Products > Test Equipment
Data breach of TEquipment.net (+other) customer data (Eye4Fraud data breach)
(1/2) > >>
asnth:
It seems the unique email address I used for a tequipment.net order in Jan 2020 was caught up in a Jan 2023 data breach at Eye4Fraud (a fraud prevention service used by TEquipment.net, aka Interworld Highway, LLC).

Neither TEquipment.net nor Eye4Fraud have notified me about this breach.


--- Quote from: https://haveibeenpwned.com/PwnedWebsites#Eye4Fraud --- Eye4Fraud

In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was listed for sale on a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147 tables totalling 65GB and included both direct users of the service and what appears to be individuals who'd placed orders on other services that implemented Eye4Fraud to protect their sales. The data included names and bcrypt password hashes for users, and names, phone numbers, physical addresses and partial credit card data (card type and last 4 digits) for orders placed using the service. Eye4Fraud did not respond to multiple attempts to report the incident.

Breach date: 25 January 2023
Date added to HIBP: 6 March 2023
Compromised accounts: 16,000,591
Compromised data: Email addresses, IP addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses
--- End quote ---

List of sites/companies caught up in this breach: https://gist.github.com/troyhunt/e7c20fe9e970a2a928299760b11ed381 (I assume TEquipment.net are here as "Interworldhighway")
Early announcements of Eye4Fraud breach(es!): https://twitter.com/FalconFeedsio/status/1622838659689988098 (https://archive.md/5szVA)
You can use Troy Hunt's excellent website to see if your email is in the list: https://haveibeenpwned.com/

Pretty disappointing that this chunk of my data was being held (well.. grossly mismanaged..) by a third party 3 years after the transaction. I would hope that TEquipment.net have since cut ties with Eye4Fraud.

I'm appalled at TEquipment.net's mishandling of my data, since ultimately that responsibility resides with them.
kmo12345:
Google One has a service where they monitor the dark web for your personal information and they just sent me a notice about this.

I shopped at TEquipment for work purposes and found my company email, two previous credit cards, and my work address listed in the Eye4Fraud breach. Both previous credit cards have been compromised and based on the timing I can now confirm the credit cards were compromised after being used for purchases on TEquipment. What a disappointment...

have i been pwned is good but it can only search for emails. The Google service monitors phone numbers, addresses, etc

What is especially nasty about this breach is that many people use their phone numbers as an account reset method. I have now removed my mobile phone as a recovery number for as many online accounts as possible.
jonpaul:
"You have no privacy anyway..GET OVER IT!"

Scott mcnealley, CEO Sun Microsystems, 1999

Jon
thm_w:

--- Quote from: kmo12345 on September 29, 2023, 08:25:00 am ---I shopped at TEquipment for work purposes and found my company email, two previous credit cards, and my work address listed in the Eye4Fraud breach. Both previous credit cards have been compromised and based on the timing I can now confirm the credit cards were compromised after being used for purchases on TEquipment. What a disappointment...
--- End quote ---

That shouldn't be possible based on the information given in the link:
" The data included names and bcrypt password hashes for users, and names, phone numbers, physical addresses and partial credit card data (card type and last 4 digits) for orders placed using the service. "

But maybe something else was up.
chicken:
I just received an “order confirmation” with suspect PDF attachment to the email address I exclusively use for my account at Tequipment. The email text also included my full name.

So this breach is real. And shame on Tequipment for lack of disclosure.

Navigation
Message Index
Next page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod