Cyber breaches abound in 2019

Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/

News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.

Is this a harbinger of a worse hacking landscape in 2019?

The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also  data-driven businesses simultaneously move into the “target zone” of cyber attacks.

On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.

Here are links to some articles that can hopefully help you to handle your cyber security better:

Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/

Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/

622 Comments

  1. Tomi Engdahl says:

    Thinkful confirms data breach days after Chegg’s $80M acquisition
    https://tcrn.ch/2Attjnr

    Thinkful, an online education site for developers, has confirmed a data breach, just days after it confirmed it would be acquired.

    Reply
  2. Tomi Engdahl says:

    Nearly 5M DoorDash users affected in security breach
    https://www.wpxi.com/news/trending-now/nearly-5m-doordash-users-affected-in-security-breach/990777510?fbclid=IwAR10ibE3zAuAlC9XvtCEJtwmBOLqy4XM8wT1xZkzrY6M4WJcwHkZKVmEGD4

    Food delivery service DoorDash announced nearly 5 million customers, workers and merchants could have had their information stolen by hackers after a security breach earlier this year.

    Reply
  3. Tomi Engdahl says:

    Data of 24.3 million Lumin PDF users shared on hacking forum
    The person who leaked the data claims it notified Lumin PDF earlier this year but got no reply.
    https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/

    Reply
  4. Tomi Engdahl says:

    Zack Whittaker / TechCrunch:
    DoorDash confirms a data breach on May 4 affecting 4.9M customers, workers, and merchants, with last-four digits of payment cards, driver’s license info stolen — DoorDash has confirmed a data breach. — The food delivery company said in a blog post Thursday that 4.9 million customers …
    https://techcrunch.com/2019/09/26/doordash-data-breach/?tpcc=ECTW2019

    Reply
  5. Tomi Engdahl says:

    Security Firm Comodo Hacked, as vBulletin Exploit Spawns
    https://www.cbronline.com/news/comodo-hacked

    Cybersecurity firm Comodo (slogan: “creating trust online”) says hackers exploited a new vulnerability in its user forum to steal the personal data of 245,000 users.

    The zero day was dumped on the SecLists security forum on September 23; the exploit developer declining to go down a “responsible disclosure” route.

    Another security researcher rapidly followed its publication with a script that scans the internet for vBulletin forums vulnerable to the zero day.

    Comodo is unlikely the sole such company affecte

    Comodo Hacked: Emails, Names, etc. Leaked

    A vulnerability in vBulletin is manna from heaven for hackers as it’s known to be used by organisations such as NASA, games publish EA and games distribution platform Steam.

    a zero-day exploits market platform, said the “bugdoor” had been circulating in the exploit community for three years.

    Reply
  6. Tomi Engdahl says:

    Former Yahoo employee admits hacking into over 6000 users’ accounts, mostly of younger women, to find sexual images & videos. He then also hacked into their iCloud, Gmail, Facebook & other email-connected accounts in search of more private content.

    Former Yahoo Software Engineer Pleads Guilty To Using Work Access To Hack Into Yahoo Users’ Personal Accounts
    https://www.justice.gov/usao-ndca/pr/former-yahoo-software-engineer-pleads-guilty-using-work-access-hack-yahoo-users

    Defendant admits illegally copying images and videos from about 6,000 Yahoo accounts

    Reply
  7. Tomi Engdahl says:

    Games company Zynga has been relieved by hackers of the names, email addresses, login IDs, and hashed passwords of more than 200 million players. The pilfered database is also said to contain in some cases phone numbers, password reset tokens, Facebook IDs, and Zynga account IDs.

    https://www.theregister.co.uk/2019/10/05/security_roundup_october_4/?utm_source=dlvr.it&utm_medium=facebook

    Reply
  8. Tomi Engdahl says:

