AMP Trading data breach (70 gigs, ~100k files - customer data) - Reviews of Brokers and Data Feeds | futures io social day trading
futures io futures trading


AMP Trading data breach (70 gigs, ~100k files - customer data)
Updated: Views / Replies:10,981 / 51
Created: by Big Mike Attachments:1

Welcome to futures io.

(If you already have an account, login at the top of the page)

futures io is the largest futures trading community on the planet, with over 90,000 members. At futures io, our goal has always been and always will be to create a friendly, positive, forward-thinking community where members can openly share and discuss everything the world of trading has to offer. The community is one of the friendliest you will find on any subject, with members going out of their way to help others. Some of the primary differences between futures io and other trading sites revolve around the standards of our community. Those standards include a code of conduct for our members, as well as extremely high standards that govern which partners we do business with, and which products or services we recommend to our members.

At futures io, our focus is on quality education. No hype, gimmicks, or secret sauce. The truth is: trading is hard. To succeed, you need to surround yourself with the right support system, educational content, and trading mentors Ė all of which you can find on futures io, utilizing our social trading environment.

With futures io, you can find honest trading reviews on brokers, trading rooms, indicator packages, trading strategies, and much more. Our trading review process is highly moderated to ensure that only genuine users are allowed, so you donít need to worry about fake reviews.

We are fundamentally different than most other trading sites:
  • We are here to help. Just let us know what you need.
  • We work extremely hard to keep things positive in our community.
  • We do not tolerate rude behavior, trolling, or vendors advertising in posts.
  • We firmly believe in and encourage sharing. The holy grail is within you, we can help you find it.
  • We expect our members to participate and become a part of the community. Help yourself by helping others.

You'll need to register in order to view the content of the threads and start contributing to our community.  It's free and simple.

-- Big Mike, Site Administrator

Reply
 1  
 
Thread Tools Search this Thread
 

AMP Trading data breach (70 gigs, ~100k files - customer data)

  #41 (permalink)
Market Wizard
Bangkok
 
Futures Experience: Intermediate
Platform: MultiCharts.NET, S5, Ninj
Broker/Data: AMP, S5, IB
Favorite Futures: ES
 
DionysusToast's Avatar
 
Posts: 2,653 since Nov 2010
Thanks: 774 given, 8,656 received
Forum Reputation: Legendary


trystanj View Post
I agree absolutely. It shows their utter contempt towards their retail customers and security.

Not really.

If there is a hole found in your security - it makes sense to ensure it is plugged before you alert people.

If the hole is still there - announcing it is INVITING more people to exploit it.

If you have any questions about the products or services provided, please send me a Private Message or use the futures.io "Ask Me Anything" thread
Reply With Quote
The following 5 users say Thank You to DionysusToast for this post:
 
  #42 (permalink)
Get In, Get Out, Get Paid
Springfield, MO/USA
 
Futures Experience: Advanced
Platform: Jigsaw
Broker/Data: AMP CQG
Favorite Futures: ZN, ZB
 
Heph333's Avatar
 
Posts: 43 since Oct 2009
Thanks: 49 given, 70 received

I guess the real question remains: has their customers data been comprimised? Or was the vulnerability found and repaired first?

Sent using the futures.io mobile app

Reply With Quote
The following user says Thank You to Heph333 for this post:
 
  #43 (permalink)
Elite Member
las Vegas/Nevada/USA
 
Futures Experience: Intermediate
Platform: Sierra Chart
Broker/Data: AMP/CQG
Favorite Futures: CL, ES
 
samsin89143's Avatar
 
Posts: 6 since Jul 2015
Thanks: 13 given, 1 received



Heph333 View Post
I guess the real question remains: has their customers data been comprimised? Or was the vulnerability found and repaired first?

Sent using the futures.io mobile app

Or did it happen at all?

Reply With Quote
 
  #44 (permalink)
Get In, Get Out, Get Paid
Springfield, MO/USA
 
Futures Experience: Advanced
Platform: Jigsaw
Broker/Data: AMP CQG
Favorite Futures: ZN, ZB
 
Heph333's Avatar
 
Posts: 43 since Oct 2009
Thanks: 49 given, 70 received

I think this raises bigger issues. Like the need to stop using social security numbers as an I. D. outside of government purposes.

