this post was submitted on 18 Dec 2023
158 points (98.8% liked)

Technology

59593 readers
2962 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 28 comments
sorted by: hot top controversial new old
[–] silverbax@lemmy.world 53 points 11 months ago* (last edited 11 months ago) (1 children)

Not only is this breach incredibly bad - exposing SSN, DOB, bank account numbers, address - the company slow walked reporting what was happening in real time.

The hackers were openly posting about the incompetence of Mr. Cooper's IT team, so security firms and journalists knew that Mr. Cooper was compromised even though the company stated it was 'just an outage' then they claimed it impacted 4 million users, when it turned out to over 14 million. Unreal.

[–] EvilBit@lemmy.world 17 points 11 months ago (1 children)

I only found out from seeing it here. No email, no app notification.

I go to the site and I’m told I get two years of credit monitoring, so at least I got that going for me. It says I need to get an activation code from my mortgage account.

Guess what’s nowhere to be found in my mortgage account? Yep.

This is some bullshit of the highest order.

[–] JTskulk@lemmy.world 2 points 11 months ago

I got an email from them today.

[–] BeardedBlaze@lemmy.world 24 points 11 months ago (5 children)

Did anyone that uses them receive an email from them about it? I sure as hell have not...

[–] eguidarelli@lemmy.world 23 points 11 months ago (1 children)

Nothing here! My mortgage was bought by Mr. Cooper in September so I just made it into the system before this breach. This article is the first I am hearing that my SSN and Bank Account info was breached :(

[–] ripcord@kbin.social 11 points 11 months ago

And here I was thinking that disclosure was required by law.

[–] fodderoh@lemmy.world 13 points 11 months ago* (last edited 11 months ago) (1 children)

I did, about a month ago.

EDIT: Went back and looked at it. It was just a generic notification that an incident had occurred and that they were taking steps to address it. No details.

[–] Kharmawasvaluable@lemmynsfw.com 6 points 11 months ago

Same. When I called to see how it would affect me I was told it was an outage, not a breach.

[–] ZetaLightning94@lemmy.world 5 points 11 months ago (1 children)

They emailed about an outage and delayed payments around that time

[–] BeardedBlaze@lemmy.world 1 points 11 months ago

That's all I got too.

[–] MumboJumbo@lemmy.world 4 points 11 months ago (1 children)

A Message to Mr. Cooper Customers

On October 31, 2023, our information security team identified an external threat to our network and locked down our systems while we resolved the issue. Over the following weeks, our investigation revealed that certain customer personal information had been compromised. We have been working closely with cyber security experts to determine the full extent of the impact.

We take our role as your mortgage company very seriously, and there is nothing more important to us than maintaining your trust. We truly appreciate your patience as we’ve worked through this situation.

Please take comfort knowing we are adding further security enhancements to help prevent incidents like this from happening in the future, and we are providing two years of free credit monitoring and identity protection services to any customer who would like to enroll. You will receive a letter in the mail soon with more information and next steps.

I am deeply sorry for any concern this incident may have caused. Making your homeownership journey as smooth as possible is our top priority, and we intend to make this right for you.

Sincerely,

Jay Bray

Chairman & Chief Executive Officer, Mr. Cooper Group

[–] EvilBit@lemmy.world 10 points 11 months ago

That looks remarkably like an email I have not received.

[–] code@lemmy.zip 2 points 11 months ago
[–] Altomes@lemm.ee 20 points 11 months ago (1 children)

They should have to pay out damages for shit like this

[–] AdamEatsAss@lemmy.world 3 points 11 months ago

I don't think any loan holders would be affected. They would have to pay to repair their servers and other systems. There should probably be stricter regulations on digital security for important companies like this.

[–] CrimeDad@lemmy.crimedad.work 14 points 11 months ago (1 children)

I think companies like Mr. Cooper just manage the mortgages on behalf of Freddie Mac, so unfortunately the hackers can't do everyone a solid and just delete them.

[–] KairuByte@lemmy.dbzer0.com 1 points 11 months ago (1 children)

Unless they are truly incompetent, there’s no way they could do that regardless. They’d need a no-backup solution, or at least no cold backups.

[–] grayman@lemmy.world 2 points 11 months ago* (last edited 11 months ago) (1 children)

I see you don't work in tech at a large corporation. FYI, even if some of the engineers are good, 99% of management is so incompetent it's flabbergasting.

The big dumb ass Corp, a fortune 100, that I work for had a jr admin... gave him admin on the vmware cluster. The dude deleted 70% of the VMs before anyone noticed. No backups. All hands on deck rebuilding critical systems for a week.

[–] KairuByte@lemmy.dbzer0.com 1 points 11 months ago

I’ve worked for large corps before, all had backups, and whenever money was at risk there were cold backups as well.

Even the clients who were failing and going bankrupt kept backups, actually.

[–] RanchOnPancakes@lemmy.world 10 points 11 months ago

Oh yeah, back in October. i was like "WTF? AGAIN?!"

[–] ivanafterall@kbin.social 8 points 11 months ago* (last edited 11 months ago) (2 children)

Is Mr. Cooper still hangin'!?

[–] RunningInRVA@lemmy.world 2 points 11 months ago (1 children)

No man. It was Hanging with Mr Cooper. Mr. Cooper has been in the dump for years and everybody still hanging with him is dragging too.

[–] ivanafterall@kbin.social 1 points 11 months ago (1 children)

I looked up the real Mr. Cooper and he's had some tough times, but he's still kickin'!

He appeared in the 2002 song "Oakland Raiders" by Oakland rap group Luniz. Delivering a humorous monologue as the song faded out, Curry asserted his status as a pimp and stated his fondness for big dank.

Warms the ol' heart cockles.

[–] RunningInRVA@lemmy.world 2 points 11 months ago (1 children)

Has Mr. Cooper had some tough times? I had no idea. It’s been a while since I hung out with him. I’ll reach out.

[–] ivanafterall@kbin.social 2 points 11 months ago

On May 17, 2007, an Aerosol spray dispenser that had fallen behind a water heater exploded, and Curry, who was doing laundry at the time, was burned on more than 20% of his body, including his arm, back, and side. He spent many months recuperating at his home. According to an Associated Press interview posted on CNN.com on February 17, 2008, Curry went on The Montel Williams Show to discuss his recovery, and mentioned he considered suicide after waking from a three-day, medically induced coma, but decided against it with the help of friends and fellow comedians, such as Sinbad and Bill Cosby.

[–] spongebue@lemmy.world 2 points 11 months ago (1 children)

They just bought my mortgage from Wells Fargo after WF had it for a decade. I just made my first payment a couple weeks ago

[–] phar@lemmy.world 2 points 11 months ago
[–] Nougat@kbin.social 6 points 11 months ago

So good to know that anyone who wants to can buy our PII and leave it vulnerable to mischief.