    #Breach
    https://thehackernews.com/2019/08/foxit-pdf-reader-data-breach.html
    https://threatpost.com/tgi-fridays-data-exposure/147849/
    https://www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/
    https://www.theregister.co.uk/2019/09/02/teletext_holidays_200k_call_recordings_s3_bucket/
    https://www.bleepingcomputer.com/news/security/xkcd-forum-breach-exposes-emails-passwords-of-562-000-users/
    https://thehackernews.com/2019/09/xkcd-forum-hacked.html
    https://www.securityweek.com/over-328000-users-hit-foxit-data-breach
    https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
    https://www.securityweek.com/circleci-customer-data-exposed-through-third-party-vendor
    https://www.securityweek.com/400-mn-facebook-users-phone-numbers-exposed-privacy-lapse-reports
    https://www.securityweek.com/vulnerabilities-exposed-2-million-verizon-customer-contracts
    https://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/
    https://threatpost.com/198m-car-buyer-records-exposed-online/148231/
    https://threatpost.com/major-groupon-ticketmaster-fraud-scheme-exposed-by-insecure-database/148246/
    https://www.securityweek.com/car-dealer-marketing-firm-exposed-198-million-data-records
    https://www.securityweek.com/security-firm-data-breach-exposes-millions-ecuadorians
    Catalin Cimpanu / ZDNet:
    Personal information of most of Ecuador’s population, including 6.7M children, left exposed online with home addresses, phone numbers, work information, more
    https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/
    https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/
    https://www.zdnet.com/article/gootkit-malware-crew-left-their-database-exposed-online-without-a-password/
    https://www.securityweek.com/security-firm-data-breach-exposes-millions-ecuadorians
    https://www.securityweek.com/industry-reactions-massive-ecuador-data-leak
    https://www.securityweek.com/doordash-breach-exposes-data-nearly-5-mn-users

    Reply
  9. Tomi Engdahl says:

    The Sesame Street Live Store, where fans of the children’s show buy merchandise, is one of more than 6,500 websites that security researchers say are compromised by payment skimmers after an apparent incident at an e-commerce platform.

    Breach at e-commerce provider gave hackers an entry to Sesame Street
    https://www.cyberscoop.com/sesame-street-website-hacked-magecart/

    Reply
  10. Tomi Engdahl says:

    More than 6,500 stores have been compromised, but the number could be around 20,000.

    Hackers breach Volusion and start collecting card details from thousands of sites
    https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d9d0005165af60001531f9b&utm_medium=trueAnthem&utm_source=facebook

    More than 6,500 stores have been compromised, but the number could be around 20,000.

    Reply
  11. Tomi Engdahl says:

    #Breach
    https://thehackernews.com/2019/08/foxit-pdf-reader-data-breach.html
    https://threatpost.com/tgi-fridays-data-exposure/147849/
    https://www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/
    https://www.theregister.co.uk/2019/09/02/teletext_holidays_200k_call_recordings_s3_bucket/
    https://www.bleepingcomputer.com/news/security/xkcd-forum-breach-exposes-emails-passwords-of-562-000-users/
    https://thehackernews.com/2019/09/xkcd-forum-hacked.html
    https://www.securityweek.com/over-328000-users-hit-foxit-data-breach
    https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
    https://www.securityweek.com/circleci-customer-data-exposed-through-third-party-vendor
    https://www.securityweek.com/400-mn-facebook-users-phone-numbers-exposed-privacy-lapse-reports
    https://www.securityweek.com/vulnerabilities-exposed-2-million-verizon-customer-contracts
    https://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/
    https://threatpost.com/198m-car-buyer-records-exposed-online/148231/
    https://threatpost.com/major-groupon-ticketmaster-fraud-scheme-exposed-by-insecure-database/148246/
    https://www.securityweek.com/car-dealer-marketing-firm-exposed-198-million-data-records
    https://www.securityweek.com/security-firm-data-breach-exposes-millions-ecuadorians
    Catalin Cimpanu / ZDNet:
    Personal information of most of Ecuador’s population, including 6.7M children, left exposed online with home addresses, phone numbers, work information, more
    https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/
    https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/
    https://www.zdnet.com/article/gootkit-malware-crew-left-their-database-exposed-online-without-a-password/
    https://www.securityweek.com/security-firm-data-breach-exposes-millions-ecuadorians
    https://www.securityweek.com/industry-reactions-massive-ecuador-data-leak
    https://www.securityweek.com/doordash-breach-exposes-data-nearly-5-mn-users
    https://threatpost.com/intimate-details-healthcare-workers-exposed-cloud-security/149007/

