- Chime Raises $750M in Funding by Fins Times.
- [Possibly targeted] IHG Platinum status with 5 nights in 90 days by FM.
- Hackers Reportedly Selling Data On 100M T-Mobile Users by PYMNTS.
- Red Ventures, The Biggest Digital Media Company You’ve Never Heard Of by NY Times via stillwaters23. Red Ventures owns TPG. Some interesting things;
- the “bounties” paid to Red Ventures for directing a consumer to a Chase Visa Sapphire Reserve credit card or an American Express Rose Gold card can range from $300 to $900 per card.
- some reporters at The Points Guy . . . have complained that the new owners have eroded the already rickety wall between the site’s service journalism and the credit card sales that fund it
Deals starting/expiring at the end of today or starting today (view the full deal calendar here):
- [CA, AZ & CO] $300 FirstBank Checking Bonus
- Chase Offers: Get 10% Back at Food Lion (Max $6 Back)
- American Express To Discontinue Concierge E-mail Service On 8/18/21
- [YMMV] IHG: Stay Two Nights & Get 3,000 Bonus Points (Can Be Done Twice)
Deals starting/expiring at end of tomorrow:
- None
Popular posts from yesterday:
“T-Mobile has been repeatedly targeted by SIM swappers, one researcher says, and the attackers are persistent. Sometimes, attackers will gain access to networks after repeatedly calling company employees – claiming to be from the company’s own technical support – to try to get them to download a remote access Trojan. Most of those attempts fail, but occasionally they work, the researcher says.”
“The likelihood this data will go fully public is pretty high,” the researcher says. “If a potential buyer wants this, all they need to do is wait.”
I would say that this is true of all phone companies. Some, like Verizon, have some account settings that you can use to protect against SIM swaps. I think agents are specifically trained about SIM/device swap, but that does not mean that there are not criminals who will specifically take jobs in phone companies as part of their criminal endeavors, or who partner with people in these phone companies to help them get into accounts of people they are targeting. It is up to the phone companies to prevent exploitation of the system even by their own employees.
Some companies do silly things like a give four digit security code to protect your account but then print it on your monthly bill. Somebody could take your bill from your mailbox and have your code, or when the agent on the phone then asks for your code you are revealing your code to an agent, who then could in theory call themself or share it and pretend to be you.
This is why I am not a fan of allowing account recovery by phone verification. Some e-mail systems allow people to access their account simply by a code sent to your phone even without knowing a single other piece of information.
Authenticator apps generally offer a higher level of protection than phone verification, but just have to make sure that your device is not compromised.
That being said, none of that account protection matters if the company does not adequately protect your information internally. I think the amount of people affected by data breaches each year is in the billions.
This year I contacted T-Mobile for internet service. I offered to prepay for the 12 months of service. They said that they would still need to do a credit check regardless if I prepay. I told them to go pound sand.
TPG took comments off the site because it can’t couldn’t win an argument when the other side is given an opportunity to make its case. Not everyone is a woke lgbtqa activist. Taking comments off has hurt the site.
I don’t care if the credit card income breaches the journalism wall. I care that most of the offers listed on their page aren’t great. The content is very basic. We get as much material every hour on boardingarea than we get in 2 days of TPG.
No one cares. The article isn’t even about TPG.
Good points. Sponsored content is becoming more and more common, so the readers have to be aware now more than ever when they are reading sponsored content like on TPG.
How do DoC readers feel about the way all this data gets handled? I’m not an expert on privacy, but it seems to me like every time one of us signs up for a credit card or a brokerage bonus, there’s just one more database with personal details out there waiting to be breached. But that’s assuming you weren’t already in the Experian batch or one of the dozen other incidents from the past couple years.
Do you guys take active privacy measures? Freeze/unfreeze credit reports, etc.? It seems like most people (including people in my personal life) live with an attitude of “they’ve all already got my details anyways, why should I bother.” How accurate do you think that assessment is or isn’t?
Opinions are all over the place, but mine may stem from a marketing background which would make anyone cynical in this topic, but from what I’ve experienced I’m firmly in the camp that our data is already exposed in so many places your head would spin if you knew how much was truly out there – even including those who take preventative measures or are full blown tin foil hats; so why not go all out if I can get some money/perks out of sharing what’s already exposed. Not only is this breach one of many, but these are just the ones we know about. And these are just breaches with companies that legally got the users’ data that was leaked – not data that many companies gain without permission or is resold. Most crime is not totally preventable but we still go in public – to me cyber-crime is no different. I’m not going to postpone my life online because a bad thing might happen, so I just ensure I use products that cover fraud. Sure, I’ve had to fight a couple credit report fixes and had to get reimbursed for fraud a couple times along the way, but I’m not about to never sign up for any card, service, or promo again because once in a while I’m slightly inconvenienced. It’s still a worthwhile hobby to me.
Very useful perspective, thank you!
At this point, almost everything about you is already permanently floating out there in the wild, and even if you do decide to go off the grid today there’s no (easy) way to reclaim what you’ve already given away. That doesn’t mean you shouldn’t still take basic infosec precautions, but you also don’t have to get in bed with every bank and brokerage that flashes signup/referral bonuses at you.
Also, ANYTHING is hackable. Some companies are more vulnerable than others, but incompetence often makes it easier.
Very interesting info on the TPG…we all know the gist of it but it’s interesting hearing the details
“The data includes information such as names and social security numbers; phone numbers and physical addresses; driver license details; and unique IMEI numbers, Motherboard reported.”
I can understand why T-Mobile has a customer’s name, address, phone number, and IMEI numbers. But… Driver’s license and social security numbers? I know they sometimes take this info to perform credit checks… But why the hell do they keep it? They need to be sued…
I wonder if this only affected their contract users. I do not think prepaid users have to provide all that information. Although obviously some of that information also applies to prepaid users. Sadly most of the time with data breaches like this the most they offer people is something like a year of identity theft protection. I do think your point is very valid and this world has become disgusting with its data harvesting/sharing practices to the point that companies value user data and the secondary revenue stream that it offers in some cases more than the user. I have even heard of stores like target using or exploring technology in their stores using their video camera system to track customers in their stores and build customer profiles using facial recognition that tracks your movement through the store, what items you look at, for how long, etc. When I first created a target account online and made a purchase, it imported something like 2+ years of in store purchase history onto my online account, and there was no option to remove this information. Crazy.
Oh, they will be sued. Get ready for a $2.25 settlement check. At least they slightly improved their security regarding the passcode. It used that be that anybody could call a t-mobile rep and hijack any t-mobile phone.
I don’t know how to get around the NYT paywall, but we enjoy even the smallest tidbit of news about TPG suffering.
Try this link: https://finance-commerce.com/2021/08/youve-never-heard-of-the-biggest-digital-media-company-in-america/
until chime proves they wont hold and lock funds out from people for normal transactions, i will not return to them.
IKR, crazy they’re valued this much given the way they handle themselves.