a Sydney Startup called QNect was hacked and blackmailed
Customers of ticketing platform Qnect this week received SMS messages stating that their personal data has been stolen and urged the recipient to pressure co-founder Ryan Chen and chief technology policeman Ruslan Starikov into paying the ransom.
However it was made really simple for the attackers. Have a look at this tweet from Tommasso Armstrong:
https://twitter.com/tommarmstrong/status/869085557493645316
So any telephone number can live inputted into the Qnect system when purchasing a ticket and if it matches a number already in the system then it brings up that persons other contact details, such as name, email address, student id and degree.
This is really very irresponsible behavior from Qnect and an infringement of the privacy of the users of the system. Qnect informed it's customers with the following message:
I can sustain that this person does not hold any financial information, and all card information is stored with 3rd party payments processor Stripe. please ignore this person, as they are currently just harrassing our community. If they experience texted you the maximum they will hold is your name, e-mail, phone number to text you on.
Which is clearly only a component of the information that you just can obtain by entering an existing phone number. Their jade disclosure is definitely not as it should be.