cross-posted from: https://discuss.tchncs.de/post/10692187

so, the company was Vastaamo. was because it got bankrupt after the breach, and GDPR violations.

the “hacker”(or rather cracker) was extradited from France to Finland.
you can read about how terrible the company’s security was here: https://tietosuoja.fi/en/-/administrative-fine-imposed-on-psychotherapy-centre-vastaamo-for-data-protection-violations

or watch mental outlaw’s video on the matter, or the Wikipedia article on the breach.

now there are several things that shouldn’t have happened (e.g.: don’t do these things on your main OS, have root access disabled, etc.), but I’ll leave that to you experts.

  • uis@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    9 months ago

    On one hand what the fuck just happeend, on the other hand it’s Finland, in Finland massmurderer will complain about lack of PS5 in prison and.

    Edit: nevermind, it was PS3

    • Cavemanfreak@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      9 months ago

      Dude, did you even read the (very short, obviously biased and sometimes factually incorrect) article you linked? Breivik is in Norway, not in Finland.

      • Urist@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        9 months ago

        Also, why the fuck should they not have access to ps3, books and such. Prison is about taking away one’s freedom, not about putting people in psychological or physical distress. In Norway we want convicts to be in a better state when they come out than when they got incarcerated (though Breivik will most likely never come out). Who wants to live next to a person who have been 20 years in solitary, I mean come on.

        • jkrtn@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          9 months ago

          If you’re not a bloodthirsty Calvinist predestination lover I don’t know if you would understand the American mindset at all.

  • baseless_discourse@mander.xyz
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    9 months ago

    While in the U.S., your mental health data are just on the market, waiting to be brought.

    https://www.ftc.gov/business-guidance/blog/2023/03/ftc-says-online-counseling-service-betterhelp-pushed-people-handing-over-health-information-broke

    In the good case, there will be a class action law suit, and every victim will get approximately 2 dollars back for all their health data sold; but only after giving more sensitive information to the company that distributes these two dollars.

    https://www.morrisbart.com/faqs/how-is-money-divided-in-a-class-action-lawsuit/

    What a fun time to be alive.

      • chiliedogg@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        9 months ago

        I firmly believe any service that advertises that much on YouTube and podcasts is evil.

        I’m waiting to hear about Hello Fresh’s child trafficking ring or whatever they’re up to.

    • rottingleaf@lemmy.zip
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      The main reason I’ve never done anything illegal online (not counting piracy) is that I’m confident I’ve been that stupid many times and will be if I do.

    • lemmesay@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      9 months ago

      you’re underestimating people’s capability to make such mistakes. remember silk road? the guy used the same username in two places, and gave his email id(which had his full name) in one of them.

    • haui@lemmy.giftedmc.com
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      Not saying its actually what happened but I would ask how he knew about the data.

      Statistically, it should have been a random port scan that got in but since he‘s from the same country, he‘s either professionally or privately connected I assume. He either worked there in IT function, visited as a patient, dated an employee, etc.

      So in other words, he‘s not a master hacker but probably stumbled across this. I had this with a webspace provider once were I could see all other customers folders when I used ssh instead of the web interface. I couldnt access them but I got a wiff of how stuff like this happens. 99.9% of their customers are inept at IT stuff so a mistake in ssh would never come up since customers wouldn’t use it and in that one case, they overlook it.

      So, this might have been his first hack ever and it probably took a long time til he even understood what he had in his hands. Thats why I dont do stuff like this, I‘m prone to such mistakes as well. Most elaborate scheme imaginable and cc it by mistake to someone I know.