Cyber breaches abound in 2019

Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/

News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.

Is this a harbinger of a worse hacking landscape in 2019?

The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also  data-driven businesses simultaneously move into the “target zone” of cyber attacks.

On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.

Here are links to some articles that can hopefully help you to handle your cyber security better:

Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/

Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/

622 Comments

  1. Tomi Engdahl says:

    Buca di Beppo, Planet Hollywood Restaurants Hit by Card Breach
    https://www.securityweek.com/buca-di-beppo-planet-hollywood-restaurants-hit-card-breach

    Earl Enterprises on Friday admitted that cybercriminals had stolen payment card data from tens of the restaurants it owns over a period of 10 months.

    Reply
  2. Tomi Engdahl says:

    Planet Hollywood owner suffers major user data breach
    https://www.itproportal.com/news/planet-hollywood-owner-suffers-major-user-data-breach/

    Earl Enterprises, the parent company of widely popular restaurant chain Planet Hollywood, has been hacked, and payment information of millions of its users compromised.

    Reply
  3. Tomi Engdahl says:

    Thousands of Unprotected Kibana Instances Exposing Elasticsearch Databases
    https://thehackernews.com/2019/04/kibana-data-security.html

    In today’s world, data plays a crucial role in the success of any organization, but if left unprotected, it could be a cybercriminal’s dream come true.

    Poorly protected MongoDB, CouchDB, and Elasticsearch databases recently got a lot more attention from cybersecurity firms and media lately.

    More than half of the known cases of massive data breaches over the past year originated from unsecured database servers that were accessible to anyone without any password.

    Since the database of an organization contains its most valuable and easily exploitable data, cybercriminals have also started paying closer attention to find other insecure entry points.

    Reply
  4. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Researcher: ~13,500 iSCSI storage clusters left exposed online without a password, opening backdoors to enterprise disk storage arrays and people’s NAS devices

    Over 13K iSCSI storage clusters left exposed online without a password
    New attack vector opens backdoor inside enterprise disk storage arrays and people’s NAS devices.
    https://www.zdnet.com/article/over-13k-iscsi-storage-clusters-left-exposed-online-without-a-password/

    Over 13,000 iSCSI storage clusters are currently accessible via the internet after their respective owners forgot to enable authentication.

    This misconfiguration has the risk of causing serious harm to devices’ owners

    Reply
  5. Tomi Engdahl says:

    Researchers find mountains of sensitive data on totalled Teslas in junkyards
    https://boingboing.net/2019/03/30/greentheonly.html/amp

    Reply
  6. Tomi Engdahl says:

    Georgia Tech Breach Hits Up to 1.3 Million People
    https://www.securityweek.com/georgia-tech-breach-hits-13-million-people

    The Georgia Institute of Technology (Georgia Tech) on Tuesday revealed that “an unknown outside entity” had gained unauthorized access to a database storing the details of 1.3 million individuals.

    Reply
  7. Tomi Engdahl says:

    AFP probes hacking of data base
    https://news.mb.com.ph/2019/04/03/afp-data-base-hacked-soldiers-data-exposed/?fbclid=IwAR0e1xZq4Xjenc0S32jOBoSbVrceADKX1CszIG-Fwi0MX7OMpG9PEAdz98c

    The Armed Forces of the Philippines (AFP) has started investigating the reported hacking of its data base that exposed close to 20,000 military personnel whose basic information, including their injuries

    Reply
  8. Tomi Engdahl says:

    HS: Kiusallinen tietovuoto suomalaisessa palvelussa paljastui, työpaikkaansa kritisoineiden nimet vuosivat
    https://dawn.fi/artikkeli.cfm/2019/04/03/tuntopalvelu-tietovuoto

    Helsingin Sanomat kertoo että kotimaisessa, Alma Median omistamassa verkkopalvelussa on havaittu tietovuoto. Vuoto koski Tuntopalvelu.fi -sivustoa, jossa työntekijät voivat arvioida – ja arvostella – työnantajaansa nimettömästi.

    Vuodon ansiosta palvelussa oli avoimesti nähtävillä arvioinnin tehneen käyttäjän henkilötiedot, kuten nimet, paikkatiedot sekä heidän sanallinen arvionsa työpaikastaan.

