Hi folks,
I’ve been doing computer security for a looooong time, and not much scares me. But this does.
This week, I had occasion to visit London for a couple of days on biz. Trip went well, and Thursday morning, I fronted up to the hotel desk to check out.
To ensure I was ready to do my expense account paperwork, I asked the young lady for a fresh copy of my bill, and she said “I’m sorry sir… your card has been declined.”
Me: Blink, blink… “No… I just want a copy of my bill”
Her: “Your card has been declined, sir.”
Me: Pause… blink…”Declined?”
Her: “Yes sir. Do you have another card to use?”
Me: “But there’s lots of money on that card… could you retry it, please?”
Anyway, the conversation went on like that for a while, and eventually it became clear I’d have to call my bank, so I did. Of course, I had the usual struggle to get to speak to a human, but eventually someone explained that because I hadn’t told them I would be traveling, they had decided that the transactions were “Unusual” and had suspended the card, and I’d have to speak to the Fraud Department to un-suspend it.
Ok, so that’s a pain, but at least they’re looking out for me, so I answered all the questions… “Last four of social, please”… “What accounts do you have with us?”… “Mother’s maiden name?” etc.
Here’s the scary bit… The guy says, “And now, sir, just a couple more questions, please. This is from publically available information. What age-range would best describe this person?”, and he proceeded to ask me about my _daughter-in-law_.... Using her maiden name, and she’s been married for nine years!!!!!
Now I answered the question correctly, and they un-suspended the card. I paid the bill, and headed for the airport.
I had one question thundering through my mind.
How did the bank associate me with her??????????????????????
I _refuse_ to believe it was “publically available information”.
We have no connection on _any_ bank accounts, or legal documents.
She hasn’t used her maiden name for nine years. I’d have been less suspicious if they’d asked me about her married name.
She’s _not_ a big computer user.
The _only_ place we connect as far as I’m _aware_ is that she’s a friend on Facebook!!!!!!!!!!
Now, I’m not accusing Facebook of _anything_, but one wonders…. I can’t believe Facebook would sell our data, so … is someone “harvesting” it?
Not long ago, we found some Facebook apps that had been hacked, and were reaching to attack sites in Russia, and while investigating that, we found a site that looked very similar but wasn’t actually attacking. We’re not mentioning the name of this company, because we can’t yet figure out whether they’re good or bad, but they look really suspicious. Their webpage shows no “Contact us” details… just a crudely-drawn graphic. When we did a whois to see who they were, we found that the ownership was hidden behind Privacy Protector.
They had written a cancer support group application that had over 250k members. _All_ of these applications require a user to allow access to their profile, their contacts, and their pictures “In order to work”.
This means that 250k women had ponied up their details to an at-best shadowy organization, who doesn’t want us to know who they are. Googling for their name reveals that they make many “surveys” and game-type apps for many social media properties… not just Facebook.
I’m _not_ accusing Facebook of anything (I like Facebook) , but _someone_ other than the government, has a honking-great database on me. And that probably means that they have a similar amount of data on _you_, Dear Reader.
_Someone_ is _seriously_ invading our privacy.
L
Roger
