I was caught in the River City Media Data breach, It occurred in May of 2017. I had no idea who River City Media was? Or how they had been able to acquire my personal information in the first place! Regardless, I found out I had been exposed and I was one of the victims of the River City Media data breach.
It happened to me, and it can happen to you. I had no clue how serious this was or what information was actually exposed. My involvement was discovered by accident, when I was unable to login to a membership site recently.
This experience has taught me I need to know more about getting hacked. I also wanted to know more about these data breaches.
Did The River City Media Data Breach Affect You?
In 2017 the data breaches jumped to unprecedented levels. And it will get worse. You must be aware of any data breaches you may have been involved in. And I wanted to let people know how important this really is. This may be older news, but it was brand new to me! When you learn you are a victim, it is not good new for sure!
In my case, I found out the slang term for what happened to me was called “pwned” I guess I live under a rock because I had never heard it before. It made me think of the pieces called pawns used in the game of chess.
After I had tried many unsuccessful attempts to enter a website with my password, I was told that my email was possibly involved in a data breach. And then I was directed to a site called haveibeenpwned.com. Once I got there, I was told to enter my addresses to determine if I had been pwned. Well,I did learn that I was, so I also needed to learn the meaning of being pwned.
Wikipedia defines Pwn, the singular, as slang meaning “to gain ownership” In internet games, you taunt your defeated opponent by using the phrase “you just got pwned” In computer jargon, it is synonymous with “hacking.”
The original pronunciation for pwn was own, the “p” was silent. So, to be pwned would be pronounced “owned”. There is a debate of pwned being simply a mistype of the word “owned” anyway. I won’t debate the story or how it came about, but it is sounding serious if my email is owned, or pwned!
The River City Media Data Breach Exposed 1.4 Billion
After I checked my email address at haveibeenpwned.com I got the bad news. My email and my IP address were exposed in the River City Media data breach in March of 2017. 1.4 billion accounts were exposed. Wow, that’s a lot of people exposed!
RCM give the appearance of a legitimate company, but they were in fact spammers. Like many others I may have answered one of the spam emails. That explains how my information got there in the first place, spammers!
Regardless of how it happened, the bottom line is.. I have been pwned!
The RCM Breach was Discovered by Chris Vickery
At the height of their heyday RCM sent out close to a billion spams a day. The exposed database was a backup file that RCM didn’t properly secure. It was open for anyone to see.
Chris Vickery, an internet data breach hunter who currently works at UpGaurd, discovered the breach.”It wasn’t even password protected” says Chris “and it exposed sensitive personal data such as email addresses, IP addresses,full names, and even some physical addresses.”
How Does Chris Find Data That Is Not Protected
Chris tells us:
“People just let things open for easier access by their own computers, thinking nobody will ever find it. Then, guys like me find it, or other people with not so noble intentions.”
RCM were spammers. They collected emails, and amassed a huge database. The data was acquired through free offers, or free gifts that required people to sign-up.
Remember those ads for free credit reports? Or maybe free trials that required a credit card number? It is troubling to me that I allowed these sites to collect my personal data thinking it was secure.
RCM could have also been paying other sites for sign up information as well. RCM denied ever spamming anyone, but the exposed data revealed otherwise. It included actual text logs of their methods for spamming!
This was a massive breach, but there were worse breaches in 2017, such as the credit agencies themselves. I was unfortunately involved in one of these as well, the Equifax breach.
Data Breaches At Credit Reporting Agencies
Because the credit reporting agencies have such detailed information on everyone all in one place, they may have included the most detailed data breaches yet. The sheer volume and complete list of names, emails, addresses, and credit card numbers is just mind boggling.
In July of 2017 a breach was reported at Equifax, that had actually happened 2 months earlier in May 2017.It was considered by some to be the worst data breach of all time, because of the sensitive data exposed. Affecting 145 million people, it included social security numbers, addresses and birth dates. I had to wonder why did it take two months for Equifax to report this?
Who is Equifax
Equifax is one of the three credit reporting agencies. landlords, banks and employers use these agencies to obtain a credit score, and complete credit report of our credit histories.
These reporting agencies keep all our credit information on file. I was shocked to hear their security was so vulnerable and easily hacked.
This Happened 3 Times at Equifax
Richard E. Smith, the former Equifax CEO was called into Senate hearings to testify and explain how a data breach of this magnatude could happen. He was also questioned on why this was the third time Equifax reported a data breach.
One breach in a 2013 thru 2014 time frame allowed an unauthorized IP address access to credit reports. Another breach in 2015 allowed access to Lifelock customer accounts. Both were on the same known issues that were never corrected.
In my opinion, the third time your files are hacked, is not just a coincidence. That is pure indifference, and lack of ethical responsibility.
Congress also mentioned that the breech of data would be in a way, good for business for Equifax. It most certainly was! LifeLock, the American Identity Theft Service, now owned by Symantec, reported a 6-fold increase in web traffic following the Equifax data breach.The enrollments per hour were running ten times higher than before the Equifax breach
Lifelock has a 4 year contract with Equifax and all credit reports for Lifelock are handled by Equifax! So, you sign up for Lifelock, your credit file is handled by Equifax. Quite an increase in business!
Equifax provided a letter to congress that contained additional details on data that was breached. The letter reported that 38,000 drivers licenses, and 3200 passports had been downloaded in the breach.
