Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/
News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.
Is this a harbinger of a worse hacking landscape in 2019?
The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also data-driven businesses simultaneously move into the “target zone” of cyber attacks.
On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.
Here are links to some articles that can hopefully help you to handle your cyber security better:
Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/
Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/
622 Comments
Tomi Engdahl says:
“It’s not even hacking. It’s walking into an open door,”
https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-the-internet
https://www.euronews.com/2019/09/17/an-open-door-millions-of-health-records-unprotected-online
Tomi Engdahl says:
Thinkful confirms data breach days after Chegg’s $80M acquisition
https://tcrn.ch/2Attjnr
Thinkful, an online education site for developers, has confirmed a data breach, just days after it confirmed it would be acquired.
Tomi Engdahl says:
Nearly 5M DoorDash users affected in security breach
https://www.wpxi.com/news/trending-now/nearly-5m-doordash-users-affected-in-security-breach/990777510?fbclid=IwAR10ibE3zAuAlC9XvtCEJtwmBOLqy4XM8wT1xZkzrY6M4WJcwHkZKVmEGD4
Food delivery service DoorDash announced nearly 5 million customers, workers and merchants could have had their information stolen by hackers after a security breach earlier this year.
Tomi Engdahl says:
Data of 24.3 million Lumin PDF users shared on hacking forum
The person who leaked the data claims it notified Lumin PDF earlier this year but got no reply.
https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
DoorDash confirms a data breach on May 4 affecting 4.9M customers, workers, and merchants, with last-four digits of payment cards, driver’s license info stolen — DoorDash has confirmed a data breach. — The food delivery company said in a blog post Thursday that 4.9 million customers …
https://techcrunch.com/2019/09/26/doordash-data-breach/?tpcc=ECTW2019
Tomi Engdahl says:
Security Firm Comodo Hacked, as vBulletin Exploit Spawns
https://www.cbronline.com/news/comodo-hacked
Cybersecurity firm Comodo (slogan: “creating trust online”) says hackers exploited a new vulnerability in its user forum to steal the personal data of 245,000 users.
The zero day was dumped on the SecLists security forum on September 23; the exploit developer declining to go down a “responsible disclosure” route.
Another security researcher rapidly followed its publication with a script that scans the internet for vBulletin forums vulnerable to the zero day.
Comodo is unlikely the sole such company affecte
Comodo Hacked: Emails, Names, etc. Leaked
A vulnerability in vBulletin is manna from heaven for hackers as it’s known to be used by organisations such as NASA, games publish EA and games distribution platform Steam.
a zero-day exploits market platform, said the “bugdoor” had been circulating in the exploit community for three years.
Tomi Engdahl says:
Former Yahoo employee admits hacking into over 6000 users’ accounts, mostly of younger women, to find sexual images & videos. He then also hacked into their iCloud, Gmail, Facebook & other email-connected accounts in search of more private content.
Former Yahoo Software Engineer Pleads Guilty To Using Work Access To Hack Into Yahoo Users’ Personal Accounts
https://www.justice.gov/usao-ndca/pr/former-yahoo-software-engineer-pleads-guilty-using-work-access-hack-yahoo-users
Defendant admits illegally copying images and videos from about 6,000 Yahoo accounts
Tomi Engdahl says:
Games company Zynga has been relieved by hackers of the names, email addresses, login IDs, and hashed passwords of more than 200 million players. The pilfered database is also said to contain in some cases phone numbers, password reset tokens, Facebook IDs, and Zynga account IDs.
