Caught in the River City Media Data Breach

 

Were you one of the unlucky victims caught in the River City Media Data breach? I was! It occurred in May of 2017. I had no idea who River City Media was? Or how they had been able to acquire my personal information in the first place! Regardless, I found out I had been exposed and I was one of the victims of the River City Media data breach.

It happened to me, and it can happen to you. I had no clue how serious this was or what information was actually exposed. My involvement was discovered by accident, when I was unable to login to a membership site recently.

This experience has taught me I need to know more about getting hacked. I also wanted to know more about the River City Media data breach.

Check your email, You may have been pwned!

In 2017 the data breaches jumped to unprecedented levels. And it will get worse. You must be aware of any data breaches you may have been involved in. And I wanted to let people know how important this really is. This may be older news, but it was brand new to me! When you find out you are a victim, it is news to you for sure!

In my case, I found out the slang term for what happened to me was called “pwned” I guess I live under a rock because I had never heard it before. It made me think of the pieces called pawns used in the game of chess.

After I had tried many unsuccessful attempts to enter a website with my password,  I was told that my email was possibly involved in a data breach. And then I was directed to a site called haveibeenpwned.com. Once I got there, I was told to enter my addresses to determine if I had been pwned. Well,I did learn that I was, so I also needed to learn  the meaning of being pwned.

Pwned Origin

Wikipedia defines Pwn, the singular, as slang meaning “to gain ownership” In internet games, you taunt your defeated opponent by using the phrase “you just got pwned” In computer jargon, it is synonymous with “hacking.”

The original pronunciation for pwn was own, the “p” was silent. So, to be pwned would be pronounced “owned”. There is a debate of pwned being simply a mistype of the word “owned” anyway. I won’t debate the story or how it came about, but it is sounding serious if my email is owned, or pwned!

The River City Media Data Breach

After I checked my email address at haveibeenpwned.com I got the bad news.  My email and my IP address were exposed in the River City Media data breach in March of 2017. 1.4 billion accounts were exposed. Wow, that’s a lot of people exposed!

RCM give the appearance of a legitimate company, but they were in fact spammers. Like many others I may have answered one of the spam emails. That explains how my information got there in the first place, spammers!

Regardless of how it happened, the bottom line is.. I have been pwned!

The RCM  Breach was Discovered by Chris Vickery

At the height of their hayday RCM sent out close to a billion spams a day. The exposed database was a backup file that RCM didn’t properly secure. It was open for anyone to see.

Chris Vickery, an internet data breach hunter who currently works at UpGaurd, discovered the breach.”It wasn’t even password protected” says Chris  “and it exposed sensitive personal data such as email addresses, IP addresses,full names, and even some physical addresses.”

How Does Chris Find Data That is not Protected

Chris tells us:

“People just let things open for easier access by their own computers, thinking nobody will ever find it. Then, guys like me find it, or other people with not so noble intentions.”

RCM were spammers. They collected emails, and amassed a huge database. The data was acquired through free offers, or free gifts that required people to sign-up.

Remember those ads for free credit reports? Or maybe free trials that required a credit card number? It is troubling to me that I allowed these sites to collect my personal data thinking it was secure.

RCM could have also been paying other sites for sign up information as well. RCM denied ever spamming anyone, but the exposed data revealed otherwise. It included actual text logs of their methods for spamming!

This was a massive breach, but there were worse breaches in 2017, such as the credit agencies themselves. I was unfortunately involved in one of these as well, the Equifax breach.

Data Breaches at the Credit Reporting Agencies

Because the credit reporting agencies have such detailed information on everyone all in one place, they may have included the most detailed data breaches yet. The sheer volume and complete list of names, emails, addresses, and credit card numbers is just mind boggling.

Equifax

In July of 2017 a breach was reported at Equifax, that had actually happened 2 months earlier in May 2017.It was considered by some to be the worst data breach of all time, because of the sensitive data exposed. Affecting 145 million people, it included social security numbers, addresses and birth dates. I had to wonder why did it take two months for Equifax to report this?

Who is Equifax

Equifax is one of the three credit reporting agencies. landlords, banks and employers use these agencies to obtain a credit score, and complete credit report of our credit histories.

