracks peoples’ locations, can become a target for hackers.
“Basically I had access to everything,” the hacker told 404 Media in an online chat. The hacker says they also demanded payment from Tile but did not receive a response.
Tile sells various tracking devices which can be located through Tile’s accompanying app. Life360, another location data focused company, acquired Tile in November 2021.
The hacker says they obtained login credentials for a Tile system that they believe belonged to a former Tile employee. One tool specifically says it can be used to “initiate data access, location, or law enforcement requests.” Users can then lookup Tile customers by their phone number or another identifier, according to a screenshot of the tool.
A drop down menu which is selected in the screenshot tells users to select a request type: “DATA_ACCESS,” “LOCATION_HISTORY,” and “LAW_ENFORCEMENT.”
Hackers in recent years have repeatedly targeted tools used by tech companies to provide data to law enforcement or ones that are otherwise used by the company’s own staff to manage and access data. Sometimes, the hackers gain access to the tool itself, like when one used an internal Twitter system to take over accounts. In another case, a fraudster bribed an insider at Roblox to use that company’s tools for malicious purposes. Some hackers have even taken to installing malware inside U.S. telecoms so they can remotely control internal employee tools themselves.
Hackers also compromise email accounts used by police or other government officials, and then use those to demand sensitive data from tech companies and platforms by posing as the respective law enforcement officer. Targeted companies include Facebook, TikTok, and Apple.
Some of the other internal tools the hacker provided screenshots of include those for transferring Tile ownership from one email address to another; one for creating administrative users; and one for sending a push notification to Tile users. The hacker says they decided not to use this capability.
The hacker says they then accessed another system used by Tile which contained the customer data. The samples the hacker gave to 404 Media included names, addresses, phone numbers, as well as order and returns information and details on the payment method used.
From here, the hacker said they scraped the data. “I was able to enumerate through customer ids. Sent millions of requests to scrape the data.”
404 Media verified the data by randomly selecting a series of email addresses from the data, and then using them to create new accounts on Tile’s website. In most cases this was not possible because the email address was already in use by an existing customer. 404 Media also contacted multiple people inside the data via email.
“Yep, that would be me,” one person said when 404 Media sent all of the data related to their account.
Tile told 404 Media in a statement “Recently, an extortionist contacted us, claiming to have used compromised Tile admin credentials to access a Tile system and customer data. We promptly initiated an investigation into the potential incident. Our investigation detected that certain admin credentials were used by an unauthorized party to access a Tile customer support platform, but not our Tile service platform. The Tile customer support platform contains limited customer information, such as names, addresses, email addresses, phone numbers, and Tile device identification numbers. It does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers.”
“We disabled the credentials and took swift action designed to prevent any future unauthorized access to the Tile customer support platform and associated Tile customer data. At this time, we are confident there is no continued unauthorized access to the Tile customer support platform,” the statement continued.
Tile suggested in its statement that it was not aware of what data had been taken until 404 Media shared samples of the data for more verification. “Once you supplied us with additional data, we investigated further and determined that it is likely data from the impacted Tile customer support platform. We thank you for bringing this new information to our attention,” it read.
Tile also published a version of this statement on its website, but only after 404 Media contacted the company for comment and proved to it that the stolen data was accurate.
Tile did not respond directly when asked if the hacker had the required access to perform a location data request.
“This is a major breach,” the hacker said. But “it could have been much more major.”
Same here, I work in the arts and can’t code a thing, but I use Arch (btw) as my daily driver.
That worked for banking, thanks!
Oh yeah I know. It’s just one of those money/time things I’ll get around to eventually.
Same here, I have an old Pixel 4a that still gets security updates from GrapheneOS. Banking apps and Amazon don’t seem to like it, but I don’t mind just doing those on my laptop anyway.
I’m on my second Lenovo in a row, they seem to be really good for Linux. Actually the previous one did get a drink dumped on it too, and it didn’t phase it at all. The 5 key is a little sticky sometimes but otherwise works fine.
I might be tempted to get a Framework for my next one though, if I can get the cash together for a 16.
