A DataBreaches.net exclusive:
It is not uncommon for a firm to deny allegations that they have been breached. It is not uncommon for a firm to acknowledge that there has been a breach but claim that it is not as dramatic as a researcher might claim.
And it is not uncommon for researchers to receive legal threat letters concerning their claims, as this blogger is all too painfully aware.
But in my experience, it is uncommon that months after a breach claim, the controversy is escalating instead of coming closer to resolution. But that is precisely appears to be what is happening between NightLion Security and Astoria Company LLC.
In a new report, What Happened? DataBreaches.net discusses a disputed breach report.
There are two main parts to the report. There is the issue of whether the data are real and whether this was a small breach or a massive breach in scope. And then there is the issue of what happened when DataBreaches.net attempted to investigate and validate claims made to this site by NightLion Security’s CEO, Vinny Troia.
May 23: Updated and Revised: The report that originally appeared was revised to incorporate clarification from Telegram as to how administrator logs for a channel could be doctored or edited after the fact.
The revised report has now been split into two parts, both pdf files:
“What Happened – Rev2” — the main report, revised May 23; and
“What Happened- Appendix” — the screencaps for the posts referenced in the report.
Related: A copy of Astoria’s data breach notification, submitted to the Massachusetts Attorney General’s Office, has been uploaded to this site, here. On April 27, they notified 70 consumers nationwide, based on the sample of data that they had received and that they had confirmed came from their system. Whether they will be notifying millions more remains to be seen.
Updated November 28: Astoria recently notified 940,000 consumers.