Details from the FTC’s investigation into a breach of InfoTrax Systems servers have been released and it does not paint a pretty picture for the service provider. The FTC was investigating claims that InfoTrax failed to properly secure the servers housing customer data which led to an attacker having unrestricted access for two years completely undetected. The attacker first gained access to InfoTrax’s servers in May of 2014 and accessed servers at least 17 times before the breach was discovered in March of 2016. The FTC’s report indicates that while stealing data from InfoTrax’s servers, the hacker created an archive of stolen data. That archive of stolen data grew so large over the two years that the attacker had access, it ran out of disk space. The stolen data affected approximately one million user records from InfoTrax’s customer base. This theft was made easier by the fact that InfoTrax housed customer data in cleartext including Social Security numbers, payment card data, bank account information, usernames, and passwords.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased