# Canon hit by Maze Ransomware attack, 10TB data allegedly stolen



## Canon Rumors Guy (Aug 6, 2020)

> The hits keep on coming for Canon. This time it’s a ransomware attack of the Canon USA web site and other Canon USA services.
> The ransomware attack includes Canon’s email, Microsoft Teams, the Canon USA web site along with other internal applications. It’s also reported that 10TB of data has been stolen in the attack.
> You can read all about this ransomware attack here.



Continue reading...


----------



## crake (Aug 6, 2020)

Well crap - guess I won't be getting my RF refurb afterall. Hope Canon recovers quickly!


----------



## Mike the cat (Aug 6, 2020)

Please god don't let this affect my R5 pre-order .


----------



## David_E (Aug 6, 2020)

Hey, Canon, get a Mac!


----------



## SteveC (Aug 6, 2020)

David_E said:


> Hey, Canon, get a Mac!



Or Linux.

In all seriousness, I have an order from the Refurb shop in the pipeline. Or do I?

And presumably they were hanging on to my card number to charge it when it became available...so the hackers now have it.


----------



## avoidingconcrete (Aug 6, 2020)

Same thing happened to Garmin last week. These seem to be happening more and more recently..


----------



## Eric Mazzone (Aug 6, 2020)

SteveC said:


> Or Linux.
> 
> In all seriousness, I have an order from the Refurb shop in the pipeline. Or do I?
> 
> And presumably they were hanging on to my card number to charge it when it became available...so the hackers now have it.



Keep an eye on your accounts. My card got hit yesterday with a few fraudulent charges.


----------



## Mt Spokane Photography (Aug 6, 2020)

I just removed my credit freeze this morning as I talk to my bankers about mortgaging the house to get a R5


----------



## canonnews (Aug 6, 2020)

SteveC said:


> Or Linux.
> 
> In all seriousness, I have an order from the Refurb shop in the pipeline. Or do I?
> 
> And presumably they were hanging on to my card number to charge it when it became available...so the hackers now have it.


usually not - they don't hang onto the number (usually). what they do is pre-auth your card and store that transaction id. they then process / complete the transaction when the item ships.

it's actually against visa and mastercard rules to store the full credit card number anywhere.


----------



## pmjm (Aug 6, 2020)

canonnews said:


> it's actually against visa and mastercard rules to store the full credit card number anywhere.



How do sites store your card for subsequent purchases then?


----------



## drisley (Aug 6, 2020)

Sony fanboys have been busy.


----------



## RayValdez360 (Aug 6, 2020)

pmjm said:


> How do sites store your card for subsequent purchases then?


You usually have to agree unless it is in the cookies.


----------



## Del Paso (Aug 6, 2020)

drisley said:


> Sony fanboys have been busy.


That's exactly what I thought...


----------



## Canon Rumors Guy (Aug 6, 2020)

pmjm said:


> How do sites store your card for subsequent purchases then?



You give them permission to do so.


----------



## Tony Bennett (Aug 6, 2020)

crake said:


> Well crap - guess I won't be getting my RF refurb afterall. Hope Canon recovers quickly!



I bought a refurbished mount adapter. Looks like I won't be getting mine anytime soon either. Ugh.


----------



## magarity (Aug 6, 2020)

Corporate network security isn't for amateurs; you have to pay competent people decent salaries and put up with inconvenience of not being able to just log in to any server from anywhere. But it can be done.


----------



## Mt Spokane Photography (Aug 6, 2020)

RayValdez360 said:


> You usually have to agree unless it is in the cookies.


The credit card processors and companies have rules about how to store your card number. They keep updating the requirements and making it tougher. Finally, I just stopped accepting credit cards and let people use one thru Paypal or Amazon rather than deal with it. Canon has had such tight restrictions on credit card use due to the high value of the transactions that it can be frustrating. I doubt if credit card info would be in any usable form, but if names, addresses, etc were revealed, it can result in fraud and id theft.

Card companies do not allow the CVV to be stored, but a seller can choose to process without a CVV.


