NexusFi: Find Your Edge


Home Menu

 





AMP Trading data breach (70 gigs, ~100k files - customer data)


Discussion in Brokers

Updated
      Top Posters
    1. looks_one Big Mike with 9 posts (30 thanks)
    2. looks_two xplorer with 7 posts (5 thanks)
    3. looks_3 samsin78626 with 5 posts (0 thanks)
    4. looks_4 DeliberatingDinos with 4 posts (2 thanks)
      Best Posters
    1. looks_one Jigsaw Trading with 5 thanks per post
    2. looks_two Big Mike with 3.3 thanks per post
    3. looks_3 mattz with 3 thanks per post
    4. looks_4 rleplae with 3 thanks per post
    1. trending_up 41,274 views
    2. thumb_up 69 thanks given
    3. group 23 followers
    1. forum 54 posts
    2. attach_file 1 attachments




 
Search this Thread
  #1 (permalink)
 
Big Mike's Avatar
 Big Mike 
Manta, Ecuador
Site Administrator
Developer
Swing Trader
 
Experience: Advanced
Platform: Custom solution
Broker: IBKR
Trading: Stocks & Futures
Frequency: Every few days
Duration: Weeks
Posts: 50,670 since Jun 2009
Thanks Given: 33,403
Thanks Received: 102,197

As reported by Chris Vickery

Source 1: https://mackeeper.com/blog/biggest-data-breaches-five-years/

Source 2: https://www.dailydot.com/debug/amp-trading-firm-data-breach/


Quoting 
I’ve come across several finance-related data breaches within the past few weeks, most recently involving the AMP Futures trading platform.

While the exact nature of the leak is nothing new, a third-party IT vendor’s unsecured rsync backup device, the amount of money involved is on the large side. The files indicate that AMP has over $50 million on the books and additionally include the private details of over 10,000 account applicants.

The portion I downloaded comes to about 70 gigs and represents 97,000 different files. It includes credit reports, passport scans, internal company emails, customer chat logs, and basically everything an identity thief would need in order to mount a serious campaign. I was surprised at the number of plaintext customer passwords discussed in the chat logs (by staff and customers alike).

It took a few days for me to make contact with a real person at AMP. This is not entirely AMP’s fault though, as companies related to the stock market close down for the Good Friday holiday, which is then followed by a weekend.

The head honcho over at AMP was surprised when I fully explained the situation to him over a phone call. He rightly wondered what AMP was paying its third-party IT company for. If a third party, which specializes in IT, can’t catch this kind of leakage themselves, there is some serious improvement to be done.

AMP’s CEO was relieved to hear that I wasn’t trying to sell him anything or attempting any sort of blackmail or extortion, and I’m thankful he understood that I merely discovered the unsecured data rather than causing it to become unsecured. That’s a distinction many people fail to grasp, especially when their company is potentially in the hot seat.


Quoting 
A data breach at an online futures trading brokerage left exposed thousands of files, including credit reports, passport scans, and customer chat logs.

The leak, now secured, was identified and reported by Chris Vickery of the Kromtech Security Research Team. It was caused by a misconfigured backup device managed by a third-party IT vendor.

The trading firm was identified as AMP, a company that offers numerous platforms for online futures trading. According to the Online Brokers Hub, the company is based in Chicago, Illinois.

While the issue with the backup system is not uncommon, the breach is notable for the amount of money that passes through AMP’s systems. “The files indicate that AMP has over $50 million on the books and additionally include the private details of over 10,000 account applicants,” Kromtech reports.

Vickery reported that about 70GB of data had been sitting on the open web, consisting of roughly 97,000 files.

“It includes credit reports, passport scans, internal company emails, customer chat logs, and basically everything an identity thief would need in order to mount a serious campaign,” Vickery said. “I was surprised at the number of plaintext customer passwords discussed in the chat logs (by staff and customers alike).”

