New problems for Federprivacyafter the theft of its databases and webmail messages by the gruppo Alpha Team, which has now decided to publish member data online. Although the hackers had ensured not to publish the data, a statement from the president of Federprivacy seems to have changed the group’s mind.
Federprivacy, member data published online
The attack on Federprivacy, perpetrated between November 13th and 17threvealed the association’s vulnerability, with Alpha Team picking up well 15 GB of data. Initially, the group had promised not to disclose or sell the stolen data, but a statement from the president of Federprivacy, Nicola Bernardishook things up, as DDay points out.
Alpha Team had stated that the purpose of the attack was to demonstrate the hypocrisy of those responsible for data security without in turn protecting the information in their custody. Instead, Alpha Team reposted the data on a darkweb forum, quoting a passage from Bernardi’s response. In the text, the president had said that the stolen information was not of “particular sensitivity, because it mainly concerns information relating to the activity of professionals which is often publicly available on websites”. This episode led the group to publish a direct link to download the data, inviting the public to judge the truthfulness of Bernardi’s statements.
Although Bernardi’s response admitted the association’s imperfect data security, underlining its limited financial capacity, the situation exploded when it emerged that the passwords were stored in clear text on the servers. Which, as several commentators point out, is a problem that can be solved with free and open source solutions.
This controversy raises new doubts about data management by Federprivacy and sheds light on cybersecurity challenges for nonprofits as well. The situation remains evolving, we will keep you updated.
Leave a Reply
View Comments