----------



## David_E (Aug 6, 2020)

David_E wrote: _Hey, Canon, get a Mac!_


SteveC said:


> _Or Linux._


Really? And give up all of my professional graphics apps? Besides, the MacOS is BSD Unix, and there isn’t a whole lot that Linux can do that MacOS can’t do.


----------



## jam05 (Aug 6, 2020)

drisley said:


> Sony fanboys have been busy.


I actually had the same thought.


----------



## SteveC (Aug 6, 2020)

David_E said:


> David_E wrote: _Hey, Canon, get a Mac!_
> 
> Really? And give up all of my professional graphics apps? Besides, the MacOS is BSD Unix, and there isn’t a whole lot that Linux can do that MacOS can’t do.



I didn't say YOU should go to Linux, but that Canon should.


----------



## DBounce (Aug 6, 2020)

Looks like the Canon USA site is down.


----------



## degos (Aug 7, 2020)

With the fine range of TS-E lenses they make its a pity they didn't use one to take a photo of their HQ... converging verticals all over the place.


----------



## Valvebounce (Aug 7, 2020)

As of a few years ago, they shouldn’t, I used to have suppliers for classic car parts where I could ring up and order bits without giving card details, that all went away (and probably rightly so) in favour of security.

Cheers, Graham. 



pmjm said:


> How do sites store your card for subsequent purchases then?


----------



## canonnews (Aug 7, 2020)

pmjm said:


> How do sites store your card for subsequent purchases then?


by an ID. usually the card gateway ie: a company like authorize.net stores the card # etc but that's validated and approved by visa, etc. the end company ie: a canon or ie: me or anyone just gets a generic "id". now if a hacker ever broke into authorize.net or a large payment gateway ... wow, it'd be hell.

Alot of that depends though on your transactional volume as welll, different rules apply, but most likely it's fine. but always keep an eye on yourcard.

btw, even a charge going on your card doesn't necessarily8 mean you were hacked, stolen, etc - wells fargo told me that at times the card readers at the store, get the combination right on the numbers and accidentally get "wrong" numbers during the swipe - faulty reader,etc.


----------



## jayphotoworks (Aug 7, 2020)

Wow.. I had just posted last week wondering if their cloud based storage outage was ransomware related. Days later it actually happened. First Garmin, now Canon. A whole rash of ransomware hacks this year...


----------



## Iwasaki (Aug 7, 2020)

I am thinking this is way worse than is being announced. The store is STILL down.


----------



## Michael Clark (Aug 7, 2020)

pmjm said:


> How do sites store your card for subsequent purchases then?



They get a pre-authorization and store the transaction's authorization number rather than the card number.


----------



## Michael Clark (Aug 7, 2020)

SteveC said:


> Or Linux.
> 
> In all seriousness, I have an order from the Refurb shop in the pipeline. Or do I?
> 
> And presumably they were hanging on to my card number to charge it when it became available...so the hackers now have it.



It doesn't matter what OS you're running when stupid employees click on links designed to entice them to be unable to resist clicking on it.

Too many people can't help themselves and will open emails with a title like "Your FedEx shipment rescheduled" even when they haven't ordered anything.


----------



## Mt Spokane Photography (Aug 7, 2020)

Michael Clark said:


> It doesn't matter what OS you're running when stupid employees click on links designed to entice them to be unable to resist clicking on it.
> 
> Too many people can't help themselves and will open emails with a title like "Your FedEx shipment rescheduled" even when they haven't ordered anything.



Yes. I order a lot of stuff online and am always worried about malware. I've added some filters to my email that do a good job of removing scams, but every month or two, I spot one that got thru. When they get personal data with names and emails, they can craft more convincing fake emails, so its a matter of time before they get me. I have backups on my NAS as well as removable drive and Snapshots stored in a supposedly secure area of the NAS that is not susceptible to locking. I also am in the process of backing up the snapshots, I had to get a 2nd compatible NAS and the hard drives are not here yet. Large hard drives get expensive when you need several.


----------



## Mt Spokane Photography (Aug 7, 2020)

Iwasaki said:


> I am thinking this is way worse than is being announced. The store is STILL down.


Canon has been pretty silent, but it is obviously very bad. They have brought some things back up.


----------



## RunAndGun (Aug 8, 2020)

Mt Spokane Photography said:


> The credit card processors and companies have rules about how to store your card number. They keep updating the requirements and making it tougher. Finally, I just stopped accepting credit cards and let people use one thru Paypal or Amazon rather than deal with it. Canon has had such tight restrictions on credit card use due to the high value of the transactions that it can be frustrating. I doubt if credit card info would be in any usable form, but if names, addresses, etc were revealed, it can result in fraud and id theft.
> 
> Card companies do not allow the CVV to be stored, but a seller can choose to process without a CVV.



Yes. Trying to buy through Canon’s site with your CC can be a pain. Several years ago I bought a 100-400vII, because I had a nice discount code from Canon. It ended up taking about 3-4 days at least to make the purchase. After I’d complete the transaction, I’d get a email from Canon hours to a day later saying that they had cancelled it(lens was in-stock). I of course checked with my CC company and there were no issues and they weren’t blocking it. After several attempts on-line, I finally ended up having to make the purchase over the phone with a CSR.

The same purchase from B&H would have taken maybe 30-60 seconds and I would have had the lens in-hand in less time than it ultimately took to just complete the order. But of course the discount code was only for a direct purchase from Canon.


----------



## Iwasaki (Aug 8, 2020)

Mt Spokane Photography said:


> Canon has been pretty silent, but it is obviously very bad. They have brought some things back up.



I know....the sites are still down and they are just “working on things”..... Corporations don’t just “work on websites for days”. I think the whole ordering system has been hit with the ransomware.


----------



## DJL329 (Aug 9, 2020)

Newsday has the first "mainstream" media report i have seen on the situation. They apparently have an official response from Canon, confirming the ransomware attack. 









Canon U.S.A. hit by ransomware attack


The Melville company said it has begun an investigation of the attack, which left its website inoperable on Friday.



www.newsday.com


----------



## Iwasaki (Aug 9, 2020)

DJL329 said:


> Newsday has the first "mainstream" media report i have seen on the situation. They apparently have an official response from Canon, confirming the ransomware attack.
> 
> 
> 
> ...



Why do they think hiding and not saying anything is a good move?

Nikon’s unbelievable silence on the 70-200 2.8 z lens is why I have left them for Canon and here Canon sits silently.

I am surprised Canonrumors Isn’t getting some dirt on this as well


----------



## Mt Spokane Photography (Aug 9, 2020)

Security people checking out the intrusion do not want details leaked until they have totally gone thru everything on the network. It gives hackers clues just by letting them know what and when the issue was discovered. If a hacker knows your capabilities, they can mitigate some of them, so it is a matter of concealing what you know from the enemy or from other potential intruders.

Eventually, some info will trickle out.


----------



## Baron_Karza (Aug 11, 2020)

A Canon coder was working on the firmware to fix the crippled overheating issue but didn't know another coder put in a hidden "Self Destruct" in case the firmware fix got implemented and BOOM!!! - this happens!


----------



## CanonOregon (Aug 13, 2020)

crake said:


> Well crap - guess I won't be getting my RF refurb afterall. Hope Canon recovers quickly!


I hoped so too but it's now onto 'Day 8' or so, crazy! The Federal Government needs to create a task force to go after these guys, you'd think they could track these guys down and make THEM pay for their crimes! Well, once back up there may be a bunch of bargains in the 'refurb bin'!


----------



## SteveC (Aug 13, 2020)

CanonOregon said:


> I hoped so too but it's now onto 'Day 8' or so, crazy! The Federal Government needs to create a task force to go after these guys, you'd think they could track these guys down and make THEM pay for their crimes! Well, once back up there may be a bunch of bargains in the 'refurb bin'!



Generally they are either overseas, or hiding behind an overseas corporation in some third world country that doesn't give a damn.

That's true of the spam callers too. In that case, even with some US company's involvement, what happens is the FCC fines them a million dollars for breaking the robocall regs, the company declares bankruptcy so it doesn't have to pay anything...and a week later a new company is set up. The people committing the fraud are overseas somewhere and part of a different shell corporation, so the US company is only on the hook for violating FCC regulations.


----------



## brad-man (Aug 13, 2020)

Canon USA is back online...


----------

