AMP Trading data breach (70 gigs, ~100k files - customer data) - Reviews of Brokers and Data Feeds | futures io social day trading
futures io futures trading


AMP Trading data breach (70 gigs, ~100k files - customer data)
Updated: Views / Replies:10,979 / 51
Created: by Big Mike Attachments:1

Welcome to futures io.

(If you already have an account, login at the top of the page)

futures io is the largest futures trading community on the planet, with over 90,000 members. At futures io, our goal has always been and always will be to create a friendly, positive, forward-thinking community where members can openly share and discuss everything the world of trading has to offer. The community is one of the friendliest you will find on any subject, with members going out of their way to help others. Some of the primary differences between futures io and other trading sites revolve around the standards of our community. Those standards include a code of conduct for our members, as well as extremely high standards that govern which partners we do business with, and which products or services we recommend to our members.

At futures io, our focus is on quality education. No hype, gimmicks, or secret sauce. The truth is: trading is hard. To succeed, you need to surround yourself with the right support system, educational content, and trading mentors – all of which you can find on futures io, utilizing our social trading environment.

With futures io, you can find honest trading reviews on brokers, trading rooms, indicator packages, trading strategies, and much more. Our trading review process is highly moderated to ensure that only genuine users are allowed, so you don’t need to worry about fake reviews.

We are fundamentally different than most other trading sites:
  • We are here to help. Just let us know what you need.
  • We work extremely hard to keep things positive in our community.
  • We do not tolerate rude behavior, trolling, or vendors advertising in posts.
  • We firmly believe in and encourage sharing. The holy grail is within you, we can help you find it.
  • We expect our members to participate and become a part of the community. Help yourself by helping others.

You'll need to register in order to view the content of the threads and start contributing to our community.  It's free and simple.

-- Big Mike, Site Administrator

Reply
 1  
 
Thread Tools Search this Thread
 

AMP Trading data breach (70 gigs, ~100k files - customer data)

  #21 (permalink)
Administrator: Retired Backtester
 Vendor: speedytradingservers.com 
Rennes France
 
Futures Experience: Advanced
Platform: NinjaTrader
Broker/Data: IB/Kinetick
Favorite Futures: Futures
 
sam028's Avatar
 
Posts: 3,358 since Jun 2009
Thanks: 3,565 given, 3,976 received


xplorer View Post
...

I would have thought that this is in AMP's court, for them to engage a cybersecurity firm to understand what, if anything, was downloaded.

Hard to know I think, if the data were initially on the dark web (Tor network) and then pushed outside.

The blog post from the security researcher was April 24th, clients were informed 4 days later, not very fast...

Success requires no deodorant! (Sun Tzu)
Reply With Quote
The following user says Thank You to sam028 for this post:
 
  #22 (permalink)
Elite Member
Alicante Spain
 
Futures Experience: Intermediate
Platform: NinjaTrader
Favorite Futures: ZW, ZS, ZC
 
Posts: 4 since Dec 2013
Thanks: 6 given, 3 received


DeliberatingDinos View Post
I agree that commercial common sense here is of prime importance. What this breach shows more than anything else is AMP's attitude about data security. What is worth highlighting is that this kind of breach of this kind of unprotected sensitive data does not occur by mere negligence; it's enabled because of a complete disregard and lack of care about even basic security. This breach doesn't just show that AMP made a mistake; it shows that they must not have given the slightest care to data security; not the slightest care. I would not want to do business with a broker that had that kind of attitude about my sensitive data, no matter how much they apologize or mend their ways.

I agree absolutely. It shows their utter contempt towards their retail customers and security.

Reply With Quote
 
  #23 (permalink)
Elite Member
las Vegas/Nevada/USA
 
Futures Experience: Intermediate
Platform: Sierra Chart
Broker/Data: AMP/CQG
Favorite Futures: CL, ES
 
samsin89143's Avatar
 
Posts: 6 since Jul 2015
Thanks: 13 given, 1 received


I emailed AMP about the breach and there reply was "At this time, AMP is confident that there are no vulnerabilities on any of our servers.". So I replied with "I'm sure there aren't now, what about the past, was there a breach? Please answer yes or no.". They replied "No"

So, was there a breach and they are covering it up or did it not happen?