Yeah that’s what I do. I use filen because it’s nice and easy to use and I got in early and got a good deal on a lifetime plan (actually two because you could stack them at the time, I dunno if you still can), but yeah I encrypt everything locally first before I upload it so it doesn’t really matter if it gets stolen or whatever.
If you do that then I don’t think it really matters especially where you put it.
Including George W. Bush’s grandad:
Bush was a founder and one of seven directors (including W. Averell Harriman) of the Union Banking Corporation (holding a single share out of 4,000 as a director), an investment bank that operated as a clearing house for many assets and enterprises held by German steel magnate Fritz Thyssen, an early supporter and financier of the Nazi Party. In July 1942, the bank was suspected of holding gold on behalf of Nazi leaders. A subsequent government investigation disproved those allegations but confirmed the Thyssens’ control, and in October 1942 the United States seized the bank under the Trading with the Enemy Act and held the assets for the duration of World War II.
Looks like they need an account, and it’s a paid feature.
Only premium users, including members of paid organizations (Families, Teams, or Enterprise) can designate trusted emergency contacts, however anyone with a Bitwarden account can be designated as a trusted emergency contact.
Well he was about 60 years old at the time, so he’d probably know.
Assuming they don’t win, is there any contingency in place to preserve all their data? I don’t know how exactly because I assume there’s an absolute fuckton of it, but it would be such a shame if all of that was lost forever.
I’d love to see it become like the Pirate Bay, where they squish one and ten more pop up to replace it, but I don’t know if that’s even possible.
I know historically if you scanned a bank note into Photoshop it’d give you a popup window telling you off lol
As a European, I’d say it is very much in America’s MO to come into a conflict all guns blazing and with lots of bluster, then get caught in a quagmire for an absurdly long time, then eventually randomly declare that they’ve won and just bail, with very little regard for whoever’s left still fighting who isn’t American.
It seems to happen with them pretty regularly, and for an example it was only about three years ago that they hurriedly pulled out of Afghanistan and abandoned the local translators to their fates with the Taliban.
With regards to Russia encroaching into Europe, could we be 100% certain that Trump won’t win the next election and start throwing favours to Putin? I’d say it’s certainly a possibility.
Mine was/is/will be:
Windows
Some ancient version of Corel Linux that came on a CD that was free with a magazine that I could never get to work properly
Some version of SUSE that I bought from a computer store impulsively, that also never worked properly
Ubuntu 6.something that finally worked!
Several more years of Ubuntu, gradually drifting over to Kubuntu/KDE Neon as I realised I liked KDE more than GNOME/Unity
Manjaro as an awkward transitional phase to becoming an Arch person
A split between full Arch (btw) for my laptop which is the tinkering machine that I’m allowed to break, and Pop!OS on the desktop, which is the one other people use that has to actually work all the time
The distant call of NixOS, which I’m currently fiddling with in a VM and is trying to tempt me into nuking my laptop once again.
It’s an older interview, but I like to bring this up whenever Kaspersky comes up as a topic:
If you had the power to change up to three things in the world today that are related to IT security, what would they be?
Internet design–that’s enough.
That’s it? What’s wrong with the design of the Internet?
There’s anonymity. Everyone should and must have an identification, or Internet passport. The Internet was designed not for public use, but for American scientists and the U.S. military. That was just a limited group of people–hundreds, or maybe thousands. Then it was introduced to the public and it was wrong…to introduce it in the same way.
As a sidenote, you can get around the VPN block with Redlib by just adding safe- to the start of most reddit URLs. So like instead of reddit.com/r/linux or whatever you can do safereddit.com/r/linux and it should work without needing a login.
On the stream of the debate I was watching, when they took a break they showed clips from previous debates and the difference was kind of mind-blowing.
I honestly kind of think that even a mid-level candidate who didn’t make it like Romney or Kerry probably could have mopped the floor with either one of them.
Also as a side note, how lucky is Donald Trump? Just a whole life of being handed infinite money no matter how many times he fucked up a business, a bewildering assortment of crimes with essentially no hard consequences, and two presidential runs against pretty much the only two people he has any chance of beating in a debate.
He’s had a life of almost non-stop softballs. It’s kind of wild really.