    Reply
  9. Tomi Engdahl says:

    Toyota announces second security breach in the last five weeks
    https://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/

    Toyota Japan says hackers might have stolen details of 3.1 million Toyota and Lexus car owners.

    Updated on March 30: On the same day that Toyota Japan announced its data breach, Toyota Vietnam and Toyota Thailand also announced cyber-security incidents,

    Reply
  10. Tomi Engdahl says:

    Researchers find 540 million Facebook user records on exposed servers
    https://techcrunch.com/2019/04/03/facebook-records-exposed-server/?%3Ftpcc=ECFB2019

    In the researchers’ write-up, Mexico-based digital media company Cultura Colectiva left more than 540 million records — including comments, likes, reactions, account names and more — stored on the Amazon S3 storage server without a password, allowing anyone to access the data. Another backup file on a separate storage server by defunct California-based app maker At The Pool contained even more sensitive data,

    Reply
  11. Tomi Engdahl says:

    Losing Face: Two More Cases of Third-Party Facebook App Data Exposure
    https://www.upguard.com/breaches/facebook-user-data-leak

    two more third-party developed Facebook app datasets have been found exposed to the public internet

    Reply
  12. Tomi Engdahl says:

    540 Million Facebook User Records Found On Unprotected Amazon Servers
    https://thehackernews.com/2019/04/facebook-app-database.html

    First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…

    …the bad week gets worse with a new privacy breach.

    More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.

    The exposed datasets do not directly come from Facebook; instead, they were collected and unsecurely stored online by third-party Facebook app developers.

    Millions of Facebook Records Found on Amazon Cloud Servers
    https://www.bloomberg.com/news/articles/2019-04-03/millions-of-facebook-records-found-on-amazon-cloud-servers

    Facebook alerted Amazon to take user data off servers it hosts
    More databases are likely public than should be, UpGuard says

    Reply
  13. Tomi Engdahl says:

    AeroGarden maker says hackers stole months of credit card data
    https://techcrunch.com/2019/04/05/aerogarden-credit-card-breach/?tpcc=ECFB2019

    The company said anyone who bought something through its website between October 29, 2018 and March 4, 2019 had their credit card number, expiration date and card verification value — also known as a security code — stolen by the malware. In most cases, that’s all someone would need to make fraudulent purchases

    Reply
  14. Tomi Engdahl says:

    Facebook Exposes Hundreds of Millions of User Passwords
    https://www.tomsguide.com/us/facebook-password-plaintext,news-29696.html

    Facebook stored the account passwords of “hundreds of millions” of Facebook, Facebook Lite and Instagram users in unencrypted plaintext on its internal servers, where thousands of Facebook employees could have viewed them, the company said today (March 21) in an official Facebook blog posting.
    https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/

    Facebook asked some users for their email passwords, because why not
    https://arstechnica.com/information-technology/2019/04/facebook-asked-some-users-for-their-email-passwords-because-why-not/

    And two third-party developers left the data from millions of Facebook users exposed in S3 bucket

    Reply
  15. Tomi Engdahl says:

    Chinese companies have leaked over 590 million resumes via open databases
    https://www.zdnet.com/article/chinese-companies-have-leaked-over-590-million-resumes-via-open-databases/

    Leaks have taken place in the first three months of the year, via either ElasticSearch or MongoDB databases.

    Chinese companies have leaked a whopping 590 million resumes in the first three months of the year, ZDNet has learned from multiple security researchers.

    Most of the resume leaks have occurred because of poorly secured MongoDB databases and ElasticSearch servers

    From tiny firms exposing a handful of CVs to professional executive head-hunting firms, they’ve all leaked their customers’ details, in one form or another.

    Reply
  16. Tomi Engdahl says:

    Spyware Company That Marketed to Domestic Abusers Gets Hacked
    https://motherboard.vice.com/en_us/article/mb4y5x/thetruthspy-spyware-domestic-abusers-hacked-data-breach

    A hacker broke into the servers of TheTruthSpy, one of the most notorious stalkerware companies out there, and stole logins, audio recordings, pictures, and text messages, among other data.