https://www.theregister.co.uk/2019/10/05/security_roundup_october_4/?utm_source=dlvr.it&utm_medium=facebook
Tomi Engdahl says:
https://thehackernews.com/2019/09/zynga-game-hacking.html?m=1
Tomi Engdahl says:
#Breach
https://thehackernews.com/2019/08/foxit-pdf-reader-data-breach.html
https://threatpost.com/tgi-fridays-data-exposure/147849/
https://www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/
https://www.theregister.co.uk/2019/09/02/teletext_holidays_200k_call_recordings_s3_bucket/
https://www.bleepingcomputer.com/news/security/xkcd-forum-breach-exposes-emails-passwords-of-562-000-users/
https://thehackernews.com/2019/09/xkcd-forum-hacked.html
https://www.securityweek.com/over-328000-users-hit-foxit-data-breach
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
https://www.securityweek.com/circleci-customer-data-exposed-through-third-party-vendor
https://www.securityweek.com/400-mn-facebook-users-phone-numbers-exposed-privacy-lapse-reports
https://www.securityweek.com/vulnerabilities-exposed-2-million-verizon-customer-contracts
https://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/
https://threatpost.com/198m-car-buyer-records-exposed-online/148231/
https://threatpost.com/major-groupon-ticketmaster-fraud-scheme-exposed-by-insecure-database/148246/
https://www.securityweek.com/car-dealer-marketing-firm-exposed-198-million-data-records
https://www.securityweek.com/security-firm-data-breach-exposes-millions-ecuadorians
Catalin Cimpanu / ZDNet:
Personal information of most of Ecuador’s population, including 6.7M children, left exposed online with home addresses, phone numbers, work information, more
https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/
https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/
https://www.zdnet.com/article/gootkit-malware-crew-left-their-database-exposed-online-without-a-password/
https://www.securityweek.com/security-firm-data-breach-exposes-millions-ecuadorians
https://www.securityweek.com/industry-reactions-massive-ecuador-data-leak
https://www.securityweek.com/doordash-breach-exposes-data-nearly-5-mn-users
Tomi Engdahl says:
The Sesame Street Live Store, where fans of the children’s show buy merchandise, is one of more than 6,500 websites that security researchers say are compromised by payment skimmers after an apparent incident at an e-commerce platform.
Breach at e-commerce provider gave hackers an entry to Sesame Street
https://www.cyberscoop.com/sesame-street-website-hacked-magecart/
Tomi Engdahl says:
More than 6,500 stores have been compromised, but the number could be around 20,000.
Hackers breach Volusion and start collecting card details from thousands of sites
https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d9d0005165af60001531f9b&utm_medium=trueAnthem&utm_source=facebook
More than 6,500 stores have been compromised, but the number could be around 20,000.
Tomi Engdahl says:
#Breach
https://thehackernews.com/2019/08/foxit-pdf-reader-data-breach.html
https://threatpost.com/tgi-fridays-data-exposure/147849/
https://www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/
https://www.theregister.co.uk/2019/09/02/teletext_holidays_200k_call_recordings_s3_bucket/
https://www.bleepingcomputer.com/news/security/xkcd-forum-breach-exposes-emails-passwords-of-562-000-users/
https://thehackernews.com/2019/09/xkcd-forum-hacked.html
https://www.securityweek.com/over-328000-users-hit-foxit-data-breach
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
https://www.securityweek.com/circleci-customer-data-exposed-through-third-party-vendor
https://www.securityweek.com/400-mn-facebook-users-phone-numbers-exposed-privacy-lapse-reports
https://www.securityweek.com/vulnerabilities-exposed-2-million-verizon-customer-contracts
https://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/
https://threatpost.com/198m-car-buyer-records-exposed-online/148231/
https://threatpost.com/major-groupon-ticketmaster-fraud-scheme-exposed-by-insecure-database/148246/
https://www.securityweek.com/car-dealer-marketing-firm-exposed-198-million-data-records
https://www.securityweek.com/security-firm-data-breach-exposes-millions-ecuadorians
Catalin Cimpanu / ZDNet:
Personal information of most of Ecuador’s population, including 6.7M children, left exposed online with home addresses, phone numbers, work information, more
https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/
https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/
https://www.zdnet.com/article/gootkit-malware-crew-left-their-database-exposed-online-without-a-password/
https://www.securityweek.com/security-firm-data-breach-exposes-millions-ecuadorians
https://www.securityweek.com/industry-reactions-massive-ecuador-data-leak
https://www.securityweek.com/doordash-breach-exposes-data-nearly-5-mn-users
https://threatpost.com/intimate-details-healthcare-workers-exposed-cloud-security/149007/
Tomi Engdahl says:
Geez, that’s a sensitive breach if ever I’ve seen one:
https://mobile.twitter.com/troyhunt/status/1182229517722476544?s=19&fbclid=IwAR08IqadQvyUIu3H3qDQu5lwy-ZIpXgx3tly1_w-Izp0qyfXH8YD3xFw91E
Data breach of the Dutch prostitute network http://Hookers.nl (yes really), resulting in a leak of IP, email addresses and encrypted passwords of 250.000 prostitutes and johns. Breach by leak in vBulletin
Tomi Engdahl says:
Hacker wants $300 for 250,000 records stolen from sex worker site
https://nakedsecurity.sophos.com/2019/10/14/hacker-asking-300-for-250000-records-stolen-from-sex-worker-site/
A hacker has stepped through a hole in vBulletin web software to steal all email addresses from a Dutch website for prostitution and escort customers and for sex workers themselves, Hookers.nl.