Reply With Quote
 
  #24 (permalink)
Elite Member
Seattle, Washington
 
Futures Experience: Beginner
Platform: Jigsaw; Custom tool
Broker/Data: Stage5
Favorite Futures: ES, TF, VX
 
Posts: 15 since Nov 2016
Thanks: 7 given, 9 received


samsin89143 View Post
I emailed AMP about the breach and there reply was "At this time, AMP is confident that there are no vulnerabilities on any of our servers.". So I replied with "I'm sure there aren't now, what about the past, was there a breach? Please answer yes or no.". They replied "No"

So, was there a breach and they are covering it up or did it not happen?

No server is invulnerable, no fortress is impenetrable, and no ship is unsinkable. Anybody holding sensitive data needs to understand this, and take reasonable steps in light of what they're storing to protect it. You don't stop at trying to make the container impenetrable, you also encrypt the contents.

Reply With Quote
The following user says Thank You to DeliberatingDinos for this post:
 
  #25 (permalink)
Trading Apprentice
Chicago USA
 
Futures Experience: Advanced
Platform: NinjaTrader
Favorite Futures: ES
 
Posts: 15 since Jun 2011
Thanks: 2 given, 6 received

I just received this from AMP Futures

AMP Global Clearing, LLC (AMP) is sending you this notice to keep you updated about your data on our servers. We were recently approached by a Cybersecurity research company with a claim that they had discovered a vulnerability in one of our back-up file storage server.

AMP responded by working with its IT service providers to ensure all vulnerabilities were eliminated in that server. The Cybersecurity research company then confirmed that the vulnerability had been resolved.

We have worked with the Cybersecurity research company, to ensure that all proper steps were taken to safeguard our customers’ information.

We are in direct communication with this Cybersecurity Company and our regulatory agencies. They have confirmed the files they accessed are currently encrypted, pending the instructions of the SEC.

From our understanding, this company’s mission is to make the cyber world safer by educating businesses and communities worldwide, with the goal of helping to protect data, identifying data leaks and following responsible disclosure policy.

At this time, AMP is confident that there are no vulnerabilities on any of our servers.

If you have any questions or concerns, please feel free to reach out to our customer service representative https://www.ampfutures.com/contact-us/

Reply With Quote
 
  #26 (permalink)
Elite Member
las Vegas/Nevada/USA
 
Futures Experience: Intermediate
Platform: Sierra Chart
Broker/Data: AMP/CQG
Favorite Futures: CL, ES
 
samsin89143's Avatar
 
Posts: 6 since Jul 2015
Thanks: 13 given, 1 received


DeliberatingDinos View Post
No server is invulnerable, no fortress is impenetrable, and no ship is unsinkable. Anybody holding sensitive data needs to understand this, and take reasonable steps in light of what they're storing to protect it. You don't stop at trying to make the container impenetrable, you also encrypt the contents.

I totally agree. But replying the way they did only increases their liability on this manner. Is it possible that this is a competitor trying to bring them down?

Reply With Quote
 
  #27 (permalink)
Elite Member
Brisbane + Queensland/Australia
 
Futures Experience: Beginner
Platform: NinjaTrader, Sierra Chart
Broker/Data: CQG, IQFeed
Favorite Futures: S&P Emini Futures
 
Posts: 54 since Mar 2015
Thanks: 38 given, 70 received


sam028 View Post
Hard to know I think, if the data were initially on the dark web (Tor network) and then pushed outside.

The blog post from the security researcher was April 24th, clients were informed 4 days later, not very fast...

Wouldn't they want to secure first before going public so its not a free for all for every malicious hacker who would then publicly know the door was open.....

IF it has been accessed prior to this researcher, they would want check that before every other wannabe hacker started poking around due to a public broadcast of a flaw I would think. Fastest way to get out a major (or minor) security flaw would be to tell the customers who it affects who then go asking for more details on forums/chats and so on and in the process, inadvertently disseminate the exploit for hackers to then attack. Its a hard line to walk, on the one hand, the customer EXPECTS transparency but the other hand they also expect to be protected and have exposure limited if possible.

AMP is damned if they do and damned if they don't....

Hopefully they found a path to limit customer exposure AND let customer know as soon as the security flaw was no longer able to be exploited. 4 days kind of sucks but at least AMP seem to be retroactively trying to fix this issue when its highlighted to them. Should have been a proactive approach though........... That's just good business when dealing with data security. Some serious talks need to be had with their 3rd party provider of that service but at the end of the day, the buck stops with AMP to ENSURE compliance. At the very minimum if they outsourced it because of not having the necessary skills in-house, they should have another party periodically audit and check the compliance of that 3rd party.

