(no title)
nowahe | 3 years ago
On July 27th, I received ~7 emails, about 10 minutes apart, warning me of a new device logging in my Plex account. It didn't correlate with any activity on my part, and the IPs were all over the place (for context I'm in France). Here is some of the IPs that were used :
- 191.101.41.35 (US)
- 185.199.103.40 (US)
- 103.43.200.58 (India)
- 2001:16a2:def3:200:40cf:530f:ff72:1747 (Saudi Arabia)
koheripbal|3 years ago
They will say "we have evidence that a subset of x/y/z data was accessed". You might think that means they have evidence that the other data wasn't accessed, but what it means is that they only currently have explicit indicators of certain data being accessed (such as a exported zip file that bad actors forgot to delete, or the log of one sql query, etc). It really means very little, and companies (internally) usually assume everything on the breached server was accessed, even if externally they only report on obvious breadcrumbs.
They also say "We detected access on xyz date and immediately worked to close the vulnerability". You might think this means that they know that this was they have evidence that this was the first access, but it only means this was the first obvious alert they noticed and responded to. There might be earlier accesses (even some they already know about).
They are intentionally vague to limit their legal liability. This is why laws must be passed to compel full disclosure.
Flollop|3 years ago
> all account passwords that could have been accessed were hashed and secured in accordance with best practices