AMP Trading data breach (70 gigs, ~100k files - customer data) - futures io
futures io futures trading



AMP Trading data breach (70 gigs, ~100k files - customer data)


Discussion in Brokers

Updated by Fu510n
      Top Posters
    1. looks_one Big Mike with 9 posts (29 thanks)
    2. looks_two xplorer with 7 posts (4 thanks)
    3. looks_3 samsin89143 with 5 posts (0 thanks)
    4. looks_4 DeliberatingDinos with 4 posts (2 thanks)
      Best Posters
    1. looks_one Jigsaw Trading with 5.0 thanks per post
    2. looks_two Big Mike with 3.2 thanks per post
    3. looks_3 mattz with 3.0 thanks per post
    4. looks_4 rleplae with 3.0 thanks per post
    1. trending_up 18,764 views
    2. thumb_up 67 thanks given
    3. group 23 followers
    1. forum 54 replies
    2. attach_file 1 attachments




Welcome to futures io: the largest futures trading community on the planet, with well over 100,000 members
  • Genuine reviews from real traders, not fake reviews from stealth vendors
  • Quality education from leading professional traders
  • We are a friendly, helpful, and positive community
  • We do not tolerate rude behavior, trolling, or vendors advertising in posts
  • We are here to help, just let us know what you need
You'll need to register in order to view the content of the threads and start contributing to our community.  It's free and simple.

-- Big Mike, Site Administrator

(If you already have an account, login at the top of the page)

 
Search this Thread
 

AMP Trading data breach (70 gigs, ~100k files - customer data)

(login for full post details)
  #1 (permalink)
Site Administrator
Manta, Ecuador
 
Experience: Advanced
Platform: My own custom solution
Trading: Emini Futures
 
Big Mike's Avatar
 
Posts: 48,914 since Jun 2009
Thanks: 31,587 given, 94,554 received

As reported by Chris Vickery

Source 1: https://mackeepersecurity.com/post/amp-trading-platform-breach

Source 2: https://www.dailydot.com/layer8/amp-trading-firm-data-breach/


Quoting 
Iíve come across several finance-related data breaches within the past few weeks, most recently involving the AMP Futures trading platform.

While the exact nature of the leak is nothing new, a third-party IT vendorís unsecured rsync backup device, the amount of money involved is on the large side. The files indicate that AMP has over $50 million on the books and additionally include the private details of over 10,000 account applicants.

The portion I downloaded comes to about 70 gigs and represents 97,000 different files. It includes credit reports, passport scans, internal company emails, customer chat logs, and basically everything an identity thief would need in order to mount a serious campaign. I was surprised at the number of plaintext customer passwords discussed in the chat logs (by staff and customers alike).

It took a few days for me to make contact with a real person at AMP. This is not entirely AMPís fault though, as companies related to the stock market close down for the Good Friday holiday, which is then followed by a weekend.

The head honcho over at AMP was surprised when I fully explained the situation to him over a phone call. He rightly wondered what AMP was paying its third-party IT company for. If a third party, which specializes in IT, canít catch this kind of leakage themselves, there is some serious improvement to be done.

AMPís CEO was relieved to hear that I wasnít trying to sell him anything or attempting any sort of blackmail or extortion, and Iím thankful he understood that I merely discovered the unsecured data rather than causing it to become unsecured. Thatís a distinction many people fail to grasp, especially when their company is potentially in the hot seat.


Quoting 
A data breach at an online futures trading brokerage left exposed thousands of files, including credit reports, passport scans, and customer chat logs.

The leak, now secured, was identified and reported by Chris Vickery of the Kromtech Security Research Team. It was caused by a misconfigured backup device managed by a third-party IT vendor.

The trading firm was identified as AMP, a company that offers numerous platforms for online futures trading. According to the Online Brokers Hub, the company is based in Chicago, Illinois.

While the issue with the backup system is not uncommon, the breach is notable for the amount of money that passes through AMPís systems. ďThe files indicate that AMP has over $50 million on the books and additionally include the private details of over 10,000 account applicants,Ē Kromtech reports.

Vickery reported that about 70GB of data had been sitting on the open web, consisting of roughly 97,000 files.

ďIt includes credit reports, passport scans, internal company emails, customer chat logs, and basically everything an identity thief would need in order to mount a serious campaign,Ē Vickery said. ďI was surprised at the number of plaintext customer passwords discussed in the chat logs (by staff and customers alike).Ē

Mike

We're here to help -- just ask

For the best trading education, watch our webinars
Searching for trading reviews? Review this list

Follow us on Twitter, YouTube, and Facebook

Support our community as an Elite Member:
https://futures.io/elite/
Follow me on Twitter Visit my Facebook Visit my futures io Trade Journal Reply With Quote
The following 21 users say Thank You to Big Mike for this post:

 
 
(login for full post details)
  #3 (permalink)
Site Administrator
Manta, Ecuador
 
Experience: Advanced
Platform: My own custom solution
Trading: Emini Futures
 
Big Mike's Avatar
 
Posts: 48,914 since Jun 2009
Thanks: 31,587 given, 94,554 received






Mike

We're here to help -- just ask

For the best trading education, watch our webinars
Searching for trading reviews? Review this list

Follow us on Twitter, YouTube, and Facebook

Support our community as an Elite Member:
https://futures.io/elite/
Follow me on Twitter Visit my Facebook Visit my futures io Trade Journal Reply With Quote
The following 3 users say Thank You to Big Mike for this post:
 
