When Sarah Luke found out her personal details had been shared on the dark web, she never imagined it would lead to two US court actions and a million-dollar damages bill.
This sounds absolutely insane! Surely it must be trivial to prove that she had no part in anything. Corporations shouldn’t be able to reach down into peoples lives in this way (she is in a different country and was not represented). what can be done to raise awareness and try to help get the attention of the relevant Minister to advocate to the USA Govt to have this sorted out? This women must be beside herself.
I wonder if the government and ASIC shouldn’t take a closer look at Paypal as well. According to Ms Luke her account was one of 35,000 Paypal accounts breached in an incident last year and criminals used it to process thousands of transactions over a couple of days.
i don’t think paypal did much wrong here: the 35k accounts wasn’t really their fault… their “breach” was credential stuffing: criminals trying usernames and passwords from other breaches… there’s not much they can do to fix that except enforce MFA (this is just 1 of many reasons it’s so important!)
This sounds absolutely insane! Surely it must be trivial to prove that she had no part in anything. Corporations shouldn’t be able to reach down into peoples lives in this way (she is in a different country and was not represented). what can be done to raise awareness and try to help get the attention of the relevant Minister to advocate to the USA Govt to have this sorted out? This women must be beside herself.
I wonder if the government and ASIC shouldn’t take a closer look at Paypal as well. According to Ms Luke her account was one of 35,000 Paypal accounts breached in an incident last year and criminals used it to process thousands of transactions over a couple of days.
i don’t think paypal did much wrong here: the 35k accounts wasn’t really their fault… their “breach” was credential stuffing: criminals trying usernames and passwords from other breaches… there’s not much they can do to fix that except enforce MFA (this is just 1 of many reasons it’s so important!)
Yes, optional MFA isn’t good enough for a regulated financial service. That should be mandatory.