    Reply
  12. Tomi Engdahl says:

    Geez, that’s a sensitive breach if ever I’ve seen one:
    https://mobile.twitter.com/troyhunt/status/1182229517722476544?s=19&fbclid=IwAR08IqadQvyUIu3H3qDQu5lwy-ZIpXgx3tly1_w-Izp0qyfXH8YD3xFw91E

    Data breach of the Dutch prostitute network http://Hookers.nl (yes really), resulting in a leak of IP, email addresses and encrypted passwords of 250.000 prostitutes and johns. Breach by leak in vBulletin

    Reply
  13. Tomi Engdahl says:

    Hacker wants $300 for 250,000 records stolen from sex worker site
    https://nakedsecurity.sophos.com/2019/10/14/hacker-asking-300-for-250000-records-stolen-from-sex-worker-site/

    A hacker has stepped through a hole in vBulletin web software to steal all email addresses from a Dutch website for prostitution and escort customers and for sex workers themselves, Hookers.nl.

    Reply
  14. Tomi Engdahl says:

    Someone hacked this massive marketplace selling stolen credit cards and removed nearly 26 million records

    https://www.hackread.com/stolen-credit-card-data-trading-marketplace-hacked/

    Reply
  15. Tomi Engdahl says:

    Mercedes-Benz app glitch exposed car owners’ information to other users
    https://tcrn.ch/2qlbpRN

    Mercedes-Benz car owners have said that the app they used to remotely locate, unlock and start their cars was displaying other people’s account and vehicle information.

    Reply
  16. Tomi Engdahl says:

    Hacker Breached Servers Belonging to Multiple VPN Providers
    https://www.bleepingcomputer.com/news/security/hacker-breached-servers-belonging-to-multiple-vpn-providers/?fbclid=IwAR3LDNdNf4ufoCd6AU1259_hwE0aqXXs9jOdUNGIlbtsewDjc83dmJbOQAU

    Servers belonging to the NordVPN and TorGuard VPN companies were hacked and attackers stole and leaked the private keys associated with certificates used to secure their web servers and VPN configuration files.

    Over the weekend, security researcher @hexdefined tweeted that NordVPN, of which we are an affiliate, was compromised as the private keys for their web site certificate were publicly leaked on the Internet.

    this certificate is now expired

    Servers for NordVPN, TorGuard, and possibly VikingVPN hacked

    Reply
  17. Tomi Engdahl says:

    Open database leaked 179GB in customer, US government, and military records
    The US Department of Homeland Security has become embroiled in the leak.
    https://www.zdnet.com/article/autoclerk-database-leaked-customer-government-and-military-personal-records/

    An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers.

    On Monday, vpnMentor’s cybersecurity team, led by Noam Rotem and Ran Locar, said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group.

    Reply
  18. Tomi Engdahl says:

    7.5 Million Records of Adobe Creative Cloud User Data Exposed
    https://www.bleepingcomputer.com/news/security/75-million-records-of-adobe-creative-cloud-user-data-exposed/

    Adobe secured a database with 7.5 million records belonging to Adobe Creative Cloud users. The cache was not protected in any way, allowing anyone access to client information if they knew how to find it.

    Diachenko reported his findings to Adobe on October 19 and the company secured the Elasticsearch database on the same day.

    screen capture that was taken by Diachenko shows the details that could be accessed without authentication

    Reply
  19. Tomi Engdahl says:

    https://thehackernews.com/2019/10/adobe-database-leaked.html?m=1
    Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users

    With an estimated 15 million subscribers, Adobe Creative Cloud or Adobe CC is a subscription service that gives users access to the company’s full suite of popular creative software for desktop and mobile, including Photoshop, Illustrator, Premiere Pro, InDesign, Lightroom, and many more.

