This incident has 0 proposed changes. Know of details that have changed? Submit them Showing Incident 5049

SUMMARY

99 usernames, e-mail addresses, and plain-text passwords dumped on web by hacker
Records	99
Record Types	EMA MISC PWD
Breach Type	Hack
Data Family	Electronic
Source	Outside
Organization	Math2020.com
Other Affected/Involved Organizations	None
Lawsuit?	NO/UNKNOWN
Data Recovered?	NO/UNKNOWN
Arrest?	NO/UNKNOWN
Submitted By:	Dissent

TIMELINE

Date	Event
None. Add Data	Incident Occurred
New Timeline Item For Incident Occurred Date Reference URL Spam Check: Are you human?
None. Add Data	Incident Discovered By Organization
New Timeline Item For Incident Discovered By Organization Date Reference URL Spam Check: Are you human?
2011-11-23	Organization Reports Incident
New Timeline Item For Organization Reports Incident Date Reference URL Spam Check: Are you human?
None. Add Data	Organization Mails Notifications
New Timeline Item For Organization Mails Notifications Date Reference URL Spam Check: Are you human?
None. Add Data	Records Recovered
New Timeline Item For Records Recovered Date Reference URL Spam Check: Are you human?
None. Add Data	Lawsuit Filed
New Timeline Item For Lawsuit Filed Date Reference URL Spam Check: Are you human?
None. Add Data	Arrest Made
New Timeline Item For Arrest Made Date Reference URL Spam Check: Are you human?

SIMILAR INCIDENTS

records	date	organizations
274	2006-03-16	Bananas.com
100	2007-04-20	Albertsons
194	2008-07-01	Houghton Mifflin Harcourt
226	2008-04-25	HSBC Holdings plc

MAP OF INCIDENT LOCATION

Address: Ohio, USA
Have a better address for this incident? Suggest it!

suggest a new reference

REFERENCES

http://pastebin.com/pDhj97tQ [archive]

suggest a new attachment

ATTACHMENTS

COSTS SUMMARY

Known Actual Costs

No known costs for this incident.

Estimated Costs

Ponemon Institute Direct Costs Estimate ¹

$5,940.00

Note that these estimates are based on the Ponemon Institute's 2009 direct costs figures from their 2009 Annual Study: Cost of a Data Breach. We multiply $60.00 by the number of records to obtain this figure. Keep in mind that depending on the breach, the direct costs are not always suffered by the breached organizations. In the case of credit card number breaches, the direct costs can often be suffered by banks and card issuers. Also note that this is only an estimate.

COMMENTS

by Dissent [DataLoss Archaeologist] on 2011-11-25 (6 months ago)

Curator's note from Dissent:

I contacted Math2020.com to alert them to the breach and they responded promptly. Here is their explanation:

"I want to thank you once more for letting us know about this data breach. I doubt we would have spotted it otherwise.

The problem was caused by two bugs in the Amember membership script. Amember.com is one of the top membership programs, so I'm surprised this happened.

Anyway, the Amember guys provided the fixes. Pastebin took down the file at our request. And our clients got their passwords reset and some instructions on how to stay safe online."

Incidents:

Data Types:

Sectors:

Sources:

Breach Types:

Disposal Computer | Disposal Document | Disposal Tape | Disposal Drive
Disposal Mobile | Email | Fax | Fraud Se
Hack | Lost Computer | Lost Document | Lost Drive
Lost Laptop | Lost Media | Lost Mobile | Lost Tape
Missing Document | Missing Laptop | Missing Media | Snail Mail
Stolen Computer | Stolen Document | Stolen Drive | Stolen Laptop
Stolen Media | Stolen Mobile | Stolen Tape | Unknown
Virus | Web |