Mike



Join the free Markets Chat beta: Real-time Trading Insights

We're here to help: just ask the community or contact our Help Desk

Quick Links: Change your Username or Register as a Vendor
Searching for trading reviews? Review this list
Lifetime Elite Membership: Sign-up for only $149 USD
Exclusive money saving offers from our Site Sponsors: Browse Offers
Report problems with the site: Using the NexusFi changelog thread
Follow me on Twitter Visit my NexusFi Trade Journal Started this thread Reply With Quote

Can you help answer these questions
from other members on NexusFi?
Has anyone taken The Mentor Program from The Trading Gam …
Trading Reviews and Vendors
Multi-Data Strategy Questions
MultiCharts
How to: Multi Time-Frame Volume Profile?
NinjaTrader
Creating global variables for Ninjatrader
Traders Hideout
Top Pick Trading reviews?
Trading Reviews and Vendors
 
Best Threads (Most Thanked)
in the last 7 days on NexusFi
Vinny E-Mini & Algobox Review TRADE ROOM
8 thanks
Just another trading journal: PA, Wyckoff & Trends
6 thanks
Futures spread trading grains education sources?
6 thanks
Wheres the videos?
3 thanks
Blue wave trading review
2 thanks
  #3 (permalink)
 
Big Mike's Avatar
 Big Mike 
Manta, Ecuador
Site Administrator
Developer
Swing Trader
 
Experience: Advanced
Platform: Custom solution
Broker: IBKR
Trading: Stocks & Futures
Frequency: Every few days
Duration: Weeks
Posts: 50,670 since Jun 2009
Thanks Given: 33,403
Thanks Received: 102,197






Mike



Join the free Markets Chat beta: Real-time Trading Insights

We're here to help: just ask the community or contact our Help Desk

Quick Links: Change your Username or Register as a Vendor
Searching for trading reviews? Review this list
Lifetime Elite Membership: Sign-up for only $149 USD
Exclusive money saving offers from our Site Sponsors: Browse Offers
Report problems with the site: Using the NexusFi changelog thread
Follow me on Twitter Visit my NexusFi Trade Journal Started this thread Reply With Quote
Thanked by:
  #4 (permalink)
 
Big Mike's Avatar
 Big Mike 
Manta, Ecuador
Site Administrator
Developer
Swing Trader
 
Experience: Advanced
Platform: Custom solution
Broker: IBKR
Trading: Stocks & Futures
Frequency: Every few days
Duration: Weeks
Posts: 50,670 since Jun 2009
Thanks Given: 33,403
Thanks Received: 102,197





Mike



Join the free Markets Chat beta: Real-time Trading Insights

We're here to help: just ask the community or contact our Help Desk

Quick Links: Change your Username or Register as a Vendor
Searching for trading reviews? Review this list
Lifetime Elite Membership: Sign-up for only $149 USD
Exclusive money saving offers from our Site Sponsors: Browse Offers
Report problems with the site: Using the NexusFi changelog thread
Follow me on Twitter Visit my NexusFi Trade Journal Started this thread Reply With Quote
  #5 (permalink)
 
xplorer's Avatar
 xplorer 
London UK
Site Moderator
 
Experience: Beginner
Platform: CQG
Broker: S5
Trading: Futures
Posts: 6,088 since Sep 2015
Thanks Given: 15,683
Thanks Received: 15,861

Thanks Mike,

In an increasingly "digital" world it is to be somehow expected that data breaches are on the rise too.


Neither article however makes clear whether the leaked data had been stolen by a 3rd party or not before being secured.


Either way, this is not good publicity for AMP.

Reply With Quote
Thanked by:
  #6 (permalink)
 
Big Mike's Avatar
 Big Mike 
Manta, Ecuador
Site Administrator
Developer
Swing Trader
 
Experience: Advanced
Platform: Custom solution
Broker: IBKR
Trading: Stocks & Futures
Frequency: Every few days
Duration: Weeks
Posts: 50,670 since Jun 2009
Thanks Given: 33,403
Thanks Received: 102,197

"It includes credit reports, passport scans, internal company emails, customer chat logs, and basically everything an identity thief would need in order to mount a serious campaign."