These reporting agencies keep all our credit information on file. I was shocked to hear their security was so vulnerable and easily hacked. 

This Happened 3 Times at Equifax

Richard E. Smith, the former Equifax  CEO was called into Senate hearings to testify and explain how a data breach of this magnatude could happen. He was also questioned on why this was the third time Equifax reported a data breach.

One breach in a 2013 thru 2014 time frame allowed an unauthorized IP address access to credit reports. Another breach in 2015 allowed access to Lifelock customer accounts. Both were on the same known issues that were never corrected. 

In my opinion, the third time your files are hacked, is not just a coincidence. That is pure indifference, and lack of ethical responsibility.

Congress also mentioned that the breech of data would be in a way, good for business for Equifax. It most certainly was! LifeLock, the American Identity Theft Service, now owned by Symantec, reported a 6-fold increase in web traffic following the Equifax data breach.The enrollments per hour were running ten times higher than before the Equifax breach

Lifelock has a 4 year contract with Equifax and all credit reports for Lifelock are handled by Equifax! So, you sign up for Lifelock, your credit file is handled by Equifax. Quite an increase in business!

Equifax provided a letter to congress that contained additional details on data that was breached. The letter reported that 38,000 drivers licenses, and 3200 passports had been downloaded in the breach.

The company also confirmed that information on 1.46 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million addresses information, 209,000 payment card numbers and expiration dates were stolen in the breach. Pretty scary, everything you need to wipe out accounts, or worse. And if you had the account online, then they most likely have your IP address,  your email for contact, and the password you used.

Experian CreditLock

Yes, isn’t it strange, Experian also offers CreditLock, to prevent access to your credit reports!  And two plans for protection against Identity Theft, and Credit Protection, called IdentityWorks.(Experian IdentityWorks Premium,) and (Experian IdentityWorks Plus).

Then, Experian also had a data breach in December 2015 that involved 123 million people

How ironic! Equfax and Experian both have identity theft protection products, to protect you if your data is stolen! And both suffered data breaches that allowed your data to be stolen!

According to their own statistics, victims of a data breach are 11 times more likely to have their identity stolen.

In fact, Experian has it’s Protection Software boldly advertised on their website. They have no shame, selling you a product for protection from any data theft. But any theft involving your data, possibly was exposed by a data breach at their own site.

Unbelievable! This business is clearly at fault for having such poor security, and also selling a product to monitor what happens if your credit gets stolen! That’s outrageous!

Experian’s Response -We’re Sorry!

I was notified by Experian probably in December or January that my personal data was exposed in the Experian data breach. They were apologetic, and offered to monitor my credit for 2 yrs, and no cost.

The damage is done now. I wasn’t ever told how serious it was and they also said my personal data may have been exposed. They give you a false sense of security, because you think well maybe I wasn’t hurt too bad. But, nobody really know how bad it is or will be in the future!

Have You Been Pwned

If you are involved in any data breach, chances are you have been pwned. A scam has occurred that has exposed all your personal data files. Anyone who is gains access to this personal data, know the value of it!

Because of this exposure,I will likely have to pay a fee to have my credit watched. Most likely, by the same people who allowed it to be hacked! I think that is as close to extortion as you can get! And I think they should be required to monitor our stolen credit at no cost for life.

Data Breaches are Serious Stuff

A data breech or hacking scam that gains access to personal data files, has every intention of using those files for profit. It could be anyone, your bank, drugstore, your credit card company, or worse some online download company. The profit for the bad guys might not be immediate, it might be years later. So, we may be attacked years later.

Once the data is stolen, they have your name, email, personal address, financial addresses and records as well. They could also have some passwords as well, and that should alarm you. If you are like me, then you have used easy to remember passwords. Change them!

How serious is being pwned?

Think about this. Most people use the same password over and over again. If the bad guys got your password with a data breach of some online business records, and it just so happened you used the same password at the bank, good chance you get your money cleaned out. They would empty your account before you ever heard of any big data breech.

Or even worse, they enter your accounts and establish a new identity using your credit ratings and make purchases until they get shut down. That destroys your entire life in the process.

