back to article Budget hotel chain, UK political party, Monzo Bank, Patreon caught in Typeform database hack

More entities affected by the computer security breach at web form and survey company Typeform have come forward, including budget hotel chain Travelodge and UK political party the Liberal Democrats. The survey-as-a-service biz discovered on 27 June that an intruder had accessed files from a "partial backup" dated 3 May …

  1. Roger Greenwood

    Dates of birth

    I have several of these. 1/1/70 being a favourite.

    1. Anonymous Coward
      Anonymous Coward

      Re: Dates of birth

      That got me wondering whether someone has ever crashed or exploited a system solely by use of the date field- or rather, by how it would be converted into a timestamp. (#)

      If nothing else, there must be the potential for overflow in there somewhere; for example, you might not be allowed a future date, but perhaps Little Bobby Tables is older than he looks and was born some time before 1901...

      (#) Pretty sure *someone* must have at some point, I'm just to lazy^w busy to look it up just now.

      1. Dan 55 Silver badge

        Re: Dates of birth

        You could set that very date on an iPhone 5 or something and it would get stuck in a boot loop.

    2. CraPo

      Re: Dates of birth

      I favour 1/4/69

      1. Anonymous Coward
        Anonymous Coward

        Re: Dates of birth @ CraPo

        > I favour 1/4/69

        You must be very flexible.

      2. DwarfPants

        Re: Dates of birth

        Surely you need 2/4/69

      3. Anonymous Coward
        Anonymous Coward

        Re: Dates of birth

        1/3/37

        Or for the younger option -

        2/4/71

    3. ibmalone Silver badge

      Re: Dates of birth

      Why some companies think they need your date of birth to sell you mince pies remains a mystery. Then again, why knowing it is regarded as proof of somebody's identity when most people's can easily be found through social media is possibly an even greater mystery.

      1. VinceH Silver badge

        Re: Dates of birth

        "Why some companies think they need your date of birth to sell you mince pies remains a mystery."

        Quite - which is why whenever a site/form/whatever asks for my DoB, if I don't think they really need it I give them a false one and add it to the data in my password database in case they ever try to use it as some kind of security bollocks.

        (I've tried to make myself ludicrously old a couple of times, but the sites I tried that on wouldn't accept that I could possibly be over five hundred years old.)

    4. Anonymous Coward
      Anonymous Coward

      Re: Dates of birth

      I always use the 1st of April

      1. John Brown (no body) Silver badge

        Re: Dates of birth

        Try Feb'29 but with a non-leap year :-)

    5. Anonymous Coward Silver badge
      Paris Hilton

      Re: Dates of birth

      > 1/1/70 being a favourite

      Is that in US or UK format?

  2. Warm Braw Silver badge

    We take the security of our data seriously...

    ... but not sufficiently seriously that we had second thoughts about using a third party over whom we have little effective control to process it for us.

    It's almost impossible to buy goods or services these days without being harried to provide feedback, a lot of which is actually collected by marketing and PR companies or technically outsourced. I'm sure this is just the tip of an iceberg.

    When a business wishes to "engage" with you, it's usually a good idea just to say "no" - very little benefit is going to come your way...

    1. Anonymous Coward
      Anonymous Coward

      Re: We take the security of our data seriously...

      I've always been very skeptical about any of these SaaS companies, especially as most of them are based in the USA, with its virtually non-existent Data Protection laws, and we only have their word that the data for each of the customers (Data Controllers) for whom they are acting as a Data Processor are kept entirely separate and that they can't murkily data-mine within their entire gold seam of data for dubious purposes and cross-reference the data held by different clients.

      Having said that, data security is quite hard to get right (not that there should be any excuse for getting it wrong: if you are working in this field, the onus is most definitely on you to learn and follow best practices), but it's very disheartening to hear that a company for whom securely storing personal data is their whole business is really no better at it than One Teenager and a Dog Kewl Web Designz, Ltd...

      1. Tom Paine Silver badge

        Re: We take the security of our data seriously...

        Non-existent data protection laws? You're behiond the times dear heart - they have well over fifty; a minimum of one per state, plus Federal laws. IIRC the shortest mandatory disclosure period is 28 days (Iowa, is it? Can't remember)) but there's a straightforward lowest-one-wins effect for companies likely to conduct business in every state. for the ones that also operate in the EU, it'd be much simpler to just bite the bullet and go full 72 hours -- unless they're Facebook of course.

    2. Robert Helpmann?? Silver badge
      Big Brother

      Re: We take the security of our data seriously...

      It's almost impossible to buy goods or services these days without being harried to provide feedback... I'm sure this is just the tip of an iceberg.

      Every time you are asked for your information in response to making a purchase or visiting a web site, say "It's just the tip!" to generate an accurate mental image of what is going on.

    3. John Brown (no body) Silver badge

      Re: We take the security of our data seriously...

      "It's almost impossible to buy goods or services these days without being harried to provide feedback, a lot of which is actually collected by marketing and PR companies or technically outsourced. I'm sure this is just the tip of an iceberg."

