back to article Popular UK mobile tech firm 51Degrees hacked

British mobile device detection company 51Degrees used by the likes of Unilever, T-Mobile, IBM, and Microsoft, has been hacked. The Reading-based company sells device detection allowing customers such as Hyundai, Deloitte, and Heineken to identify quickly a web site visitor's device. Founder James Rosewell says in a letter to …

Anonymous Coward

personal information is the aim

When will these hacked companies start to believe all personal information WAS taken, rather than believing none was taken? Even if they have read-logs if the hacker has full access those can simply be deleted, and if backed up then can also be deleted from the backups, thus all traces of access can be hidden. I think these kind of ignorant statements should add to their fines.

1
2
Silver badge

Re: personal information is the aim

I'd think you're right but in this case, it might have been a test. The target could be someone who uses their product and what better test than to hack the company that makes it?

0
0
Bronze badge

Re: personal information is the aim

just how do you delete an offline backup?

1
0

Re: personal information is the aim

How do you make an offline backup in real time?

2
0
Silver badge

Re: personal information is the aim

"Even if they have read-logs if the hacker has full access those can simply be deleted,"

Not if the logs are written to a separate system. The "syslog" service can use a remote log server, which can use a completely different set of credentials and live behind its own firewall; this would prevent a hacker who gains super-user privileges on a given system from deleting the logs (they'd need similar access to the log server).

1
0

Re: personal information is the aim

The traffic information is also a big worry for these companies as it is reported back to 51Degrees by default, something DeviceAtlas does not do. (disclosure: I work for DeviceAtlas).

0
0
Bronze badge

Re: personal information is the aim

Not all hacks result in total ownership of the web server, nor does it mean you have root/admin access. Since details haven't been provided, it's hard to say exactly what privileges the infiltrator had. Also what sort of front/back end configuration and security was in place and what applications were available along with those credentials. Again, just because you pop a web server, doesn't mean you'll have credentials to go hog wild on an enterprise.

Logs are likely sent to a syslog server making investigation quite a bit easier to follow tracks, and a lot more difficult for a hacker to make changes to.

0
0
Silver badge

Is this the ultimate "first world" problem?

51Degrees ensures your customer's screen size doesn't get in the way of your brand conversations

1
0
Anonymous Coward

Cybercrime Action Fraud Unit

Is an epic name for a Japanese anime or a Hipster Indie band.

1
0

At least these guys are being honest and transparent so people can take necessary precautions. A lot of companies don't bother to tell people until suddenly they have no choice! Hopefully it helps raise more awareness that all sized companies, not just the big ones are at risk of being targeted.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017