Page 1 of 1

NCIX data breech

Posted: Sat Sep 22, 2018 9:13 am
by IskatuMesk
HKS brought up something that is worth being posted here since a fair number of us have used NCIX when it was still in business.

The tl;dr of it is that NCIX was our primary source for computer hardware in Canada for years until they went bankrupt. All of their data was stored unencrypted and has been sold by Chinese over the internet (and physically) for chump change because of colossal, typical Canadian mismanagement. By all of the data I mean everything - credit cards, financial, invoices, etc.

The juiciest details from that article,
The nciwww file contained 291 tables from their NCIX US store and had multiple versions of the file with data going back to 2007. The version I spent time analyzing was dated between November 2013 to February 2015. All the various versions of the MDF database files had been unencrypted with the last file being dated in 2017 for most of the databases. The nciwww database contained a thousand records from affiliates listing plain text passwords, addresses, names, and some financial data. In another table of information, I found customer service inquiries including messages and contact information. There were also three hundred eighty-five thousand names, serial numbers with dates of purchase, addresses, company names, email addresses, phone numbers, IP addresses and unsalted MD5 hashed passwords. The database also contained full credit card payment details in plain text for two hundred and fifty-eight thousand users between various tables.
Jeff had already copied the data from those drives to a network storage device and allowed the buyers remote access. The data on those drives contained thirteen terabytes of SQL databases and various VHD and Xen server backup files. I cringed at the thought of that data being sold once, as it was dangerous enough when during further conversation Jeff mentioned at least five other buyers. Jeff described one as a completing retailer while the other three Jeff claimed to “Not Want to Know” their intentions or business.

Given the issues my grandmother has had the last few weeks it really makes me wonder what kind of damage could come as a result of this. Thankfully most of my information has since changed, and I don't "exist" anywhere that the old information could really be used, but the less information China has available about me the better. Sadly, it's a little too late for that. If you used NCIX expect every Chung and Chang to possess your full financial information, address, etc. from 2017 and back.

Re: NCIX data breech

Posted: Sat Sep 22, 2018 2:43 pm
by UntamedLoli

It's especially bad news for the employees because of the amount of information you need to hand over to be considered legally employed.

Re: NCIX data breech

Posted: Sat Sep 22, 2018 3:21 pm
by IskatuMesk
did you see the time I posted this

did you really think I was going to be mentally active at that time