(login for full post details)
  #4 (permalink)
Site Administrator
Manta, Ecuador
 
Experience: Advanced
Platform: My own custom solution
Trading: Emini Futures
 
Big Mike's Avatar
 
Posts: 48,914 since Jun 2009
Thanks: 31,587 given, 94,554 received





Mike

We're here to help -- just ask

For the best trading education, watch our webinars
Searching for trading reviews? Review this list

Follow us on Twitter, YouTube, and Facebook

Support our community as an Elite Member:
https://futures.io/elite/
Follow me on Twitter Visit my Facebook Visit my futures io Trade Journal Reply With Quote
 
(login for full post details)
  #5 (permalink)
Site Moderator
London UK
 
Experience: Beginner
Platform: CQG
Broker: S5
Trading: Futures
 
xplorer's Avatar
 
Posts: 5,060 since Sep 2015
Thanks: 12,634 given, 11,364 received

Thanks Mike,

In an increasingly "digital" world it is to be somehow expected that data breaches are on the rise too.


Neither article however makes clear whether the leaked data had been stolen by a 3rd party or not before being secured.


Either way, this is not good publicity for AMP.

Reply With Quote
The following user says Thank You to xplorer for this post:
 
(login for full post details)
  #6 (permalink)
Site Administrator
Manta, Ecuador
 
Experience: Advanced
Platform: My own custom solution
Trading: Emini Futures
 
Big Mike's Avatar
 
Posts: 48,914 since Jun 2009
Thanks: 31,587 given, 94,554 received

"It includes credit reports, passport scans, internal company emails, customer chat logs, and basically everything an identity thief would need in order to mount a serious campaign."

"I was surprised at the number of plaintext customer passwords discussed in the chat logs (by staff and customers alike)."

(quoting the original author, Chris Vickery)

Mike

We're here to help -- just ask

For the best trading education, watch our webinars
Searching for trading reviews? Review this list

Follow us on Twitter, YouTube, and Facebook

Support our community as an Elite Member:
https://futures.io/elite/
Follow me on Twitter Visit my Facebook Visit my futures io Trade Journal Reply With Quote
The following 2 users say Thank You to Big Mike for this post:
 
(login for full post details)
  #7 (permalink)
Madrid Spain
 
Experience: Advanced
Platform: Ninjatrader Developers
Broker: NinjaTrader Brokerage
Trading: ES and CL
 
tradevelopers's Avatar
 
Posts: 31 since Jan 2013
Thanks: 1 given, 8 received

Some body knows if that info was posted ONLINE o r into deepweb?

Follow me on Twitter Visit my Facebook Reply With Quote
 
(login for full post details)
  #8 (permalink)
Melbourne VIC Australia
 
Experience: Intermediate
Platform: Sierra, Jigsaw
Broker: Tradovate , OEC
Trading: NQ, ES, SPI200, Income Options
 
neo2013's Avatar
 
Posts: 9 since Oct 2013
Thanks: 7 given, 3 received

I'd change password straight away

Reply With Quote
The following user says Thank You to neo2013 for this post:
 
(login for full post details)
  #9 (permalink)
Alicante Spain
 
Experience: Intermediate
Platform: NinjaTrader
Trading: ZW, ZS, ZC
 
Posts: 4 since Dec 2013
Thanks: 6 given, 3 received

Why do these corporations, AMP, Sony et al continue to store our passwords and data in plain text and unencrypted? This is really sensitive info. Passport copies?! Seriously?

Reply With Quote
The following user says Thank You to trystanj for this post:
 
(login for full post details)
  #10 (permalink)
Market Wizard
Boca Raton
 
Experience: Advanced
Platform: Optimus Flow
Broker: We are a Broker.Optimus Futures, LLC
Trading: Futures
 
mattz's Avatar
 
Posts: 2,471 since Sep 2010
Thanks: 2,397 given, 3,676 received


Email going out to customers of AMP

Dear Customer,

AMP Global Clearing, LLC (AMP) is sending you this notice to keep you updated about your data on our servers. We were recently approached by a Cybersecurity research company with a claim that they had discovered a vulnerability in one of our back-up file storage server.

AMP responded by working with its IT service providers to ensure all vulnerabilities were eliminated in that server. The Cybersecurity research company then confirmed that the vulnerability had been resolved.

We have worked with the Cybersecurity research company, to ensure that all proper steps were taken to safeguard our customersí information.

We are in direct communication with this Cybersecurity Company and our regulatory agencies. They have confirmed the files they accessed are currently encrypted, pending the instructions of the SEC.

From our understanding, this companyís mission is to make the cyber world safer by educating businesses and communities worldwide, with the goal of helping to protect data, identifying data leaks and following responsible disclosure policy.

At this time, AMP is confident that there are no vulnerabilities on any of our servers. If you have any questions or concerns, please feel free to reach out to our customer service representative.

Trading futures and options involves substantial risk of loss and is not suitable for all investors. Past performance is not necessarily indicative of future results. You may lose more than your initial investment. All posts are opinions and do not claim to be facts. Please conduct your own due diligence. Use only Risk capital when trading Futures.
1 800 771 6748 local 561 367 8686 email support@OptimusFutures.com
Reply With Quote
The following 5 users say Thank You to mattz for this post:


futures io Trading Community Trading Reviews and Vendors Brokers > AMP Trading data breach (70 gigs, ~100k files - customer data)


May 31, 2018


Upcoming Webinars and Events
 

Introducing Edge Pools: Prop Pricing Model w/Edge Clear

Jul 9
 

Every journal equals ten meals for the hungry

Now
     



Copyright © 2020 by futures io, s.a., Av Ricardo J. Alfaro, Century Tower, Panama, +507 833-9432, info@futures.io
All information is for educational use only and is not investment advice.
There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
no new posts