Facebook gets ripped off and pwnd!

[Graybeard]

Couldn't of happened to a nicer group of peeps
>>> Banking data for 29,000 Facebook employees, which was stored on unencrypted hard drives, was stolen by a thief from a payroll worker’s car, according to a Bloomberg report. The hard drives contained information on thousands of US workers who were employed by Facebook in 2018, including bank account numbers, employee names, the last four digits of their social security numbers, their salaries, bonuses, and equity details. Facebook notified its staff of the theft via email Friday morning.

Though the stolen drives didn’t contain any Facebook user data, the theft still raises questions about Facebook’s level of caution around personal data, which seems shockingly low considering its history of user privacy scandals. ...<<<

pwnd! What goes around comes around
A thief stole unencrypted hard drives filled with 29,000 Facebook employees’ information

 

[hacxx]

Share the pwn data link, i don't mind spreading the info online. lol

 

[Graybeard]

That wouldn't be legal would it? LMAO

 

[Jarolk]

Maybe they just sell them, and then play comedy? I’m just curious at times like these how their internal security system works? No way?

 

[Graybeard]

The *FaceBook Police* LOL more like the Keystone Cops

 

[azgold]

From that article:

“We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information,” a Facebook spokesperson shared in a statement to Bloomberg.

So, it's okay. Whew!

And if the thieves read the article, they now have a better understanding of what they have.

It’s not clear why the hard drives were being transported in the first place, as the employee wasn’t supposed to have taken them out of the office. It’s also horrifying that the hard drives storing personal information were unencrypted, especially given the amount of car theft in the Bay Area, where Facebook employees live and work. The spokesperson says Facebook has taken “appropriate disciplinary action.

Somebody taking work home maybe? Bet they got fired for Christmas.

 

[Graybeard]

Proof the FaceBook Bozo Bus is not just a rumor

 

[Binom Tracker]

Unencrypted! Guys! Unencrypted! In tech company, in 2019. Unencrypted, bloody hell

 

[azgold]

Unencrypted! Guys! Unencrypted! In tech company, in 2019. Unencrypted, bloody hell

I know. Unbelievable, right?!

 

[Graybeard]

Next stop on the Bozo Bus ...

 

[bruce bates]

The shocking thing to me is that others were shocked by this. I don't care what the business size nor niche - unless they are in security or crypto - the chances of anything being encrypted is fairly slim. I would bet 99% of all websites with a login don't encrypt anything except a password and they hope ssl secures the transport. They will take next to no measures outside of that whether its information inside a company, customer data or anything else. Its like being shocked equafax didn't have data encrypted.... its really not surprising.

 

[Graybeard]

I can see you have never worked with PCI-DSS servers doing financial transactions --I have.
We only used tokenized data Tokenization (data security) - Wikipedia
In today's environment, if you are deep pockets: you have use server side encryption at a minimum to mitigate the cost of a breach. The lawsuits and civil penalties can cost a lot.

But you are right --most people don't --until they wish they had ...