@PogoWasRight@infosec.exchange cover
@PogoWasRight@infosec.exchange avatar

PogoWasRight

@[email protected]

Blogger/journalist at databreaches.net and pogowasright.org. As a retired healthcare professional, breaches in the healthcare sector are my priority.

The header pic is Indy, a Siberian husky we rescued in 2016 after I read how nobody wanted her because she was so difficult. She is now living her best life and is a mushball with me.

This profile is from a federated server and may be incomplete. View on remote instance

@PogoWasRight@infosec.exchange avatar PogoWasRight , to random

NEW, by me, the one some of you have been asking about:

Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records

https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.

, , , ,

@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs

@PogoWasRight@infosec.exchange avatar PogoWasRight , to random

Heads up, folks:

Michael Kan reports that National Public Data is back under new owners: https://www.pcmag.com/news/site-behind-major-ssn-leak-returns-with-detailed-data-on-millions-how-to

Here is the direct link to their opt-out page instructions:
https://nationalpublicdata.com/optout.html

I had opted out previously after their humongous last year. When I checked my name now, it did not find my profile, so if you opted out before, you may still be opted out, but better safe than sorry: check and opt-out if needed.

PogoWasRight OP ,
@PogoWasRight@infosec.exchange avatar

@MissConstrue @mlanger I have been recommending credit freezes for years now. So has @briankrebs .

BUT: it doesn't prevent all new accounts from being opened up. It would only prevent those that require a credit report check. If a utility or retailer or whatever doesn't require a credit report check to open a new account, you can still be victimized. So you need to stay vigilant even with credit report freezes.

@PogoWasRight@infosec.exchange avatar PogoWasRight , to random

Are Scattered Spider and ShinyHunters one group or two? And who did France arrest?

It's been a wild weekend here trying to sort out the relationship between and . And then, to really blow my mind, I heard from the leader of ShinyHunters (or someone claiming to be him) and no, he's not in prison in France.

If I was trolled, it's absolutely an amazingly good troll. But see what you think.

https://databreaches.net/2025/08/03/are-scattered-spider-and-shinyhunters-one-group-or-two-and-who-did-france-arrest/

@lawrenceabrams @campuscodi
@zackwhittaker

@briankrebs@infosec.exchange avatar briankrebs , to random

Found a bald-faced hornet's nest near the house -- right in the middle of the garden. These things are about the most aggressive stinging insects I've come across. Our dog loves to bat at the bees when she's bored, no matter how many times I tell her to be nice and that she's going to regret it. I've never seen her get stung,, but they're also usually bumblebees or slower insects she's picking on. Last night, she picked a fight with a bald-faced hornet that stung her at least once and then stung me 3 times and somehow managed to still hang on to me while we both fled indoors. Then while we were frantically searching for this menace it sneaked up and stung me again in the neck. It took about 5 minutes to corner it and kill it.

After I squashed him I looked him up: They are apparently known for being aggressively defensive, swarming anything that gets too close, and they can sting over and over w/out losing their stinger or dying. I also read this little terrifying factoid: These things can recognize human faces and can send out pheromones to tell their fellow hornets who to attack. So now I'm wanted in my own front yard. It's like raptors own the yard or something.

I think it's time to call a professional. No way I'm going near that area again. I can't imagine the pain a whole bunch of those things could cause all at once.

PogoWasRight ,
@PogoWasRight@infosec.exchange avatar

@briankrebs First you get your fingers burned. Now you get stung.

Is the universe suggesting you stop reporting on cyber and start reporting on first aid or safety? Or maybe good reasons to increase life insurance?

Stay safe, fella!

@masek@infosec.exchange avatar masek , to random

Phone forensics

Usually law enforcement is very secretive about them analyzing the phones of suspects.

But a forensic lab in is extremely transparent about it. They put the dump of every phone on a public share. Everyone with Internet access can access those dumps.

While I am usually a proponent of government transparency, this takes it a bit too far even for my taste.

Every phone dump is one directory and some case names can be easily connected to crime & death headline news in the U.S.

So for one case I am pretty sure, that I can even say which Sheriff is responsible for that one of the investigations.

I sent that Sheriff an email, i sent him a text message and I even spoke on his voicebox. I even sent him the extraction report from Graykey.

It is really frustrating that I get no response at all. The leak is still open.

The security researcher that found the leak also tried some contacts but had as little success as I do.

I personally believe that this leaks even constitutes a federal crime. Some cases have names ending on CSAM. The security researcher stayed away from any of those and I did not access the files on that server at all.

So does anybody know someone within the that would give a shit about that. I am getting very tired.

PogoWasRight ,
@PogoWasRight@infosec.exchange avatar

@masek If the forensics lab does business in Montana, the Montana Attorney General's Office might get involved and call them ... and then sue them civilly if there are violations of Montana privacy laws and data breach notification laws.