The company also confirmed that information on 1.46 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million addresses information, 209,000 payment card numbers and expiration dates were stolen in the breach. Pretty scary, everything you need to wipe out accounts, or worse. And if you had the account online, then they most likely have your IP address, your email for contact, and the password you used.
Yes, isn’t it strange, Experian also offers CreditLock, to prevent access to your credit reports! And two plans for protection against Identity Theft, and Credit Protection, called IdentityWorks.(Experian IdentityWorks Premium,) and (Experian IdentityWorks Plus).
Then, Experian also had a data breach in December 2015 that involved 123 million people
How ironic! Equfax and Experian both have identity theft protection products, to protect you if your data is stolen! And both suffered data breaches that allowed your data to be stolen!
According to their own statistics, victims of a data breach are 11 times more likely to have their identity stolen.
In fact, Experian has it’s Protection Software boldly advertised on their website. They have no shame, selling you a product for protection from any data theft. But any theft involving your data, possibly was exposed by a data breach at their own site.
Unbelievable! This business is clearly at fault for having such poor security, and also selling a product to monitor what happens if your credit gets stolen! That’s outrageous!
Experian’s Response -We’re Sorry!
I was notified by Experian probably in December or January that my personal data was exposed in the Experian data breach. They were apologetic, and offered to monitor my credit for 2 yrs, and no cost.
The damage is done now. I wasn’t ever told how serious it was and they also said my personal data may have been exposed. They give you a false sense of security, because you think well maybe I wasn’t hurt too bad. But, nobody really know how bad it is or will be in the future!
Have You Been Pwned?
If you are involved in any data breach, chances are you have been pwned. A scam has occurred that has exposed all your personal data files. Anyone who is gains access to this personal data, know the value of it!
Because of this exposure,I will likely have to pay a fee to have my credit watched. Most likely, by the same people who allowed it to be hacked! I think that is as close to extortion as you can get! And I think they should be required to monitor our stolen credit at no cost for life.
The River City Media Data Breech Is Serious Stuff
A data breech or hacking scam that gains access to personal data files, has every intention of using those files for profit. It could be anyone, your bank, drugstore, your credit card company, or worse some online download company. The profit for the bad guys might not be immediate, it might be years later. So, we may be attacked years later.
Once the data is stolen, they have your name, email, personal address, financial addresses and records as well. They could also have some passwords as well, and that should alarm you. If you are like me, then you have used easy to remember passwords. Change them!
How Serious Is Being Pwned?
Think about this. Most people use the same password over and over again. If the bad guys got your password with a data breach of some online business records, and it just so happened you used the same password at the bank, good chance you get your money cleaned out. They would empty your account before you ever heard of any big data breech.
Or even worse, they enter your accounts and establish a new identity using your credit ratings and make purchases until they get shut down. That destroys your entire life in the process.
Has My Email been Hacked?
It is nice to know that some good guys are still around to help us out.Troy Hunt is one of them. I was never aware of Troy or his site, haveibeenpwned.com. I was glad I checked my email address! Be sure to check yours.
This is not an email farm just trying to get my email to send some spam. Here is a video where Troy is giving a lecture on site security and near the end actually shows where our data goes to be sold on the Dark Web.
Troy started his website as a hobby, and then saw the value to others and decided to continue for ethical reasons, rather than financial gain. Before he started his website, he worked as a software architect at Pfizer.
Troy does offer a separate notification option on his site for you to receive alerts if you are involved in any future data breaches.
After Getting Pwned, What’s Next?
This basically means you have been involved in a data breach, and it is possible your password has been exposed. So, in order to protect other accounts, you will have to make sure all your passwords are at least different, and the longer the better. When they are all different, your hacker can only access the compromised site. It’s not convenient, but much better than having all your accounts hacked!
- Check your email – use Troys Site to find any data breaches you may have been involved in.
- Change your password -especially if you use the same password everywhere. Troy recommends 1Password for keeping your passwords under locked encrypted security using one password. They have a $100,000 prize for anyone who can successfully enter their security vault and capture specific information inside. They also have a 30 day free trial, and charge about $36 bucks a year. I think I will have to break down and accept their protection.
- Read my article Identity Theft and Protection Review for more tips.
I did start using some different passwords awhile back and put all my passwords on a secured locked up printout.
It is a hassle for sure, I have to look up passwords now, because they make no sense, aren’t common names, and are just a jumbled mix of symbols, numbers small and capital letters. However, as I looked through the list, I noticed a few were the same. I took the easy road as well! I had to go to all the sites and change them as well.
Troy also mentions people tend use very common names because it is easier to remember them. But it is also very vulnerable for a trial and error hack.
Don’t Use Easy to Guess Passwords
If the River City Media Data Breach teaches you anything, it is one simple thing. You must have strong hard to remember passwords.
For instance using short common names like ADMIN, Password, Youcan’tguess, or birthdays, car types such as Chevy or Ford. The crooks are too clever and high tech today. Bots are employed nowadays,to figure passwords out! So, they need to be much harder to hack.
Keep yourself safer by checking your own email address. Take the time now, and fix things to make your data more secure, and consider some better safeguards for your passwords. Be careful of using other email checkers, they may be just gathering your email address.
The bottom line is you don’t know if you have been hacked or your data is exposed even if you don’t show up on any list. It is a good idea to check,because you never know. And if you find that you have been exposed, then take the necessary steps to protect yourself.
I hope this update helps you keep yourself safe. Let me know if you found it helpful!