Sent using the futures.io mobile app

Reply With Quote
The following user says Thank You to Heph333 for this post:
 
  #45 (permalink)
Market Wizard
London UK
 
Futures Experience: Beginner
Platform: CQG
Favorite Futures: Futures
 
xplorer's Avatar
 
Posts: 2,990 since Sep 2015
Thanks: 6,430 given, 4,663 received
Forum Reputation: Legendary


Heph333 View Post
I think this raises bigger issues. Like the need to stop using social security numbers as an I. D. outside of government purposes.

I don't think the problem is about what kind of documentation to use to authenticate identities. Sometimes an organization requires a specific document type for operational reasons and there's little recourse to that.

I believe the issue has to do with leaving sensitive data such as passport scans or social security numbers unencrypted.


My two cents.

Reply With Quote
The following user says Thank You to xplorer for this post:
 
  #46 (permalink)
Elite Member
Alicante Spain
 
Futures Experience: Intermediate
Platform: NinjaTrader
Favorite Futures: ZW, ZS, ZC
 
Posts: 4 since Dec 2013
Thanks: 6 given, 3 received


DionysusToast View Post
Not really.

If there is a hole found in your security - it makes sense to ensure it is plugged before you alert people.

If the hole is still there - announcing it is INVITING more people to exploit it.

Thanks for your comments Pete. I agree with what you're saying. I think we are on a different page here though. There seems to have been a bit of conflict over whether the info has been made public on the net or if the vulnerability had been patched before customers were alerted as well as whether the info was in plain text as initially indicated or encrypted as per AMP's notice. I may have been a bit presumptive as to what the situation was early on.

I understand that there will always be vulnerabilities in software and hardware. There always has been. But my point really is why many of these companies it seems stores so much of our sensitive information unencrypted. Maybe I'm making assumptions again. Maybe I'm just a little cynical. Perhaps it comes down to a commercial decision, ie adding added layers of complexity and cost. I guess being in the vendor game yourself you would have a better insight than most.

Reply With Quote
 
  #47 (permalink)
Elite Member
Helsinki, Finland
 
Futures Experience: Advanced
Platform: SC/CQG, API/Rithmic, TWS
Broker/Data: AMP, Interactivebrokers
Favorite Futures: FDAX
 
Scalpguy's Avatar
 
Posts: 154 since Jul 2010
Thanks: 7 given, 95 received


xplorer View Post
It may be that they are using a distribution list service to send these emails. Most companies with a large audience do that nowadays.
If that's the case, it's nothing to worry about.

I got an answer from AMP and this was the case. Still I think it was not their intention to use these "dubbed" links becuase they generate security alerts in customer end.

So no phishing here and it looks everything was ok.

It takes courage to be a Pig
Go With The Flow !
Reply With Quote
 
  #48 (permalink)
~R!$K~
Volcano, HI
 
Futures Experience: None
Platform: Ninja
Broker/Data: AMP/CQG
Favorite Futures: Futura2000
 
dakine's Avatar
 
Posts: 187 since Dec 2009
Thanks: 379 given, 131 received

I'm an AMP customer and haven't received this email. Anyone else?

Reply With Quote
 
  #49 (permalink)
Elite Member
Seattle, WA
 
Futures Experience: Intermediate
Platform: NinjaTrader 8
Broker/Data: AMP/CQG
Favorite Futures: Indices
 
stoicbuddha's Avatar
 
Posts: 79 since Feb 2012
Thanks: 279 given, 62 received


dakine View Post
I'm an AMP customer and haven't received this email. Anyone else?


Me neither!

Our life is our own today. Tomorrow you will be dust, a shade, a tale that is told. Live mindful of death, the hour flies.
Reply With Quote
 
  #50 (permalink)
Elite Member
London
 
Futures Experience: Beginner
Platform: Ninjatrader
Favorite Futures: FGBL, CL
 
Posts: 31 since Jan 2014
Thanks: 8 given, 15 received

new email from AMP


"
We are sending you this email as an update following the notice we sent to you on April 28, 2017 (available here: https://clients.ampfutures.com/notice-customer-data-incident-report) in order to keep you abreast of the most recent developments.

