NewsPC & Computers

NCIX Database Servers Containing Unencrypted User Data Cause Yet Another Data Breach

by Winston0311

This news has been around for sometime now … but it still seem to surface as more revelations appear. 

As if the Newegg data breach reported yesterday was not enough, NCIX decided to haunt everyone from the grave when news of a much larger data breach came out today. Readers of our website may have been aware that NCIX declared bankruptcy last December, and all their assets were put up for sale as part of a multi-day auction by the Able Auctions firm earlier this year. Most of the items on sale were innocuous, including remaining PC DIY components and office supplies, but an investigation coming out of Privacy Fly, a cyber security firm from Canada, is showing that something much more sinister ended up in the hands of people who also knew what they were doing. In particular, an unidentified male who called himself “Jeff”, acting either independently or on behalf of another company, had procured the entire NCIX server farm at the auction and then sorted through the data to determine what was “useful” and what was not.

 

By this, he was referring to unencrypted and/or easily-cracked user data stored on the servers that NCIX had not bothered to remove or put behind a stronger password as the contents were laid bare for Privacy Fly to examine after the server was unlocked. These servers were put up for sale for $1500 (CAD) on Craigslist of all places, in a bold move effectively selling user data by the tens of thousands. “Jeff” confirmed he was in possession of hundreds of desktops, hard drives and more servers which, along with the StarWind iSCSI Software that was included in the auction and used by NCIX for all their years of existence meant every single customer and former employee was exposed by the breach. To be more specific, we are talking about financial records including payroll information, residence and email addresses, payment information and even Canadian SIN numbers all available to be seen and purchased by the lot. Be it the fault of NCIX or Able Auction, knowing that unencrypted data servers were sold without being wiped is terrifying, and we recommend taking appropriate actions as deemed for your country of residence.

Source: Privacy Fly via TPU

 

Winston has over 25 years of experience in the I.T. Industry. He launched Funky Kit with the aim to capture a wider audience worldwide. His knowledge in PC hardware is very distinguished, not only publishing enjoyable reviews but also writing great articles.

Related posts

Razer Huntsman V3 Pro Line With Analog Optical Switches Gen-2 Unleashes Precision

Eddie Chim

EK Rolls Out Direct Die Ryzen Edition Water Blocks for AM5 Platform

Eddie Chim

Turtle Beach Unveils New Gaming Headsets, Keyboards, and Mice Launching May 2024

Richard Aizlewood

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More