    Reply
  17. Tomi Engdahl says:

    Cost of Data Breach in UK Increases More Than 41% in Two Years
    https://www.securityweek.com/cost-data-breach-uk-increases-more-41-two-years

    The UK government, in the form of the Department for Digital, Culture, Media and Sport (DCMS) has published its fourth annual breaches survey: the Cyber Security Breaches Survey 2019.

    In general, the number of breaches is down on those from 2018; and the majority of firms have indicated GDPR-motivated security improvements.

    Thirty-two percent of businesses reported suffering breaches or attacks, compared to 43% in 2018, and 46% in 2017. number of breaches or attacks experienced by individual companies, however, rose from 2 in 2017 to 6 in 2019. This downward trend in business breaches and attacks mirrors a similar trend among the general public: between September 2017 and September 2018, the number of computer misuse incidents among individuals fell from about 1.5 million to about 1 million.

    Phishing is the most common form of attack, identified by 80% of businesses. Second at 28% is impersonation, either in email or online. Viruses, spyware and malware (including ransomware) came third at 27%.

    The average cost of a business breach in the UK in 2019 is £4,180. This is up from £2,450 in 2017, indicating a rise in the cost of a breach in excess of 41% over the last two years.

    Combining the declining incidence of security breaches with improving GDPR-related cybersecurity suggests that GDPR has already had a beneficial effect on business security.

    https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/791940/Cyber_Security_Breaches_Survey_2019_-_Main_Report.PDF

    Reply
  18. Tomi Engdahl says:

    Cybercrime market selling full digital fingerprints of over 60,000 users
    https://www.zdnet.com/article/cybercrime-market-selling-full-digital-fingerprints-of-over-60000-users/

    Genesis service is selling users’ personal data, complete with digital fingerprints, such as account credentials, cookies, browser user-agent details, and more.

    Today, at the Kaspersky Security Analyst Summit conference taking place in Singapore, security researchers from Kaspersky Lab have revealed the existence of a new cybercrime marketplace where crooks are selling full digital fingerprints for over 60,000 users.

    This new marketplace is like nothing that has ever been seen on the hacking scene until now.

    Reply
  19. Tomi Engdahl says:

    Criminal Market Sells Over 60K Digital Identities For $5-$200
    https://www.bleepingcomputer.com/news/security/criminal-market-sells-over-60k-digital-identities-for-5-200/

    More than 60,000 stolen digital profiles are currently up for sale on Genesis Store, a private and invitation-only online cybercriminal market discovered and exposed by Kaspersky Lab researchers.

    “The profiles include: browser fingerprints, website user logins and passwords, cookies, credit card information. The price varies from 5 to 200 dollars per profile – it heavily depends on the value of the stolen information,” said the researchers.

    Reply
  20. Tomi Engdahl says:

    Cybercrime market selling full digital fingerprints of over 60,000 users
    https://www.zdnet.com/article/cybercrime-market-selling-full-digital-fingerprints-of-over-60000-users/

    Genesis service is selling users’ personal data, complete with digital fingerprints, such as account credentials, cookies, browser user-agent details, and more.

    Reply
  21. Tomi Engdahl says:

    Joseph Cox / Motherboard:
    Source: Outlook, MSN, and Hotmail were affected in breach; Microsoft now says email content was also exposed for ~6% of users whose email accounts were hacked — Hackers abused a Microsoft customer support portal that allowed them to read the emails of any non-corporate account.

    Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support
    https://motherboard.vice.com/en_us/article/ywyz3x/hackers-could-read-your-hotmail-msn-outlook-microsoft-customer-support

    Hackers abused a Microsoft customer support portal that allowed them to read the emails of any non-corporate account.

    Reply
  22. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Since mid-February, hacker Gnosticplayers has posted 932M+ user records from 44 companies, including 500px and UnderArmor, on dark web marketplace Dream Market

    A hacker has dumped nearly one billion user records over the past two months
    https://www.zdnet.com/article/a-hacker-has-dumped-nearly-one-billion-user-records-over-the-past-two-months/

    Hacker Gnosticplayers has stolen over 932 million user records from 44 companies.

    Reply
  23. Tomi Engdahl says:

    A hacker has dumped nearly one billion user records over the past two months
    https://www.zdnet.com/article/a-hacker-has-dumped-nearly-one-billion-user-records-over-the-past-two-months/

    Hacker Gnosticplayers has stolen over 932 million user records from 44 companies.

