All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
CloudAccess.net , Notifies that 13 days ago inadvertently disclosed client details to a 3rd party.
CloudAccess was compromised 13 days ago and client private details were stolen. They are only now informing their clients.
Their email;
On 9/14/18 a single log file within our systems has been inadvertently disclosed to a 3rd party. Unfortunately, the log file contained one or more of the following details from your account: name, address, email and/or phone number.
Due to the nature of this incident, we feel it’s unlikely that the data will be used for nefarious purposes. It’s also important to note that the log file DID NOT contain any sensitive info, like passwords, security codes or credit card details.
Our team has looked very closely at this incident and we have made the appropriate corrections to ensure your account is fully protected going forward. If you have any concerns, please give our team a call (231)421-7160 or reply to this email and we will gladly review the details with you.
Thank you for choosing CloudAccess.net
Comments
sounds more like a gdpr breach notification than a compromise?
They don't mention, compromise, hack, anything being stolen, it sounds more like they over shared something with someone?
Maybe they were trying to get support for an issue, and sent a log file extra or without sensitization?
I think you are right, I edited the topic title.
Hope so, if do, you do have the right to find out who it was passed too, then you have the right to contact the 3rd party and ask for it to be removed.
I've asked them to know, let's see what they reply.
Got a reply, they are actually treating it as a data breach and the 3rd party is unknown to them....
Time to edit the topic title?
yeah, time to start speculating whether this was a hack or an access control derp. If they are unsure on the third party, expect the worst. The OP almost felt like "hey, we had some support / service guys in who got root access from our own derp" Now it sounds like "third party breached us, no idea who, even though the entire (1) man team have been staring at /var/log/messages for the last 25 minutes"
I'm the OP. Actually my gut was that it had been a breach, but then after @AnthonySmith post I reread their email and it did sound like they mistakenly shared the file and so I edited the title there and then.
I took Anthony suggestion and asked for more info and that was when they clearly used the term Data Breach and that the 3rd party is unknown to them.
They actually provided more details out but I«'m weary to post them as I suspect it would be a fuck fest. I'm surprised no one posted on twitter....maybe eveyone is lazy like me and need Anthony to hint them into asking more details...
Using the term data breach doesn't necessarily make it any scarier.
If they're using GDPR language then a "personal data breach" is described as "a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed"
The "breach of security" doesn't need to be from an outside source, it can be an internal procedural thing i.e. protocol wasn't followed (or didn't exist...)
They admitted it was an external source, that exploited their system and go ahold of the data. They don't have the slightest idea of whom, just the how.