Oh, those old files left lying around on your server, Saturday edition
It turned out to be no huge deal (thankfully), but after an announcement on Twitter by @Compl3x1ty of a login dump involving a medical group’s site, DataBreaches.net attempted to contact the Lutheran Health Network to alert them that data from the St. Joseph Medical Group had been accessed and dumped.
The data dump indicated that an SQL injection had been used. There were 98 usernames, MD5 encrypted passwords, and email addresses dumped.
As is too often the case, attempts to notify the breached entity were frustrating and time-consuming:
- There was no phone number or e-mail address on stjoemedicalgroup.com that could be used to reach them to report a problem; and
- The phone number listed in their domain registry information was “not in service.”
DataBreaches.net wound up e-mailing the TECH email address from the domain registration information and hoping for the best.
Today, DataBreaches.net received a thank you e-mail from Lutheran Health Network’s webmaster with an explanation:
The data was a small subset of staff from several years ago. It looks like a small file sharing app had been created (prior to Dropbox etc!) and all these usernames and passwords were used for was to access non-patient related unsecured documents. It hasn’t been used in a long time.
I have removed all database tables and files associated with this site so that this problem cannot recur.
Again, thank you for your help.
So another one addressed.
And have you checked your site and domain registration recently to ensure that people have a way of readily contacting you to report a data security problem? Well, have you?
Update: The hack and data dump were first posted by @DeleteSec @DerpLaughing on February 14, 2015.