    Reply
  20. Raul says:

    I believe that 100% security is never possible,The breach itself is not that serious, while the public backlash is quite hard. While it will damage NordVPN financialy, I think from now on NordVPN will probably invest a LOT more towards their security.. But who knows, we will see in a few months what will they do. Also the attacker stole one TLS key which was never used to encrypt user traffic on the VPN server. NordVPNs statement really shines some light on the issue. Yet most of the information that has been surfing around is not even worth reading. https://nordvpn.com/zh-tw/b… and the issue is so out of proportion when only one server out of thousands was affected.

    Reply
  21. Tomi Engdahl says:

    A network of ‘camgirl’ sites exposed millions of users and sex workers
    https://tcrn.ch/2PIoakg

    A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected.

    Reply
  22. Tomi Engdahl says:

    NordVPN users’ passwords used in credential-stuffing attacks

    Ars Technica: NordVPN had a second wave of headlines this week after its breach last month. This time, a number of users’ credentials have been found in several Pastebin posts used in credential stuffing attacks.

    [https://arstechnica.com/information-technology/2019/11/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks/](https://arstechnica.com/information-technology/2019/11/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks/)

    Reply
  23. Tomi Engdahl says:

    Trend Micro rogue employee exposes customer data
    https://www-bbc-com.cdn.ampproject.org/c/s/www.bbc.com/news/amp/technology-50315544

    The company says an employee sold information from its customer-support database, including names and phone numbers, to a third party.

    It became suspicious after customers started receiving phone calls from scammers posing as Trend Micro staff.

    “It’s every security firm’s nightmare for something like this to occur,” cyber-expert and writer Graham Cluley told BBC News.

    “You can have all the security in place to prevent external hackers getting in but that doesn’t stop internal staff from taking data and using it for nefarious purposes,” he said.

    Trend Micro Discloses Insider Threat Impacting Some of its Consumer Customers
    https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/

    Reply
  24. Tomi Engdahl says:

    Trend Micro reveals rogue employee sold data of up to 120,000 customers
    Updated: The cybersecurity firm says the attack came from within, leading to targeted scams.
    https://www.zdnet.com/article/trend-micro-reveals-insider-threat-exposing-customer-data/

    Reply
  25. Tomi Engdahl says:

    The 1GB SQL database appears to contain the entirety of the site’s information, including user names, private messages, public posts, registered email addresses, and IP addresses.

    Someone Published All the Membership Data From a Neo-Nazi Website
    https://futurism.com/the-byte/someone-published-membership-data-neo-nazi-website

    Prior to its abrupt close in November 2017, Iron March was one of the most influential neo-Nazi websites in the world. Investigators have linked the site to murders, acts of terrorism, and fascist groups in at least nine different countries.

    And now, thanks to a leak from an anonymous source, researchers have access to the entire contents of Iron March — including the user names, registered email addresses, and IP addresses of nearly 1,000 site members.

    Reply
  26. Tomi Engdahl says:

    A ‘Data Breach’ at the DMV Exposed Personal Information of Thousands of Californians
    Social Security numbers, immigration status, and other private details were improperly released
    https://www.lamag.com/citythinkblog/dmv-data-breach/

    California’s DMV just can’t seem to get its act together, and today, news broke of a new problem at the agency. Private information about around 3,200 California drivers was improperly made available to agencies outside the DMV.

