Canadian retailers servers storing 15 years of user data sold on Craigslist

Image: Wikimedia

Security researchers have discovered data on customers and employees of Canadian largest hardware retailers on servers that can be sold with Craigslist. The data of 15 years ago belongs to NCIX which is a PC retailer closed in December 2017 which applied for bankruptcy.

Private intense infringement seems to occur after retailers shut down stores last year and remove old server and employee workstations.

It is unknown how these servers were advertised to Craigslist, but we are doing that. Privacy Fly's Travis Doering found an advertisement for two servers in August.

In a month, Mr. Joe Ring met an Asian man in Richmond, British Columbia, and introduced himself as "Jeff".

Mr. Doering has shown from the beginning that he is interested in acquiring the data stored in these servers and is posted at 1,500 CAD (1,150 dollars) each.

Image: ZDNet

After several meetings, Mr. Doering said he found that vendors can access many of the NCIX servers and workstations that they first advertised to Craigslist.

Jeff claimed that he was unable to pay a bill of $ 150,000 CAD ($ 115,000) for storage space and that he could access old NCIX equipment by helping equipment owner . Warehouse for sale. None of this is backed by any source.

However, Mr. Doing has access to at least two servers that run Supermicro's StarWind iSCSI software, which NCIX used for backing up disks, 300 desktop computers, 18 DELD powered servers at NCIX stores and retail stores Said.

In addition, Mr. Jeff also allowed access to 109 hard drives removed from the server before the auction and large palettes of 400 to 500 hard drives from various manufacturers.

On various backup images and hard disks that Doering accessed during the meeting with Jeering, he found personal data such as identifier, invoice, photo, customer name, address, IP address, unlimited MD5 password.

He also found a database table containing 258,000 payment cards …

Hope you like the news Canadian retailers servers storing 15 years of user data sold on Craigslist. Stay Tuned For More Updates 🙂

Compsmag