As you were informed in that notice, a well-known Cybersecurity research company had reached out to us to alert us about a possible vulnerability in one in-house back-up file storage server. There was only one server of this type on our network and only this server has an apparently open design flaw. Since AMP had not authorized anyone elseís entry into its systems, we took immediate steps to secure our customers data. We took care to follow our Cybersecurity procedures which have previously been reviewed by our industry regulators as well as federal government agencies.

AMP has confirmed that no one other than the research company accessed the database:

Due to the nature of the access, AMP has been able to determine only one instance of outside access to the server through a thorough examination of the server logs. This access was traced directly to the point the security firm contacted AMP. The backdoor this research company exposed is an app that allows access to the server. This access leaves a definitive trace log, and is the only way into the server without authorization. AMPís IT providers studied the trace logs and confirmed there was only one access that was unaccounted for, which was the research companyís activity. Hence, we have an account of all of the traffic to the server. At no point prior to the research company gaining access did any other entry occur. Therefore, we can say with certainty that only the research companyís access was successful, and hence our customer data was not accessed by anyone else.

The contents of the database that the research company was able to access:

The database that this research company was able to access includes but is not limited to account opening documentation done on paper only, of accounts that opened before October 2010 and 1099 tax documents of US customers from 2015 and before, which qualifies as Personal Identifying Information. However, we have been reassured that this research company has taken steps to keep the data secure and encrypted. The research company has stated that they are working with the SEC and will follow instructions from them regarding the fate of the data they were able to access. AMP is working with federal authorities to ensure that our customer data is safe and secure and will not be used for unlawful purposes such as identity theft.

Data is not accessible to the public

We have no evidence that suggests that personal information accessed by the research company from the database has been or will be used to commit identity theft. On the contrary, it is our belief that this research company is on a mission to make the world of cyberspace a safer place. To be clear, that access was limited to our back-up file storage server, that has a design flaw which the research company knows and understands well. We took their guidance as well as our own IT providers to block access to the server and take it off line. There was no access to the AMP Customer Portal, Customer funds, and no access to any of the trading platforms networks.

Subsequent actions by AMP

The access into the back-up file storage server was quickly determined and that access blocked, and very soon thereafter we decommissioned the accessed server altogether. We have also taken steps to implement end-to-end encryption on all of AMPís housed data, for all data both in transit and at rest.

AMP has been in contact with various federal agencies as well as our regulators, and is working under their guidance, along with the research company to ensure the safety of our customer data.

AMP continues to be alert and monitor for evidence of identity theft. We will continue to provide alerts throughout this process if any further circumstances arise.

Additional precautions

As always, we encourage you to remain alert in guarding your personal information, regularly review your account statements and monitor your credit activity from the major reporting agencies. You may change your password to your portal and trading platform as an additional precaution, change your passwords for other online accounts for which you use the same password, and take any other steps that you may deem appropriate to safeguard your personal information online."

Reply With Quote
The following 3 users say Thank You to Hood for this post:

Reply



futures io > > > > AMP Trading data breach (70 gigs, ~100k files - customer data)

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Upcoming Webinars and Events (4:30PM ET unless noted)

Adam Grimes: TBA

Elite only

NinjaTrader: TBA

Dec 7

Linda Bradford Raschke: TBA

Elite only

Ran Aroussi: TBA

Elite only
     

Similar Threads
Thread Thread Starter Forum Replies Last Post
Anyone has ZN flat tick data files recorded ? supersunny The Elite Circle 5 August 20th, 2016 04:03 PM
Anyone has GC flat tick data files recorded ? supersunny The Elite Circle 1 August 2nd, 2016 12:10 PM
HOME DEPOT COVERING UP MASSIVE CREDIT CARD DATA BREACH kbit News and Current Events 0 September 2nd, 2014 09:05 PM
Hackers Steal Personal Data of 70 Million PlayStation Users Quick Summary News and Current Events 0 April 26th, 2011 08:00 PM
Best Data Provider to compliment Zen-Fire for Mkt Internals & EOD Data? waverider Reviews of Brokers and Data Feeds 17 October 14th, 2010 11:33 AM


All times are GMT -4. The time now is 01:45 PM.

Copyright © 2017 by futures io, s.a., Av Ricardo J. Alfaro, Century Tower, Panama, +507 833-9432, info@futures.io
All information is for educational use only and is not investment advice.
There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
no new posts
Page generated 2017-11-18 in 0.13 seconds with 20 queries on phoenix via your IP 54.162.164.86