    Reply
  27. Tomi Engdahl says:

    Breach affecting 1 million was caught only after hacker maxed out target’s storage
    Hacker’s data archive file grew so big that the target’s hard drive ran out of space.
    https://arstechnica.com/information-technology/2019/11/breach-affecting-1-million-was-caught-only-after-hacker-maxed-out-targets-storage/#

    Reply
  28. Tomi Engdahl says:

    Hundreds of cops may have been exposed to data breach, Fairfax County police chief says
    https://www.fox5dc.com/news/hundreds-of-cops-may-have-been-exposed-to-data-breach-fairfax-county-police-chief-says

    FAIRFAX, Va. – Officials say a possible data breach may have compromised the personal information of more than 500 employees of a Virginia police department.

    Reply
  29. Tomi Engdahl says:

    ‘Magic: The Gathering’ game maker exposed 452,000 players’ account data
    http://social.techcrunch.com/2019/11/16/magic-the-gathering-wizards-data-exposure/

    The maker of Magic: The Gathering has confirmed that a security lapse exposed the data on hundreds of thousands of game players.

    The game’s developer, the Washington-based Wizards of the Coast, left a database backup file in a public Amazon Web Services storage bucket. The database file contained user account information for the game’s online arena. But there was no password on the storage bucket, allowing anyone to access the files inside.

    Reply
  30. Tomi Engdahl says:

    Gigantin sivuston tietoturva-aukko ehti olla auki kuukauden,
    sivustolta pääsi hakemaan henkilötietoja
    https://www.hs.fi/kotimaa/art-2000006312024.html
    Gigantti-klubi-nimisen etuasiakkuuden rekisteröintisivulla pystyi
    hakemaan puhelinnumerolla tietokannasta ihmisten henkilötietoja.
    Kyseinen tietokanta on markkina- ja luottotietoyhtiö Bisnoden
    yhteystieto- ja henkilömarkkinointirekisteri.. Gigantin
    markkinointijohtaja Sami Särkelä kertoi HS:lle sunnuntaina, että
    rekisteröintisivun lomake on ollut käytössä noin kuukauden ajan..
    Valitettavasti meille selvisi eilen lauantaina, että
    asiakastietolomakkeen koodissa oleva virhe on mahdollistanut
    sellaisten tietojen näkymisen, joka ei ole tietosuojan mukaista,
    Särkelä kertoi sähköpostitse. Hänen mukaansa järjestelmä on nyt
    suljettu, ja koodia korjataan parhaillaan.

    Reply
  31. Tomi Engdahl says:

    A blast of sunshine has hit a secretive banking network used by global ultra-wealthy figures following a massive hack by “Phineas Fisher“, a notorious self-described “hacktivist”, of Cayman National Bank and Trust, which serves nearly 1,500 accounts in Isle of Man. Transparency collective Distributed Denial of Secrets has began publishing copies of the bank’s servers, a cache of documents as well as communications among bankers and others. Journalists around the world are investigating and have begun releasing stories.

    Massive Hack Strikes Offshore Cayman National Bank and Trust
    https://unicornriot.ninja/2019/massive-hack-strikes-offshore-cayman-national-bank-and-trust/

    Isle of Man, UK – A blast of sunshine has hit a secretive banking network used by global ultra-wealthy figures following a massive hack by “Phineas Fisher“, a notorious self-described “hacktivist”, of Cayman National Bank and Trust, which serves nearly 1,500 accounts in Isle of Man. Transparency collective Distributed Denial of Secrets has began publishing copies of the bank’s servers, a cache of documents as well as communications among bankers and others.

    Reply
  32. Tomi Engdahl says:

    The Iran Cables
    https://theintercept.com/series/iran-cables/
    In an unprecedented leak from one of the worlds most secretive
    regimes, an anonymous source provided 700 pages of Iranian
    intelligence reports to The Intercept, saying they wanted to let the
    world know what Iran is doing in my country Iraq.. also:
    https://www.nytimes.com/interactive/2019/11/18/world/middleeast/iran-iraq-spy-cables.html.
    also: https://yle.fi/uutiset/3-11073974

    Reply
  33. Tomi Engdahl says:

