Skip to main content

Silicon Valley tech company says it was target of cyber breach

A Silicon Valley tech company backed by rapper Nas was hit by a security breach earlier this year that revealed it had been lax with users’ sensitive personal information, including bank account numbers, The Post has learned.

Earnin, which is also backed by tech investor Andreesen Horowitz, discovered in February that a third-party security firm had accessed customers’ bank transactions — including all their debit card purchases and payment statements going back for months, the company confirmed to The Post.

The incident prompted Earnin executives to shore up their security generally. They found major weaknesses, sources said. Prior to the breach, for example, the Palo Alto company kept customers’ unencrypted bank account and routing numbers, home and work addresses, phone ID numbers, and users’ GPS coordinates on an internal server, two ex-employees said.

The former employees said the data had been left unprotected because of a practice by Earnin’s developers to copy-and-paste customer information from a more secure server used for running the app into a less secure server used for testing it.

“It’s something in the water in San Francisco, the whole ‘move fast and break things’ mentality,” one ex-employee told The Post.

“On the account number and routing number, it is true that [they were] being stored in plain text,” the ex-staffer said.

“It was something we were intending to change, but I guess the thought process was that our system was secure enough that this was going to be all right.”

Earnin confirmed that a “white-hat,” or non-malicious, security firm had accessed the bank transactions data in February, It said it hired a cybersecurity firm to review the incident and has since taken corrective action.

“Since discovering the incident, Earnin has further strengthened its systems and procedures to prevent this from happening again,” an Earnin spokeswoman said.

The company also claims that no customer data was misused. “Following a comprehensive forensic review, the cybersecurity firm did not identify evidence of unauthorized changes,” the spokeswoman said.

The data was not downloaded or changed beyond what the security firm accessed, she added.

Earnin, run by CEO Ram Palaniappan, offers as much as $1,000 a pay cycle for users in cash advances — a financial product that’s being investigated by a group of 11 states, led by the New York Department of Financial Services, for potentially breaking state usury and payday lending laws.

The white-hat breach was discovered in February after an employee noticed an online post by the security firm referencing an easy-to-access server operated by Earnin, a former staffer said.

In the months that followed, Earnin executives scrambled to plug any remaining holes, internal documents show.

“I hope during Q2 we can get a plan as a company on best practice for protecting data and come to a shared definition of what ‘Protected data’ really means,” Charlie Sibbich, a senior software engineer at the company, wrote in a March 27 Slack message, about a month after the breach was discovered.

In a Slack message on March 8, Palaniappan asks his developers, “How many instances do we have that are open?”

Neither Sibbich nor Palaniappan returned requests for comment.

Nas announced his investment in Earnin in June, months after the breach.

He did not return a request for comment.

Credit: Source link

The post Silicon Valley tech company says it was target of cyber breach appeared first on Fox USA Live.



from Fox USA Live https://ift.tt/2YV1bDb
Labels:

Comments

Post a Comment

Popular

LPGA's most dominant player this season wins first major title

Jin Young Ko had dominated throughout the early season, only her second on the LPGA Tour. Third place or better in four of five events. No. 1 on the money list. Easily the best finisher on tour this year. Now, the 23-year-old South Korean can add a major championship to her lustrous resume. Playing... from latimes.com - Los Angeles Times http://www.latimes.com/sports/more/la-sp-ana-inspiration-round-4-20190407-story.html>
Post a Comment
Read more

Review: Animated ‘Chance’ takes on dog fighting with overly earnest yet well-intended spirit

The CG animated feature “Chance” is a well-intended but heavy-handed denunciation of the barbaric blood sport of dog fighting. The title character (voiced by Will Canon) is a dreamer of a pit bull, who believes in a canine god and a peaceful place where “Hatonas” (dogs) can live idyllic lives.... from latimes.com - Los Angeles Times http://www.latimes.com/entertainment/movies/la-et-mn-mini-chance-review-20190403-story.html>
Post a Comment
Read more

Convicted rapist killer strikes again after getting out of jail

A convicted rapist killer who strangled a teen in 1981 and was suspected of cutting out the eyes out of an earlier victim has been arrested on a new rape charge, six years after he got out of jail. Christopher “Crazy Chris” Aniades, 62, is being held on an attempted forcible rape charge after he allegedly attacked the victim, according to the city Department of Correction. He’s being held at the Eric. M Taylor Center in Queens on first degree attempted rape, according to the city Department of Correction website. His arrest on Aug. 2 was based on a warrant issued by the state’s Division of Parole. The NYPD and the state DOC said they couldn’t provide details on Aniades’ latest offense. Aniades, who was released on Aug. 20, 2013 after spending more than 30 years in jail, became a poster boy of the violent 1980s in New York, when homicides routinely reached 2,000 a year. He was sentenced to 25-years to life for abducting, raping and killing 19-year-old Doreen Vitale on Oct. 15 198...
Post a Comment
Read more