Cisco Says Vegas Conference Attendees' Information Was Leaked 97
Julie188 writes "Thousands of people got a nasty e-mail this morning from Cisco. The company was warning people that its attendee registration database for its Cisco Live 2010 event was hacked. Cisco Live 2010 is the company's annual user conference, held last week in Las Vegas with an estimated 18,000 in attendance. If it's not embarrassing enough for a company that sells security gear to get hacked, the e-mail also went out to people who didn't register and didn't attend the event. That raises questions about exactly what database was pried open and how bad the damage is. Cisco's e-mail said the hole was quickly closed and only business-card type information was exposed."
TFA (Score:5, Informative)
We hope you have returned home safely and are back into your normal routine after a busy week at Cisco Live 2010.
We are contacting you because on the final afternoon of Cisco Live, one of our vendors identified an unexpected attempt to access attendee information through ciscolive2010.com. The ability to access this information was quickly removed, but not before some conference listings were accessed.
Cisco Live takes the security of attendee information very seriously and immediately elevated this matter to our chief security officer. His team completed a thorough review and as a result we believe your registration information – specifically your Cisco Live badge number, name, title, company address and email address– was accessed. No other information was available or accessed.
Although these details are commonly accessed by our World of Solutions partners and often freely provided by Cisco Live attendees, we felt it was our responsibility to inform you as quickly as possible. As we cannot yet confirm the information was accessed by an authorized Cisco Live partner, we encourage you to consider the appropriate precautions to protect against any unwanted email.
Please accept our apologies for any inconvenience that may result and feel free to contact us directly at support@ciscolive2010.com if you have any additional questions or information.
We hope you enjoyed your Cisco Live experience and we look forward to welcoming you to Las Vegas in 2011.
Regards,
Re:Is the email from Cisco legit? (Score:5, Informative)
Re:They were going to let their "partners" spam yo (Score:4, Informative)
Cisco's entire worldwide partner ecosystem != Cisco Live! World of Solutions, which was a vendor booth exhibition at Cisco Live in Las Vegas last week.
I'm not sure how many partners were in World of Solutions but there were perhaps 200. Companies like EMC, APC, CA, etc. You want a light-up rubber ball or blinking shot glass or whatever shiny object they were giving away at their booths, you let them scan your badge. Some had booth babes running around with scanners, which was fairly effective at a conference where 95% of the attendees are men.
Every conference I've ever attended has worked this way.
Re:It's just the website. (Score:1, Informative)
That assumption is incorrect [cisco.com].
Read the source material. Cisco doesn't like full disclosure, but they are serious about tracking, fixing, and then informing. They mention welcoming contributions from 'independent researchers' several times in their docs, maintain multiple related mailing lists, and provide upload facilities for suspect firmware.
Hmmm [cisco.com]:"Cisco Security Advisory: Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability: For Public Release 2010 July 07 1600 UTC (GMT) "