      I'm not sure it's just cheaping out by the site owners or if the stuff they need to use is either not available or prohibitively expensive to just by and host. The same applies to scripts and fonts. Why would a site need to access sometimes many 10's of 3rd parties just to display it's own pages? It seems few companies, no matter how big, have proper web or other devs any more. Pretty much all web pages are little more than a a number of black boxes plugged together in the hope that it will work and no one actually knows how the whole site works. Websites As A Service.

      1. Tom Paine Silver badge

        Re: We take the security of our data seriously...

        Why would a site need to access sometimes many 10's of 3rd parties just to display it's own pages?

        So they get paid, of course.

        Some of them get paid more equally than others, of course. ("Have you heard? There's a natural order...")

      2. brym

        Re: We take the security of our data seriously...

        All day long, this! Even if it means reinventing the wheel, I try wherever possible with my sites to develop it myself and avoid using libraries. I'm not prepared to rush out features or capabilities simply because somebody else has already done it or it's trendy.

  3. Aladdin Sane Silver badge
    Flame

    Phishing attacks to commence

    in 3...2...1...

  4. Pascal Monett Silver badge
    Thumb Down

    Patreon ?

    So that's SciShow users that are impacted also, as well as PBS Eons.

    Congratulations on undermining confidence in some of the rare YouTube channels that educate people about science.

  5. Anonymous Coward
    Anonymous Coward

    We take the security of our data seriously.

    We will always say we take the security of our data seriously.

    FTFY

    On a serious scale of clowns to brexit I rate them clowns.

  6. Blockchain commentard Silver badge

    Why does a 3rd party survey service need mobile numbers let alone date of birth? Oh yeah, they doing a survey on data mining.

    1. Tom Paine Silver badge
      FAIL

      Side note here n the pestilential trend for everyone and their dog to launch "apps" rather than websites. Flash breaking news - 98% of apps are just websites that would like to steal more of your data than a page in your web browser can.

  7. adam payne Silver badge

    We take the security of our data seriously

    Isn't that in every breach statement nowadays?, don't know why because no one believes it any more.

  8. Flywheel Silver badge

    Interesting...

    I'm registered with Travelodge but haven't received an email from them (so far) but I've changed my password this morning.

    There's no mention of the breach on either Travelodge's nor Typeform's web sites. If you have the tspprs pi-hole list it blocks 6 typeform.com subdomains.

  9. DwarfPants
    Childcatcher

    If you google TypeForm

    You get the tag line "Typeform: Turn data collection into an experience"

    Possibly one where you need to visit a clinic in the near future

  10. The Nazz Silver badge

    Billing.

    "While we have not been made aware of any fraudulent use to date, it is possible that you could receive unwanted contact and your details may be used to find out more about you," it added. "You should therefore remain vigilant for any unusual activity."

    I normally charge out at £40 per hour but for you, i'll charge a beneficial rate of only £10 per hour. Of course, that's 24/7 vigilance so if you'll just send me the necessary info. for billing and the first weeks payment, and weekly thereafter, in advance that'd be great, thanks.

    On the brightside, at least the Lib Dem breach didn't affect any sizeable number of people.

    1. Tom Paine Silver badge

      Re: Billing.

      >On the brightside, at least the Lib Dem breach didn't affect any sizeable number of people.

      Heyyyyy...l Don't knock it til you've tried it! We've got >100,000 members - more than the Tories or UKIP, dash it all -- and we're growing faster than Labour. (Not that there's much chance of a Corbynoid army of enraged middle classes taking to the streets and demanding the abolition of capitalism, but some might say that's a good thing rather than a bad.) Anyway, my membership card shows a pair of pasty white knobbly knees and shins clad in yellow socks and shod with 70s style sandals,. What other party would take the piss out of themselves like that?

      1. Aladdin Sane Silver badge

        Re: Billing.

        Official Monster Raving Loony Party.

  11. cosymart
    Alien

    Travelodge

    Which Travelodge? I believe the UK & USA companies are different entities. Amusing fact, the UK Travelodge are based in Sleepy Hollow, Oxfordshire :-)

  12. csecguy44

    The clue is in the statement

    We take the security of our data seriously - but this was technically your data

  13. dnicholas Bronze badge
    Facepalm

    This is why I only give my real name, date of birth and contact details to entities who really need them.

    1/1/1950 here too, and use a "pornstar" name as well

  14. chas49

    Your data will not be passed on to any 3rd party

    I just received an email from Argos asking me to do a survey because I just bought something from them.

    The email contained the above statement. So I thought I would at least look at the survey.

    It was hosted on survey.foreseeresults(dot)com

    (Yes I know it's not Typeform, but you would think they would at least know not to make misleading statements like that)

  15. Roj Blake Silver badge

    Liberal Democrats

    The Lib Dems must be really worried about losing the data of both of their supporters.

  16. KHobbits

    Phrasing?

    > Startup bank Monzo, which was caught up in the Ticketmaster hack

    I thought Monzo was the company that informed Ticketmaster that Ticketmaster (or one of their third parties) had been breached, and in no way more caught up in it than any other bank...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019