    Reply
  24. Tomi Engdahl says:

    Hackers publish personal data on thousands of US police officers and federal agents
    https://techcrunch.com/2019/04/12/police-data-hack/

    A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned.

    Reply
  25. Tomi Engdahl says:

    Over 100 Million JustDial Users’ Personal Data Found Exposed On the Internet
    https://thehackernews.com/2019/04/justdial-hacked-data-breach.html

    An unprotected database belonging to JustDial, India’s largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy “88888 88888″ customer care number, The Hacker News has learned and independently verified.

    Reply
  26. Tomi Engdahl says:

    Facebook Collected Contacts from 1.5 Million Email Accounts Without Users’ Permission
    https://thehackernews.com/2019/04/facebook-email-database.html?m=1

    Facebook harvested the email addresses of 1.5 million users then ‘unintentionally’ uploaded them without consent
    https://www.dailymail.co.uk/news/article-6934725/Facebook-unintentionally-uploaded-email-contacts-1-5-mln-users-report.html?ito=social-facebook

    Reply
  27. Tomi Engdahl says:

    Facebook Stored Millions of Instagram Username Passwords in Plaintext
    https://thehackernews.com/2019/04/instagram-password-plaintext.html?m=1

    Facebook late last month revealed that the social media company mistakenly stored passwords for “hundreds of millions” of Facebook users in plaintext, including “tens of thousands” passwords of its Instagram users as well.
    Now it appears that the incident is far worse than first reported.

    These plaintext passwords for millions of Instagram users, along with millions of Facebook users, were accessible to some of the Facebook engineers, who according to the company, did not abuse it.

    Reply
  28. Tomi Engdahl says:

    Facebook now says its password leak affected ‘millions’ of Instagram users
    https://techcrunch.com/2019/04/18/instagram-password-leak-millions/?tpcc=ECFB2019

    Reply
  29. Tomi Engdahl says:

    Hacker dumps thousands of sensitive Mexican embassy documents online
    https://techcrunch.com/2019/04/19/mexican-embassy-hack/?tpcc=ECFB2019

    A hacker stole thousands of documents from Mexico’s embassy in Guatemala and posted them online.

    The hacker, who goes by the online handle @0x55Taylor, tweeted a link to the data earlier this week. The data is no longer available for download

    The hacker told TechCrunch in a message: “A vulnerable server in Guatemala related to the Mexican embassy was compromised and I downloaded all the documents and databases.” He said he contacted Mexican officials but he was ignored.

    Reply
  30. Tomi Engdahl says:

    A hotspot finder app exposed 2 million Wi-Fi network passwords
    https://techcrunch.com/2019/04/22/hotspot-password-leak/?guce_referrer_us=aHR0cHM6Ly93d3cuZ29vZ2xlLmZpLw&guce_referrer_cs=4Tpzz0dFSmtVSOGd5XBhKQ&guccounter=2&guce_referrer_us=aHR0cHM6Ly9tb2JpaWxpLmZpLzIwMTkvMDQvMjIveWxpLTItbWlsam9vbmFuLXdpLWZpLXZlcmtvbi1zYWxhc2FuYXQtb2xpdmF0LXN1b2phYW1hdHRvbWluYS12ZXJrb3NzYS1zeXlwYWFuYS13aS1maS12ZXJra29qZW4tZXRzaW50YXNvdmVsbHVzLz91dG1fc291cmNlPWhpZ2hmaSZ1dG1fbWVkaXVtPXJzcyZ1dG1fY2FtcGFpZ249Z2VuZXJpYw&guce_referrer_cs=A0EviX-qWF9lyGVuGgYsZA

    A popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks.

    The app, downloaded by thousands of users, allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use.

    That database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk.

    Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch.

    We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. Eventually we contacted the host, DigitalOcean, which took down the database within a day of reaching out.

    Each record contained the Wi-Fi network name, its precise geolocation, its basic service set identifier (BSSID) and network password stored in plaintext.

    Although the app developer claims the app only provides passwords for public hotspots, a review of the data showed countless home Wi-Fi networks.

    Tens of thousands of the exposed Wi-Fi passwords are for networks based in the U.S.

