The criminals responsible for the Medibank data breach have started releasing information they obtained in the hack on the dark web. But who are they?
which appears to be a euphemism for getting a password. It's quite extraordinary to think how 10million+ confidential datafiles depend on a single password. What happened to encryption?
Yes, this is certainly the case. It may just be a matter of getting two passwords, or two credentials instead of one, but with slack practices by the credentialled operatives, not necessarily any more difficult.The only trouble with encryption is... if I have the right credentials, it's useless.
Or a turncoat. Got an offer he... "couldn't refuse".
Nevertheless, the previously released data did include names connected with ailments and contact details, so whatever Medibank conjectures about the current release being "incomplete and hard to understand" may simply be seen as a challenge for hackers of the dark to make the connections. The uncertainty of the situation itself is enough to be considerably anxiety provoking for Medibank customers. I don't think it can be said that the saga has ended with this "final" release.In a statement this morning, Medibank said it was still analysing the information, but confirmed that the data released appeared to be data it believed the criminals had stolen. It said the release consisted of six zipped files but that much of the data is incomplete and hard to understand. It added that health claims data released today had not been joined with customer name and contact details. Medibank said the data stolen, by itself, should not be sufficient to enable identity and financial fraud against affected customers.