Has my Email been Hacked, Find Out

It is nice to know that some good guys are still around to help us out.Troy Hunt is one of them. I was never aware of Troy or his site,  haveibeenpwned.com. I was glad I checked my email address! Be sure to check yours.

This is not an email farm just trying to get my email to send some spam. Here is a video where Troy is giving a lecture on site security and near the end actually shows where our data goes to be sold on the Dark Web.

 

Troy started his website as a hobby, and then saw the value to others and decided to continue for ethical reasons, rather than financial gain. Before he started his website, he worked as a software architect at Pfizer.

Troy does offer a separate notification option on his site for you to receive alerts if you are involved in any future data breaches.

What do You do if You get (Pwned)

This basically means you have been involved in a data breach, and it is possible your password has been exposed. So, in order to protect other accounts, you will have to make sure all your passwords are at least different, and the longer the better.when they are all different, your hacker can only access the compromised site. It’s not nice, but much nicer than accessing all your accounts!

  • Check your email – use Troys Site to find any data breaches you may have been involved in.
  • Change your password -especially if you use the same password everywhere. Troy recommends   1Password   for keeping your passwords under locked encrypted security using one password. They have a $100,000 prize for anyone who can successfully enter their security vault and capture specific information inside. They also have a 30 day free trial, and charge about $36 bucks a year. I think I will have to break down and accept their protection.
  • Read my article Identity Theft and Protection Review for more tips.

 

I did start using some different passwords awhile back and put all my passwords on a secured locked up printout.

It is a hassle for sure, I have to look up passwords now, because they make no sense, aren’t common names, and are just a jumbled mix of symbols, numbers small and capital letters. However, as I looked through the list, I noticed a few were the same. I took the easy road as well! I had to go to all the sites and change them as well.

Troy also mentions people tend use very common names because it is easier to remember them. But it is also very vulnerable for a trial and error hack.

Don’t Use Easy to Guess Passwords

For instance using short common names like ADMIN, Password, Youcan’tguess, or birthdays, car types such as Chevy or Ford.  The crooks are too clever and high tech today. Bots are employed nowadays,to figure passwords out! So, they need to be much harder to hack.

Keep yourself safer by checking your own email address. Take the time now, and fix things to make your data more secure, and consider some better safeguards for your passwords. Be careful of using other email checkers, they may be just gathering your email address.

The bottom line is you don’t know if you have been hacked or your data is exposed even if you don’t show up on any list. It is a good idea to check,because you never know. And if you find that you have been exposed, then take the necessary steps to protect yourself.

I hope this update helps you keep yourself safe. Let me know if you found it helpful!

Chas

be your own boss check this out button

Facebooktwittergoogle_plusredditpinterestlinkedinmail

10 thoughts on “Caught in the River City Media Data Breach”

  1. Waoooo what an eye opening and breathe taking review. Over time many of us freely give out our information in the name of some sign ups and a whole lot of free stuffs online.  Unknowingly,  these are detrimental to our Data safety.  

    So let me ask,  once you got owned,  how do you then liberate yourself and what measures can one take to avoid beung pwned? 

    Are there data protection agencies that helps in ensuring safety in online space??  

    • Hi Olonisakin,

      It sure is something to find out how vulnerable we are today. Absolutely, so many sites have our data. River City was operating those little check your credit ads you still see today. Then you were on their mailing list and spammed! 

      Once you get Pawned(owned), your data is always out there in the Dark Web somewhere? All you can do is make sure you have very difficult and hard to crack passwords in place! Get rid of simple 5 letter passwords, and duplicate ones. I used to use the same password over and over. That is the worst thing you can ever do! The bad guys will check all your accounts. They have all you information! Random passwords are best, I use keypass now, and I generate passwords of at least 15 characters long! It is a pain, but I feel much better about my financial passwords.

      You can use stuff like lifelock, but that is sold by the people who left our data get stolen in the first place, can you trust them with you data?

      Thanks for stopping by and leaving a comment, 

      Chas

  2. Hi and thanks for this very informative article. I am very glad that I have never personally suffered a hack or data breach like this. But I guess that it really could happen to anyone. I notice that when these things happen, the company in question can be really slow in acknowledging that it happened in the first place. Thanks for filling me in on lots of new terminology I was not aware of. Kenny

    • Hi Kenny,

      Well don’t be so sure that you haven’t been involved in any data breeches. I never was told I got Caught in the river city data breach, I found out by accident. You can go to Troy Hunts website and find out if you have been pawned.