    Reply
  31. Tomi Engdahl says:

    Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data
    https://www.bleepingcomputer.com/news/security/unsecured-databases-leak-60-million-records-of-scraped-linkedin-data/

    Eight unsecured databases were found leaking approximately 60 million records of LinkedIn user information. While most of the information is publicly available, the databases contain the email addresses of the LinkedIn users.

    Reply
  32. Tomi Engdahl says:

    Docker Hub Hacked – 190k accounts, GitHub tokens revoked, Builds disabled
    https://news.ycombinator.com/item?id=19763413

    During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.

    Reply
  33. Tomi Engdahl says:

    New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches
    https://thehackernews.com/2019/04/facebook-privacy-investigation.html?m=1

    Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy violations, it seems to be just first installment of what Facebook has to pay for continuously ignoring users’ privacy.

    Reply
  34. Tomi Engdahl says:

    80 Million Households Exposed in Data Leak: What You Need to Know
    https://www.tomsguide.com/us/database-leak-80-million-exposed,news-29957.html

    Into the Exposed Database Hall of Shame comes a new entry: an unprotected cloud repository listing the names, dates of birth and street addresses of the adults in 80 million U.S. households, as found by two Israeli researchers.

    Reply
  35. Tomi Engdahl says:

    Unprotected Database Stored Information on 80 Million U.S. Households
    https://www.securityweek.com/unprotected-database-stored-information-80-million-us-households

    Noam Rotem and Ran Locar of vpnMentor came across the database as part of what the company calls a “huge web mapping project.” The database was 24 gigabytes in size and it was hosted on Microsoft cloud servers.

    Interestingly, the database only appeared to store data on individuals aged over 40.

    Fields named “member_code” and “score” suggest that it’s owned by a service provider.

    “Interestingly, a value for people’s income is given

    Reply
  36. Tomi Engdahl says:

    Cloud database removed after exposing details on 80 million US households
    https://www.cnet.com/news/cloud-database-removed-after-exposing-details-on-80-million-us-households/

    Exclusive: The cache included information on addresses, income levels and marital status.

    Reply
  37. Tomi Engdahl says:

    Docker Hacked: 190,000 Accounts Breached
    https://www.cbronline.com/news/docker-hacked

    Intruders may have used breach to access sensitive GitHub repositories

    Docker, the company behind an open platform for building and running distributed applications, said on Friday that hackers had breached one of its databases, potentially giving them access to sensitive source code on the external repositories of up to 190,000 different customers.

    Docker is used by many of the world’s largest financial and technology companies,

    The company rapidly scrambled to plug the breach, invalidating the passwords of those affected and deleting the subset of users’ GitHub tokens

    Reply
  38. Tomi Engdahl says:

    Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies
    https://motherboard.vice.com/en_us/article/d3np4y/hackers-steal-ransom-citycomp-airbus-volkswagen-oracle-valuable-companies

    The data was stolen from Citycomp, which provides internet infrastructure for dozens of companies including Oracle, Airbus, Toshiba, and Volkswagen.

    Reply
  39. Tomi Engdahl says:

    CISA Releases Binding Operational Directive with New Requirements for Remediating Critical and High Vulnerabilities
    https://www.dhs.gov/cisa/blog/2019/04/29/cisa-releases-binding-operational-directive-new-requirements-remediating

    Today, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs issued Binding Operational Directive (BOD) 19-02, Vulnerability Remediation Requirements for Internet-Accessible Systems, to enhance federal agencies’ coordinated approach to ensuring effective and timely remediation of critical and high vulnerabilities in information systems.

    For the past several years, CISA has worked with federal agencies to identify, prioritize, and remediate critical vulnerabilities, driving a substantial decrease in vulnerabilities over time.

    CISA’s authority to issue binding directives enables us to set requirements for federal agencies in specific, significant areas of cybersecurity. While many agencies, based on risk management decisions, may look to exceed the directive’s actions and timelines, BOD 19-02 ensures that all agencies are at least meeting the directive requirements. CISA encourages all partners, across all sectors, to set similar requirements – whether using the CISA directives or guidance from the National Institute for Standards and Technology (NIST).