If you have phone options, maybe call the Montana Attorney General's Office of Consumer Protection and ask to speak to one of the attorneys there. I've done that with other states in other leak situations and have found it helpful at times.

Montana doesn't even have its own FBI field office. The one in Salt Lake City covers all of Utah and Montana and Idaho.

PogoWasRight ,
@PogoWasRight@infosec.exchange avatar

@masek Understood. If the lab is doing forensic work on cases being prosecuted in Montana criminal cases, then the state's Attorney General might really care. Alternatively, if the cases are in federal court in Montana, maybe the U.S.A.O's office there would be appropriate. I really don't have any sense of what data the researcher found to figure out who I'd call if I had found it.

And because the U.S. really doesn't have a comprehensive privacy protection/ data protection law, the leak is probably not a federal crime at all -- even though we might want it to be viewed as such.

@briankrebs@infosec.exchange avatar briankrebs , to random

Managed to burn several layers of skin off both of my thumbs recently (through thick gloves while holding a very hot steam hose). It's been three weeks now that biometric (thumb) authentication for all my devices stopped recognizing my hamburger thumbs, which are so covered in crusty new and old layers of skin that texting feels like I've got cleats on my thumbs. Fun times.

PogoWasRight ,
@PogoWasRight@infosec.exchange avatar

@briankrebs OK, is this where you write a post with a headline that has "wake up call for..." in it?

J/K... wishing you a speedy and full recovery.

@PogoWasRight@infosec.exchange avatar PogoWasRight , to random

And here's another reminder of the insider threat if you don't investigate your employees' or consultants' backgrounds and claimed credentials carefully enough. @briankrebs has the story and how a number of criminal cases may now be appealed or overturned:

Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe:

https://krebsonsecurity.com/2025/04/cyber-forensic-expert-in-2000-cases-faces-fbi-probe/

@PogoWasRight@infosec.exchange avatar PogoWasRight , to random

Here's my post on the court injunction my site got hit with:

HCRG Care's lawyers claimed an injunction issued in a "private" hearing required us to remove two posts. We didn't comply.

HCRG Care was represented by the Pinsent Masons law firm in the UK in this matter. The injunction was issued by the High Court of Justice, King's Bench Division, Media and Communications List by the Honorable Mr. Justice Soole.

Pinsent Mason's attempt to get my web host to remove my posts also failed.

As always, I feel blessed to have the legal support of Covington and Burling's Kurt Wimmer Pro Media Freedom Initiative, which has represented my site pro bono for the last 16 years.

Read about the letter, the injunction, and why the High Court's over-reaching injunction endangers UK journalists and doesn't serve the public well.

https://databreaches.net/2025/03/05/hcrg-cares-lawyers-claimed-an-injunction-issued-in-a-private-hearing-required-us-to-remove-two-posts-we-didnt-comply/

Oh, and I'm not the only one ignoring the injunction. Medusa also got served with the injunction via tox chat, they tell me. And like other injunctions they have received, they are ignoring it. So what has HCRG really accomplished?

@zackwhittaker @campuscodi @lawrenceabrams @iainthomson
@amvinfe @lawfare @freedomofpress

@PogoWasRight@infosec.exchange avatar PogoWasRight , to random

Last Friday I received a letter from a U.K. law firm with an attached injunction. The law firm claimed I must remove two posts about their client.

That is not going to happen. I am not under the jurisdiction of the U.K. or the High Court of Justice. My lawyer informed them of that yesterday.

But DataBreaches.net might disappear tomorrow because the U.K. law firm sent the injunction to my domain registrar who, innocently believing them, informed me they will suspend my site if I don't remove the posts within 24 hours. I have replied to them but have not heard back.

So...

If my site is gone tomorrow, I will let you know where you can read a lot more about the injunction and how the injunction poses a serious risk of censorship in the U.K.

If my site is still online tomorrow, I will still let you know here where you can read about the over-reaching injunction obtained in a private hearing where no one represented journalists whose reporting was being censored.


@freedomofpress @campuscodi @zackwhittaker @aj_vicens @carlypage @iainthomson @amvinfe @lawfare @lawrenceabrams

@PogoWasRight@infosec.exchange avatar PogoWasRight , to random

In every generation, there have been people who stood up for inclusion while others spewed divisiveness.

Franklin debuted on Peanuts in a decade that saw civil rights protests, children hit with firehose for protesting, MLK assassinated, and so much more.... Remembering Charles Schulz:

TEXT: When Charles Schulz’s distributor pressured him to eliminate Franklin from “Peanuts” because he might offend pro-segregation Southerners he told him: “Either you print it just the way | draw it or | quit. How’s that?” Cartoon shows Franklin and Charlie Brown shaking hands. TEXT: INCLUSIVENESS IS WHAT MAKES AMERICA GREAT
ALT