    Hacker Publishes 2TB of Data From Cayman National Bank
    https://it.slashdot.org/story/19/11/18/2229213/hacker-publishes-2tb-of-data-from-cayman-national-bank?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    Offshore Bank Targeted By Phineas Fisher Confirms it Was Hacked
    “A criminal investigation is ongoing,” the Cayman National Bank from the Isle of Man said in a statement.
    https://www.vice.com/en_us/article/ne8p9b/offshore-bank-targeted-phineas-fisher-confirms-hack-cayman-national-bank

    Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies
    It’s a reward for hacktivists and criminals who break into capitalist institutions, offered by one of the most infamous hackers of all time.
    https://www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies

    Reply
  34. Tomi Engdahl says:

    That means that personal and payment information of almost every North American who has a credit card was compromised in the last 2 years.
    #privacybreach #staysecure #cyberwall #cybersecurity

    If you bought anything from these 20 companies recently, your data may have been stolen
    https://www.businessinsider.com/data-breaches-retailers-consumer-companies-2019-1?r=US&IR=T

    Data breaches are becoming common for all kinds of businesses, including retailers.
    Since the start of 2018, at least 20 retailers and consumer companies were hacked and likely had information stolen from them.
    Many of these breaches were caused by flaws in payment systems that were taken advantage of by hackers.
    Retailers who suffer data breaches risk losing their customers’ trust.

    According to a study by KPMG, 19% of consumers said they would completely stop shopping at a retailer after a breach, and 33% said they would take a break from shopping there for an extended period.

    Here are the consumer and retail companies that have suffered a data breach since January 2018

    Reply
  35. Tomi Engdahl says:

    Cops Can Now Get Warrants for Entire DNA Websites
    https://futurism.com/cops-warrant-entire-dna-websites

    With just a single warrant, a Florida detective obtained access to the DNA profiles of more than a million people — and experts say the case sets a dangerous precedent.

    Ancestry.com and 23andMe are the largest consumer DNA sites, holding genetic data on 15 million and 10 million people, respectively. However, they aren’t the only DNA sites out there — a smaller service, GEDmatch, currently has about 1.3 million users, each of whom is able to search the site’s entire database.

    Reply
  36. Tomi Engdahl says:

    Macy’s said hackers stole customer credit cards — again
    https://tcrn.ch/35leIYD

    In a filing with the California attorney general, the retail giant said hackers siphoned off customers’ names, addresses, and phone numbers, but also credit card numbers, card verification codes, and expiration dates by inserting malicious code on its website and quietly sending the stolen data back to the hackers.

    Reply
  37. Tomi Engdahl says:

    1.19 billion confidential medical images available on the internet
    https://www.helpnetsecurity.com/2019/11/20/confidential-medical-images/
    1.19 billion confidential medical images are now freely available on
    the internet, according to Greenbones research into the security of
    Picture Archiving and Communication Systems (PACS) servers used by
    health providers across the world to store images of X-rays as well as
    CT, MRI and other medical scans.. Greenbone report:
    https://www.greenbone.net/wp-content/uploads/Greenbone_Security_Report_Unprotected_Patient_Data_a_Review.pdf

    Reply
  38. Tomi Engdahl says:

    Exposed database left terabyte of travelers’ data open to the public
    https://www.cnet.com/news/exposed-database-left-terabyte-of-travelers-data-open-to-the-public/
    Security researchers found that one of Europe’s largest hotel booking
    companies left more than a terabyte of sensitive data exposed on a
    public server.. The exposed database contained travelers’ information
    like names, home addresses, lodging, children’s personal information,
    credit card numbers and thousands of passwords stored in plaintext,
    the security researchers said Wednesday. The database stores
    information on 140,000 clients, each of which could be an individual,
    a group of travelers or an organization.