    Binding Operational Directive 19-02
    Vulnerability Remediation Requirements for Internet-Accessible Systems
    https://cyber.dhs.gov/bod/19-02/

    Reply
  40. Tomi Engdahl says:

    Hackers lurked in Citrix systems for six months
    Social Security numbers and financial data may have been stolen.
    https://www.zdnet.com/article/hackers-lurked-in-citrix-systems-for-six-months/#ftag=RSSbaffb68

    Reply
  41. Tomi Engdahl says:

    Zack Whittaker / TechCrunch:
    An unprotected database offers a look at a surveillance system in Beijing, which matches faces to police records, monitors Wi-Fi-enabled devices, and more

    Security lapse exposed a Chinese smart city surveillance system
    Thousands of facial recognition scans were matched against Chinese police records
    https://techcrunch.com/2019/05/03/china-smart-city-exposed/

    Smart cities are designed to make life easier for their residents: better traffic management by clearing routes, making sure the public transport is running on time and having cameras keeping a watchful eye from above.

    But what happens when that data leaks? One such database was open for weeks for anyone to look inside.

    Security researcher John Wethington found a smart city database accessible from a web browser without a password. He passed details of the database to TechCrunch in an effort to get the data secured.

    The database was an Elasticsearch database, storing gigabytes of data — including facial recognition scans on hundreds of people over several months. The data was hosted by Chinese tech giant Alibaba. The customer’s database, which Alibaba did not name, made several references to the tech giant’s artificial intelligence-powered cloud platform, City Brain, but Alibaba later denied its platform was used.

    Reply
  42. Tomi Engdahl says:

    Report: Freedom Mobile Customer Data Breach Exposes 1.5 Million Customers
    https://www.vpnmentor.com/blog/report-freedom-mobile/

    Freedom Mobile (formerly Wind Mobile) is Canada’s fourth-largest wireless communications provider.

    The database was totally unprotected and unencrypted. The data includes credit card and CVV numbers.

    We had full access to more than 5 million records, reflecting up to 1.5 million users.

    These records seem to reflect any action taken within a user account, allowing for multiple entries per customer.

    Some entries also included data from an Equifax database. This included information on credit scores, credit class, and credit card accounts.

    Reply
  43. Tomi Engdahl says:

    Verizon Publishes 2019 Data Breach Investigations Report (DBIR)
    https://www.securityweek.com/verizon-publishes-2019-data-breach-investigations-report-dbir

    Verizon 2019 DBIR Shows Financially Motivated Attacks Increasing While Criminals Switch to Easiest Targets

    Reply
  44. Tomi Engdahl says:

    Data Provenance – Unintended Consequences of Multiple Data Breaches
    https://pentestmag.com/data-provenance-unintended-consequences-of-multiple-data-breaches/

    The results of the multiple data breaches and compromised identity data, free flowing within the vast digital ecosystem has created a data provenance problem. One that will be have a great impact on individuals, as such data makes its way into the data supply chain.

    When the compromised data enters the regular supply chain without any proper vetting

    Reply
  45. Tomi Engdahl says:

    Canadian Telecom Firm Freedom Mobile Exposed Customer Details
    https://www.securityweek.com/canadian-telecom-firm-freedom-mobile-exposed-customer-details

    vpnMentor reported on Tuesday that its researchers had identified an unprotected database storing information on Freedom Mobile customers, including email addresses, phone numbers, home addresses, dates of birth, IP addresses associated with payment methods, credit scores (from Equifax and other companies), unencrypted payment card data with CVV codes, locations and other customer service records, and account details.

    Report: Freedom Mobile Customer Data Breach Exposes 1.5 Million Customers
    https://www.vpnmentor.com/blog/report-freedom-mobile/

    Reply
  46. Tomi Engdahl says:

    Larry Dignan / ZDNet:
    Verizon report: nation states and affiliated parties carried out 23% of data breaches in 2018, up from 12% in 2017 and 19% in 2016 — Verizon’s 2019 Data Breach Investigations Report highlights how nation states and espionage are becoming a worry for businesses and their data.

    Nation state actors, affiliates behind increasing amount of data breaches
    https://www.zdnet.com/article/nation-state-actors-affiliates-behind-increasing-amount-of-data-breaches/?mid=1

    Verizon’s 2019 Data Breach Investigations Report highlights how nation states and espionage are becoming a worry for businesses and their data.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*