this post was submitted on 07 Jul 2024
31 points (100.0% liked)

Montréal

15 readers
1 users here now

VOIR POTEAU PINNÉ

SEE PINNED POST

Les règles:

  1. Les poteaux doivent être en lien avec la grande région de Montréal et / ou sa culture et / ou sa population.
  2. Aucune bigoterie ne sera tolérée. Ça comprend, mais sans se limiter à, le racisme, le sexisme, l'homophobie, la transphobie, etc.
  3. Soyez respectueux envers l'aspect multiculturel de Montréal et les autres internautes. Ce sublemmy est bilingue (anglais / français).
  4. Effectuez une recherche internet avant de poser des questions sur de l'information façilement accessible.
  5. Aucune auto-promotion (incluant trucs à vendre), sauf sous approbation par l'équipe de modération. Toute auto-promotion non-approuvée sera considérée comme étant du spam.
  6. Pas d'éditorialisme des titres lorsque l'on partage un article. Utilisez le titre original, écrivez un commentaire pour partager votre opinion.
  7. Tentez de lier la source directe, lorsque possible. Évitez les blogs qui paraphrasent la source.
  8. Pas d'objets perdus.
  9. Pas de meme macros.
  10. Rien d'illégal ou trop NSFW.
  11. Pas de robots sans approbation au préalable
  12. Utilisez le gros bon sens

Rules:

  1. Posts must be related to the region of Montreal and / or its culture and / or its population.
  2. Absolutely no bigotry will be tolerated. This includes, but is not limited to, racism, sexism, homophobia, transphobia, etc.
  3. Be respectful towards the multicultural aspect of Montreal and your fellow users. This sublemmy is bilingual (French / English).
  4. Perform an internet search before asking questions on easily accessible information.
  5. No self-promotion (including for sale items), unless approved by the mod team. All unapproved self-promotion will be considered as spam.
  6. No title editorialism when sharing an article. Use the original title, write a comment to share your opinion.
  7. Try to link to the original source whenever possible. Avoid sources that paraphrase other sources.
  8. No lost and found.
  9. No meme macros.
  10. Nothing illegal or overly NSFW.
  11. No bots without prior approval
  12. Use common sense.

founded 1 year ago
MODERATORS
isVeryLoud@lemmy.ca
31
BIXI got breached (lemmy.ca)
submitted 4 months ago* (last edited 4 months ago) by isVeryLoud@lemmy.ca to c/montreal@lemmy.ca
18 comments fedilink hide all child comments
 

I know this because I use SimpleLogin to provide each service with its own specialized email address. You can see in the picture the address starts with bixi@sl.***

It's also possible but unlikely that they sold user data.

top 18 comments
sorted by: hot top controversial new old
[–] AnotherDirtyAnglo@lemmy.ca 7 points 4 months ago (1 children)

I also assign unique eMail addresses for my online accounts, and also got this eMail today.

It's likely that Bixi got hacked, not that they sold the eMail address.

Just do what I do -- change the eMail address slightly on the mail server and on your online account.

[–] isVeryLoud@lemmy.ca 5 points 4 months ago

Oh yeah absolutely, it was just concerning to me that Bixi of all people would let my email address loose.

[–] Max_P@lemmy.max-p.me 4 points 4 months ago* (last edited 4 months ago) (2 children)

I think it's more likely they got breached, or a third-party was breached (I see "zoho" in there). It's easy for companies with shitty code to leak things like SendGrid tokens and web scrapers pick them up and use them for shit like the email you got.

I do the same thing for my emails, it's wild to trace back who leaked my email addresses. Man I hate how lousy our tech security is these days, or rather, the lack of fucks given and the lack of protections for consumers. Companies would rather buy cybersecurity insurance than actually make their shit secure.

[–] AnotherDirtyAnglo@lemmy.ca 2 points 4 months ago

I just checked some older eMails, and it's not their mail provider / API token that got breached (previous messages used cyberimpact, not zoho).

[–] isVeryLoud@lemmy.ca 1 points 4 months ago

This is probably the case, I've updated my title.

[–] paige@lemmy.ca 3 points 4 months ago* (last edited 4 months ago) (2 children)

This is not sufficient for your conclusion given the burden of proof required for this claim. And, to be clear, you are claiming that: This organization controlled by the municipality is SELLING your email address. Your proof is a screenshot with the addressed censored. Not that there was a leak, not that someone guessed this handle, not that PBSC got hacked, not that you typed the wrong handle into a form. I can run this past bixi for you if you DM me your address, but you're assuming a lot and I would bet not just MAGA but real coins that you're wrong about bixi selling your info.

[–] isVeryLoud@lemmy.ca 3 points 4 months ago* (last edited 4 months ago)

That's a fair point, it's totally possible they got breached, I'll update my title / desc accordingly :)

Btw, as far as I know, Bixi is owned by Lyft and not the municipality, but feel free to correct me.

[–] isVeryLoud@lemmy.ca 1 points 4 months ago (1 children)

Btw I contacted them by email this morning and gave them all the information I have, waiting on a reply.

I sent you a PM with the information, let me know if you got it :)

[–] paige@lemmy.ca 1 points 4 months ago (1 children)

I’ve gotten no response from them after a couple of days

[–] isVeryLoud@lemmy.ca 1 points 4 months ago* (last edited 4 months ago)

Call em, let them know your case number, it's what I did.

They replied to me letting me know they were looking into it after our call.

[–] RealCaptPicard@lemmy.ca 2 points 4 months ago (1 children)

Pour ma part je n'ai pas reçu ce joli courriel. Peut-être que leur modèle de traitement pense que je suis trop pauvre pour leur arnaque 🤷

[–] isVeryLoud@lemmy.ca 1 points 4 months ago (1 children)

Il est possible que tu sois tombé sur une autre liste de distribution, Zoho ne semble pas être leur fournisseur courant.

[–] RealCaptPicard@lemmy.ca 2 points 4 months ago (1 children)

Ou alors la possible fuite se serait produite avant mon inscription en 2019. C'est quand même intriguant comme situation en lien avec bixi

[–] isVeryLoud@lemmy.ca 1 points 4 months ago (1 children)

Impossible, ça fait moins d'un an que j'ai cette adresse courriel

Perso je pense qu'ils testent les eaux avec une petite batch avant d'envoyer une grosse batch de spam à tout le monde, voir si Bixi va s'en rendre compte.

[–] RealCaptPicard@lemmy.ca 2 points 4 months ago (1 children)

Bon bien on va rester sur le qui-vive. On n'est pas rendu à une alerte de fuite de données personnelles près depuis quelques mois...

[–] isVeryLoud@lemmy.ca 1 points 4 months ago

TicketMaster: Hold my beer

[–] jszym@cosocial.ca 2 points 4 months ago (1 children)

@isVeryLoud I got the same email a few days ago from my bixi-specific account. This is pretty typical of a breach, doubt they sold it as such.

[–] isVeryLoud@lemmy.ca 1 points 4 months ago* (last edited 4 months ago)

Yup it is most likely a breach, I reported it to them on my side, it'd be great since you also have a single-use email address if you could also report it to them.

You can give them a call after you email them the info to get them to get on it, that's what I did :)