      In this case is sounds a bit fishey that the people have a security product they are selling and they have their back door standing open? Anyway, the damage is done now! You are welcome, Kenny.

      Thanks for stopping by and leaving a comment,

      Chas

  3. Hi! This is a very informative and frankly, rather frightening post. 

    I have to agree with you that Equifax should be giving free protection to everyone exposed for life not just a measly two years. The conspiracy side of me thinks that they may have welcomed the leaks hence why they didn’t announce the exposures sooner. No action is a form of action after all and it worked to their benefit. The worse part of all is you can’t control it if they have your information since they are a credit reporting agency. You have credit? They have your info period.

    I do have a question regarding that website, haveibeenpwned. Do you know if this website is legit? I have serious trust issues with giving any information online. 

    Thanks for all the info. I will have to take the security of my information much more seriously!

    • Hi Tina,

      It sure is, and it is a reality, unfortunately. You have it absolutely correct! There was no hurry for them to do anything, because it was good for business, the more data stolen, the better for them! The even sat before congress and told them how they had no idea the data was being stolen! It happened before, twice!!!

      Yes they have our data, and got it for free, to use for reporting to others for a fee, then they make money for protecting it, after they let it get stolen. NICE huh?

      I had the same doubts you do, and let me tell you, I was told by security people that Tony Hunt is one of the good guys! He does that service as a favor to help others. and runs checks everyday looking for our data being sold on the black web. I even gave him my address to alert me if he finds my email address exposed anywhere. He will send you a notice for free, I haven’t gotten any yet!

      Thanks for stopping by and leaving a comment, it is appreciated,

      Chas

  4. Oh man this is terrible! I think I had heard about this happening before awhile back. Its not just an uncanny coincidence that these breaches happened 3 times and then lo and behold Lifelock gets all these new customers because people don’t want their identies stolen – I’m sorry but that is just pure BS! It is so obvious this was planned out for the benefit of the Lifelock ( and ultimately for the PURE benefit of Equifax ) TOTAL extortion ! How terrible. Well lucky for me my credit is bad, it hs been bad for years because of unpaid ambulance and hospital bills. I have never been approved of a credit card. No one wants my info, so I am safe. 

    • Hi Sophia,

      It is enough to make you sick to you stomach. You got it. Hard to believe they expect you to buy the crap it was some kind of hacking, but they left the back door wide open. Nobody had to hack them, it was exposed for anyone to take it, and they guys who can use it for no good gobbled it up! Yep, then I think that Equifax sold it to someone else, and now the other guy can sell it back to us with a clean conscience I suppose?

      I am sorry to hear about all you troubles with you health, i hope all is well now. You could check out my Credit Aid Article to help you fix your credit again. But then again, you have a point!

      Thanks for stopping by and taking the time to leave a comment,

      Chas

  5. data breaches are scary even if I haven’t been affected by one.

    The problem I find is that big companies who are obviously the ones targeted aren’t serious about data security.  There are a lot of Buzz media statements released by companies that don’t make me feel any better than before their data breach or the hiding of their data breach.

    Paying for personal security is a scam as well because these companies nickel and dime us to death and we really don’t know how secure they are.

    I’m not completely convinced the people out there responsible for our data are in it for us.

    • Hi Stew,

      Are you sure you haven’t been involved in a data breech? They didn’t call and tell me that I was Caught in the River City Media Breech, I found out entirely by accident. As Troy Hunt says, we are all pawned! Go to his website and check, it’s free and you might find out- You’ve been Pawned!

      Of course the security thing is a scam! Lifelock was a product developed by the wonderful people who own the Credit Bureaus, Transunion, and Equifax! They left the door wide open for our data to be stolen! Why is sounds like a set up, doesn’t it! And now they send you ads for you to pay them for keeping your data safe? The same ones who left the door open! Nope, they are not in it for us! They are in it for themselves!

      Thanks for taking the time to comment,

      Chas

Leave a Comment

Skip to toolbar