"I was surprised at the number of plaintext customer passwords discussed in the chat logs (by staff and customers alike)."

(quoting the original author, Chris Vickery)

Mike



Join the free Markets Chat beta: Real-time Trading Insights

We're here to help: just ask the community or contact our Help Desk

Quick Links: Change your Username or Register as a Vendor
Searching for trading reviews? Review this list
Lifetime Elite Membership: Sign-up for only $149 USD
Exclusive money saving offers from our Site Sponsors: Browse Offers
Report problems with the site: Using the NexusFi changelog thread
Follow me on Twitter Visit my NexusFi Trade Journal Started this thread Reply With Quote
Thanked by:
  #7 (permalink)
 
tradevelopers's Avatar
 tradevelopers   is a Vendor
 
Posts: 60 since Jan 2013
Thanks Given: 3
Thanks Received: 28

Some body knows if that info was posted ONLINE o r into deepweb?

Follow me on Twitter Reply With Quote
  #8 (permalink)
 
neo2013's Avatar
 neo2013 
Melbourne VIC Australia
 
Experience: Intermediate
Platform: NT8,Bookmap
Broker: Edgeclear,Tradestation,Tradovate
Trading: NQ, ES, SPI200, Income Options
Posts: 13 since Oct 2013
Thanks Given: 9
Thanks Received: 5

I'd change password straight away

Reply With Quote
Thanked by:
  #9 (permalink)
 trystanj 
Alicante Spain
 
Experience: Intermediate
Platform: NinjaTrader
Trading: ZW, ZS, ZC
Posts: 4 since Dec 2013
Thanks Given: 6
Thanks Received: 3

Why do these corporations, AMP, Sony et al continue to store our passwords and data in plain text and unencrypted? This is really sensitive info. Passport copies?! Seriously?

Reply With Quote
Thanked by:
  #10 (permalink)
 
mattz's Avatar
 mattz   is a Vendor
 
Posts: 2,494 since Sep 2010
Thanks Given: 2,442
Thanks Received: 3,797


Email going out to customers of AMP

Dear Customer,

AMP Global Clearing, LLC (AMP) is sending you this notice to keep you updated about your data on our servers. We were recently approached by a Cybersecurity research company with a claim that they had discovered a vulnerability in one of our back-up file storage server.

AMP responded by working with its IT service providers to ensure all vulnerabilities were eliminated in that server. The Cybersecurity research company then confirmed that the vulnerability had been resolved.

We have worked with the Cybersecurity research company, to ensure that all proper steps were taken to safeguard our customers’ information.

We are in direct communication with this Cybersecurity Company and our regulatory agencies. They have confirmed the files they accessed are currently encrypted, pending the instructions of the SEC.

From our understanding, this company’s mission is to make the cyber world safer by educating businesses and communities worldwide, with the goal of helping to protect data, identifying data leaks and following responsible disclosure policy.

At this time, AMP is confident that there are no vulnerabilities on any of our servers. If you have any questions or concerns, please feel free to reach out to our customer service representative.

Trading futures and options involves substantial risk of loss and is not suitable for all investors. Past performance is not necessarily indicative of future results. You may lose more than your initial investment. All posts are opinions and do not claim to be facts. Please conduct your own due diligence. Use only Risk capital when trading Futures.
1 800 771 6748 local 561 367 8686 email [email protected]
Follow me on Twitter Visit my NexusFi Trade Journal Reply With Quote




Last Updated on May 31, 2018


© 2024 NexusFi™, s.a., All Rights Reserved.
Av Ricardo J. Alfaro, Century Tower, Panama City, Panama, Ph: +507 833-9432 (Panama and Intl), +1 888-312-3001 (USA and Canada)
All information is for educational use only and is not investment advice. There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
About Us - Contact Us - Site Rules, Acceptable Use, and Terms and Conditions - Privacy Policy - Sitemap - Downloads - Top
no new posts