Of interest is the researchers claim he has found "other" security flaws within this sector recently....... Would be interesting to see what other brokers (if any) or associated companies with such personal details on file, have also left customer data exposed but have chosen to keep it on the dl from customers.




I dare say that AMP is having some serious discussions right now with outside professionals about mapping a path forward that strongly protects customers data so as to try and claw back customers trust.

Looks like AMP actually retained a 3rd party to ensure compliance in this area but sadly seems that 3rd party didn't have anyone auditing or checking how good they actually were at doing that job.......

Reply With Quote
 
  #28 (permalink)
Market Wizard
London UK
 
Futures Experience: Beginner
Platform: CQG
Favorite Futures: Futures
 
xplorer's Avatar
 
Posts: 2,990 since Sep 2015
Thanks: 6,430 given, 4,663 received
Forum Reputation: Legendary


sam028 View Post
The blog post from the security researcher was April 24th, clients were informed 4 days later, not very fast...

That's when the researcher found the vulnerability. The article does not say how long the data had been available.

Reply With Quote
The following user says Thank You to xplorer for this post:
 
  #29 (permalink)
Elite Member
las Vegas/Nevada/USA
 
Futures Experience: Intermediate
Platform: Sierra Chart
Broker/Data: AMP/CQG
Favorite Futures: CL, ES
 
samsin89143's Avatar
 
Posts: 6 since Jul 2015
Thanks: 13 given, 1 received

I am an AMP customer and today is the first I have heard of this. I never received anything from AMP. Are there AMP customers here who have been notified of a breach? Or were only customers that potentially affected contacted?

Reply With Quote
 
  #30 (permalink)
Elite Member
Seattle, Washington
 
Futures Experience: Beginner
Platform: Jigsaw; Custom tool
Broker/Data: Stage5
Favorite Futures: ES, TF, VX
 
Posts: 15 since Nov 2016
Thanks: 7 given, 9 received



samsin89143 View Post
I totally agree. But replying the way they did only increases their liability on this manner. Is it possible that this is a competitor trying to bring them down?

Unlikely.

1. Never attribute to malice......
2. Civil liability for data breaches, at least in the US, is basically a joke (as far as a client/victim suing is concerned). In a nutshell, you have to prove that your identity was stolen and that it harmed you, and that the thief used what was stolen from breached company. It's incredibly hard to prove, and the payout even with a win is unlikely to be worth the cost. Also, assume that class actions were agreed away, so there's not really any meaningful remedy beyond talking with your wallet. The lack of a meaningful remedy correlates with consequences; few consequences = [ ]. It's a disturbing state of affairs...

Reply With Quote
The following user says Thank You to DeliberatingDinos for this post:

Reply



futures io > > > > AMP Trading data breach (70 gigs, ~100k files - customer data)

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Upcoming Webinars and Events (4:30PM ET unless noted)

Adam Grimes: TBA

Elite only

NinjaTrader: TBA

Dec 7

Linda Bradford Raschke: TBA

Elite only

Ran Aroussi: TBA

Elite only
     

Similar Threads
Thread Thread Starter Forum Replies Last Post
Anyone has ZN flat tick data files recorded ? supersunny The Elite Circle 5 August 20th, 2016 04:03 PM
Anyone has GC flat tick data files recorded ? supersunny The Elite Circle 1 August 2nd, 2016 12:10 PM
HOME DEPOT COVERING UP MASSIVE CREDIT CARD DATA BREACH kbit News and Current Events 0 September 2nd, 2014 09:05 PM
Hackers Steal Personal Data of 70 Million PlayStation Users Quick Summary News and Current Events 0 April 26th, 2011 08:00 PM
Best Data Provider to compliment Zen-Fire for Mkt Internals & EOD Data? waverider Reviews of Brokers and Data Feeds 17 October 14th, 2010 11:33 AM


All times are GMT -4. The time now is 12:02 PM.

Copyright © 2017 by futures io, s.a., Av Ricardo J. Alfaro, Century Tower, Panama, +507 833-9432, info@futures.io
All information is for educational use only and is not investment advice.
There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
no new posts
Page generated 2017-11-18 in 0.14 seconds with 20 queries on phoenix via your IP 54.162.250.227