cross-posted from: https://discuss.tchncs.de/post/10692187

so, the company was Vastaamo. was because it got bankrupt after the breach, and GDPR violations.

the “hacker”(or rather cracker) was extradited from France to Finland.
you can read about how terrible the company’s security was here: https://tietosuoja.fi/en/-/administrative-fine-imposed-on-psychotherapy-centre-vastaamo-for-data-protection-violations

or watch mental outlaw’s video on the matter, or the Wikipedia article on the breach.

now there are several things that shouldn’t have happened (e.g.: don’t do these things on your main OS, have root access disabled, etc.), but I’ll leave that to you experts.

    • lemmesay@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      114
      ·
      edit-2
      9 months ago

      you’re underestimating people’s capability to make such mistakes. remember silk road? the guy used the same username in two places, and gave his email id(which had his full name) in one of them.

        • lemmesay@discuss.tchncs.deOP
          link
          fedilink
          English
          arrow-up
          57
          ·
          9 months ago

          it was late 2000s(he was arrested in 2013, before snowden leaks). and the guy wasn’t a “hacker”. he created the website where stuff(both legal and illegal) was sold. so, you have to keep that perspective in mind.

          • THE MASTERMIND@feddit.ch
            link
            fedilink
            arrow-up
            8
            ·
            edit-2
            9 months ago

            Oh yeah i remember that guy i i thought you were talking about someone else. And in my opinion they should just free him he has done more time that he should have to whie other bigger criminals than him with money are running around free . But still it was a very noob mistake of course unless he did it delibretly because he didn’t care about anonymity.

    • haui@lemmy.giftedmc.com
      link
      fedilink
      arrow-up
      22
      ·
      9 months ago

      Not saying its actually what happened but I would ask how he knew about the data.

      Statistically, it should have been a random port scan that got in but since he‘s from the same country, he‘s either professionally or privately connected I assume. He either worked there in IT function, visited as a patient, dated an employee, etc.

      So in other words, he‘s not a master hacker but probably stumbled across this. I had this with a webspace provider once were I could see all other customers folders when I used ssh instead of the web interface. I couldnt access them but I got a wiff of how stuff like this happens. 99.9% of their customers are inept at IT stuff so a mistake in ssh would never come up since customers wouldn’t use it and in that one case, they overlook it.

      So, this might have been his first hack ever and it probably took a long time til he even understood what he had in his hands. Thats why I dont do stuff like this, I‘m prone to such mistakes as well. Most elaborate scheme imaginable and cc it by mistake to someone I know.

      • bamboo
        link
        fedilink
        English
        arrow-up
        10
        ·
        9 months ago

        I just was reading Wikipedia and it said he was arrested previously for hacking.

        In 2015, when he was still a teenager, a Finnish court found Kivimäki guilty of more than 50,000 aggravated computer break-ins. Among other targets, he attacked large educational institutions in the US, hijacking emails, stealing credit card details and blocking site traffic.

        Kivimäki received a two year suspended sentence for those charges.

        https://yle.fi/a/3-12669196

        You’re probably right he had some connection and stumbled onto the data, but this wasn’t his first rodeo.

        • haui@lemmy.giftedmc.com
          link
          fedilink
          arrow-up
          5
          ·
          9 months ago

          Thanks for pointing it out. This makes it even more embarassing that he made a mistake like this. But I can still see how it could happen.

    • olutukko@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      9 months ago

      Oh you wish. It was huge news, a shit ton of people.got their information and social security numbers leaked in plain text