    Reply
  39. Tomi Engdahl says:

    Video-editing upstart bares users’ raunchy flicks to world+dog via leaky AWS bucket
    Lock the front door, you chumps
    https://www.theregister.co.uk/2019/11/20/veed_io_unsecured_aws_bucket_user_videos_exposed/
    A British video-editing startup exposed what is claimed to be “thousands” of user-uploaded videos, including family films and home-made pornography, in an unsecured Amazon AWS bucket.
    “Criminals and malicious hackers could these videos against their creators to target them in various ways, with ruinous consequences, personally and financially,” said VPN Mentor, quite correctly pointing out that “private, intimate, home-made pornography is a valuable tool in blackmail and extortion”.
    There is no mitigation for VEED users: because the videos were left online for anyone to view and download, changing your password and all the standard security advice that normally applies for a data breach won’t have any effect here. All you can do is hope that nobody’s downloaded your self-starring grumble flicks and recognised you.

    Reply
  40. Tomi Engdahl says:

    Smartphone maker OnePlus discloses data breach
    Hackers accessed some OnePlus customer data through a vulnerability in the vendor’s website.
    https://www.zdnet.com/google-amp/article/smartphone-maker-oneplus-discloses-data-breach/?__twitter_impression=true

    OnePlus says hackers gained access to past customer orders. Exposed information included details like customer names, contact numbers, emails, and shipping addresses, but not passwords or financial details, the company said.

    This is the second security breach in the smartphone vendor’s short history. It suffered a similar one in January 2018, when attackers gained access to the data of around 40,000 users.

    Reply
  41. Tomi Engdahl says:

    T-Mobile confirms customers’ personal data accessed in hack
    https://www.engadget.com/2019/11/22/t-mobile-data-breach/

    Hackers were able to steal names, billing addresses, phone numbers and account information.

    https://www.tmonews.com/2019/11/t-mobile-data-breach-prepaid-customers/

    Reply
  42. Tomi Engdahl says:

    More than 1 million T-Mobile customers exposed by breach
    https://tcrn.ch/2reBgeT

    T-Mobile has confirmed a data breach affecting more than a million of its customers, whose personal data (but no financial or password data) was exposed to a malicious actor. The company alerted the affected customers but did not provide many details in its official account of the hack.

    https://www.t-mobile.com/customers/6305378822

    Reply
  43. Tomi Engdahl says:

    Personal And Social Information Of 1.2 Billion People Discovered In Massive Data Leak
    https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/

    On October 16, 2019 Bob Diachenko and Vinny Troia discovered a wide-open Elasticsearch server containing an unprecedented 4 billion user accounts spanning more than 4 terabytes of data.

    A total count of unique people across all data sets reached more than 1.2 billion people, making this one of the largest data leaks from a single source organization in history. The leaked data contained names, email addresses, phone numbers, LinkedIN and Facebook profile information.

    What makes this data leak unique is that it contains data sets that appear to originate from 2 different data enrichment companies.

    For a very low price, data enrichment companies allow you to take a single piece of information on a person (such as a name or email address), and expand (or enrich) that user profile to include hundreds of additional new data points of information. As seen with the Exactis data breach, collected information on a single person can include information such as household sizes, finances and income, political and religious preferences, and even a person’s preferred social activities.

    Reply
  44. Tomi Engdahl says:

    Synchrony Bank Hacked.
    https://www.reddit.com/r/personalfinance/comments/e1k0r6/scam_emails_from_synchrony_bank_andor_amazon/
    I got these two and have confirmed they are being sent by Synchrony’s email servers.

    Reply
  45. Tomi Engdahl says:

    Data leak exposes unchangeable biometric data of over 1 million people
    https://www.technologyreview.com/f/614163/data-leak-exposes-unchangeable-biometric-data-of-over-1-million-people/

    You can always change your password. Your fingerprints and face are another story.

    A major leak of data discovered this week in the UK includes fingerprints of over 1 million individuals, face recognition information, unencrypted names and passwords, and other personal info from Suprema, a security company used by UK police, banks, and military contractors, according to a report in the Guardian.

    Leaks: Data leaks happen with shocking regularity. Especially as companies have moved to the cloud in recent years, various misconfigurations and mistakes have left mountains of private data publicly exposed on the internet for anyone to see

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*