Forgot your password?
typodupeerror
Security Databases Privacy Your Rights Online

Cisco Says Vegas Conference Attendees' Information Was Leaked 97

Posted by timothy
from the hopefully-no-dropped-rows-on-the-flight-home dept.
Julie188 writes "Thousands of people got a nasty e-mail this morning from Cisco. The company was warning people that its attendee registration database for its Cisco Live 2010 event was hacked. Cisco Live 2010 is the company's annual user conference, held last week in Las Vegas with an estimated 18,000 in attendance. If it's not embarrassing enough for a company that sells security gear to get hacked, the e-mail also went out to people who didn't register and didn't attend the event. That raises questions about exactly what database was pried open and how bad the damage is. Cisco's e-mail said the hole was quickly closed and only business-card type information was exposed."
This discussion has been archived. No new comments can be posted.

Cisco Says Vegas Conference Attendees' Information Was Leaked

Comments Filter:
  • by mulgar (1432387) on Thursday July 08, 2010 @03:41PM (#32843770)
    Can someone paste the header to see if the email from "Cisco" is legit or fraudulent? I attended Cisco Live and received no such email, and people who didn't attend received the mail, the Cisco Live team has a database of everyone who registered for the event so if the email was legit I would have expected to see it get sent to the correct audience?
  • by mulgar (1432387) on Thursday July 08, 2010 @03:54PM (#32843880)
    So I'm a Cisco employee who attended Cisco Live as a speaker last week, I just checked with a contact (who sends emails out from support@ciscolive.com) and they are not aware of any of this - which leads me to think the email is faked. If someone can provide the original email header so we can investigate further that would be appreciated... my contact is checking into this further I will update if I find out anything else...
  • by Animats (122034) on Thursday July 08, 2010 @04:06PM (#32843980) Homepage

    Cisco collected that information so they and their "partners" could spam you: "... we believe your registration information - specifically your Cisco Live badge number, name, title, company address and email address- was accessed. No other information was available or accessed. Although these details are commonly accessed by our World of Solutions partners".... Their "partner locator" [cisco.com] finds 16601 partners in the United States, 3241 in China, 998 in Russia, 427 in Romania. 330 in Nigeria, and 12 in Afghanistan. So just about anybody who wants that data could get it.

    They're just irked that someone who didn't pay for their mailing list might spam you.

  • by Locutus (9039) on Thursday July 08, 2010 @05:12PM (#32844668)
    these conferences always look like they are run by someone other than the company or companies owning the show. For the Cisco Live 2010 conference, Wingateweb.com ran the registration or it looks like they did because they own the domain( ciscolive2010.com ). When I looked up who owned that domain and then looked at their website( wingateweb.com ) and this is what it says:

    Trusted Technology
    World-class Delivery

    Event organizers around the world rely on WingateWeb’s event management software and services to deliver the world’s top conferences, conventions and trade shows. Optimize your strategy, maximize your audience and deliver perfect events every time with WingateWeb.

    So before people blame Cisco for someone getting into the database and getting attendee data dumps you might want to ask who really was to blame. And FYI, very often the on site software for registering and checking in is not only run on Windows laptops but they are very poorly done. Way to many times redundant information was requested and don't even try to use tab completion for city, state, etc, tab navigation, or the space bar for button activation. I would not doubt that many many other conference databases have been hacked but this Cisco conference hack was found out because they are very security minded and looked into it.

    LoB
  • Re:Routing error (Score:3, Interesting)

    by ShakaUVM (157947) on Thursday July 08, 2010 @08:35PM (#32846466) Homepage Journal

    For a long time, you could retrieve all of Cisco's customer data (from people who entered data on their web site) from just changing "submit" to "retreive" in the URL. Haven't tried it recently, but they exposed names, addresses and emails by the thousands for years without doing anything to correct it.

    Never gave me a good impression of Cisco...

Mathematicians stand on each other's shoulders. -- Gauss

Working...