MESO-Rx

Anabolic Steroids

Janoshik.com - Customer Data Security Incident

janoshik

janoshik

Member
10+ Year Member
Announcement:

We detected unauthorized access on Feb 2, took affected services offline to contain it, patched the entry point, and restored service early Feb 3. Later we found out the attacker copied database data and later attempted extortion.

What did not happen: we have no evidence of customer funds being stolen and no evidence that email inboxes were accessed (no evidence emails were stolen/read).

The main practical risk is phishing/impersonation using stolen order/report/shipping details. Please don’t engage with extortion messages.

We’ll post updates on leak.janoshik.com. If you receive anything suspicious referencing Janoshik, forward it to dedicated email security@janoshik.com
 
janoshik said:
Announcement:

We detected unauthorized access on Feb 2, took affected services offline to contain it, patched the entry point, and restored service early Feb 3. Later we found out the attacker copied database data and later attempted extortion.

What did not happen: we have no evidence of customer funds being stolen and no evidence that email inboxes were accessed (no evidence emails were stolen/read).

The main practical risk is phishing/impersonation using stolen order/report/shipping details. Please don’t engage with extortion messages.

We’ll post updates on leak.janoshik.com. If you receive anything suspicious referencing Janoshik, forward it to dedicated email security@janoshik.com
Click to expand...
what portion of users had their data exposed? Was the database of all users from all time? Recent? Some other tranche of users? Looked at the FAQ and didn’t see this covered
 
I remember when PPL had their "breach" due to their reshipper doing "demographic studies" on their customer database. Yea... anyway, I got a few of those extortive emails threatening to reveal my information to local authorities. Cool story, bro. Ignored it. Nothing ever happened.
 
SpicyMeatball said:
what portion of users had their data exposed? Was the database of all users from all time? Recent? Some other tranche of users? Looked at the FAQ and didn’t see this covered
Click to expand...
Last 30 months.

Which is the length of time we deemed the information to be necessary to keep for forensic purposes, eg. later evaluations of data, such as just above in this thread.

Will add to to FAQ.

Thank you.
 
nullandvoid said:
I remember when PPL had their "breach" due to their reshipper doing "demographic studies" on their customer database. Yea... anyway, I got a few of those extortive emails threatening to reveal my information to local authorities. Cool story, bro. Ignored it. Nothing ever happened.
Click to expand...
We are in better situation due to the fact we're not selling illicit goods and sending in samples is not illegal.

Even if it was, LE can't really act upon illegally obtained information. I think our lawyer called it fruit of the poisonous tree.

Anyway, we prefer to inform our clients earlier rather than after that starts happening.
 
janoshik said:
Last 30 months.

Which is the length of time we deemed the information to be necessary to keep for forensic purposes, eg. later evaluations of data, such as just above in this thread.

Will add to to FAQ.

Thank you.
Click to expand...

Not to be rude but just to clarify, the raw IP logs were kept on a server facing the internet for 30 months!?

This is the field I work in and can guarantee that while I'm sure that was convenient, this is far from the norm and extremely insecure, unless you're in a few very select fields.

I'm 90% sure this is also a GDPR violation. I appreciate your services but this is sloppy.
 
janoshik said:
We are in better situation due to the fact we're not selling illicit goods and sending in samples is not illegal.

Even if it was, LE can't really act upon illegally obtained information. I think our lawyer called it fruit of the poisonous tree.

Anyway, we prefer to inform our clients earlier rather than after that starts happening.
Click to expand...

What exactly is compromised?
(1) Tracking numbers of packs
(2) Tests order for those packs and results
(3) Linked to payment details?
 
gainslol said:
Not to be rude but just to clarify, the raw IP logs were kept on a server facing the internet for 30 months!?

This is the field I work in and can guarantee that while I'm sure that was convenient, this is far from the norm and extremely insecure, unless you're in a few very select fields.

I'm 90% sure this is also a GDPR violation. I appreciate your services but this is sloppy.
Click to expand...
We log only first access to report, nothing else. We do not have any extensive logging policy.

This is a single piece of information in regard to IPs that we save because we are daily dealing with issues:
1) clients claiming they never received reports
2) clients getting their emails deleted before they receive results and results sent to a non-existent email
3) report loading issues
And a couple more this helps to sort out.

With there being a dozen people dealing with customer support, oftentimes from home office, it has to be connected online somehow.

Regarding GDPR, it is not a violation, as per Article 6 (1)f the above are legitimate interest.

Regarding the need to store it for that long - indeed, it is not necessary and it is a bad choice.

We didn't have a policy on how long we keep each dataset until now.

Naturally, we're rethinking a whole lot of stuff.
 
Last edited:
You must log in or register to reply here.

Similar threads

M
Janoshik hacked
Replies
2
Views
201
MuscularMD
M
trynagains
Suggestions from a Security Guy
Replies
0
Views
383
trynagains
trynagains
dinfar1337
What is Palantir, and how do we avoid getting spied on
4 5 6
Replies
102
Views
4K
sudo
sudo
STERO.BIZ
Stero.biz - Fast, Secure delivery for EU,UK,CH
20 21 22
Replies
426
Views
49K
Jin23
Jin23
FUYAO
FUYAO Peptides: Best quality and prices
5 6 7
Replies
125
Views
14K
MyNameIsJeff
MyNameIsJeff

Sponsors

Latest posts

Back
Top