Tomi Engdahl says:
Someone hacked this massive marketplace selling stolen credit cards and removed nearly 26 million records
https://www.hackread.com/stolen-credit-card-data-trading-marketplace-hacked/
Tomi Engdahl says:
Mercedes-Benz app glitch exposed car owners’ information to other users
https://tcrn.ch/2qlbpRN
Mercedes-Benz car owners have said that the app they used to remotely locate, unlock and start their cars was displaying other people’s account and vehicle information.
Tomi Engdahl says:
Hacker Breached Servers Belonging to Multiple VPN Providers
https://www.bleepingcomputer.com/news/security/hacker-breached-servers-belonging-to-multiple-vpn-providers/?fbclid=IwAR3LDNdNf4ufoCd6AU1259_hwE0aqXXs9jOdUNGIlbtsewDjc83dmJbOQAU
Servers belonging to the NordVPN and TorGuard VPN companies were hacked and attackers stole and leaked the private keys associated with certificates used to secure their web servers and VPN configuration files.
Over the weekend, security researcher @hexdefined tweeted that NordVPN, of which we are an affiliate, was compromised as the private keys for their web site certificate were publicly leaked on the Internet.
this certificate is now expired
Servers for NordVPN, TorGuard, and possibly VikingVPN hacked
Tomi Engdahl says:
NordVPN confirms it was hacked
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
https://www.theverge.com/2019/10/21/20925065/nordvpn-server-breach-vpn-traffic-exposed-encryption
Tomi Engdahl says:
https://www.kcci.com/article/centurylink-inadvertently-leaks-customer-information-online/29520449
Tomi Engdahl says:
Open database leaked 179GB in customer, US government, and military records
The US Department of Homeland Security has become embroiled in the leak.
https://www.zdnet.com/article/autoclerk-database-leaked-customer-government-and-military-personal-records/
An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers.
On Monday, vpnMentor’s cybersecurity team, led by Noam Rotem and Ran Locar, said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group.
Tomi Engdahl says:
7.5 Million Records of Adobe Creative Cloud User Data Exposed
https://www.bleepingcomputer.com/news/security/75-million-records-of-adobe-creative-cloud-user-data-exposed/
Adobe secured a database with 7.5 million records belonging to Adobe Creative Cloud users. The cache was not protected in any way, allowing anyone access to client information if they knew how to find it.
Diachenko reported his findings to Adobe on October 19 and the company secured the Elasticsearch database on the same day.
screen capture that was taken by Diachenko shows the details that could be accessed without authentication
Tomi Engdahl says:
https://thehackernews.com/2019/10/adobe-database-leaked.html?m=1
Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users
With an estimated 15 million subscribers, Adobe Creative Cloud or Adobe CC is a subscription service that gives users access to the company’s full suite of popular creative software for desktop and mobile, including Photoshop, Illustrator, Premiere Pro, InDesign, Lightroom, and many more.
Raul says:
I believe that 100% security is never possible,The breach itself is not that serious, while the public backlash is quite hard. While it will damage NordVPN financialy, I think from now on NordVPN will probably invest a LOT more towards their security.. But who knows, we will see in a few months what will they do. Also the attacker stole one TLS key which was never used to encrypt user traffic on the VPN server. NordVPNs statement really shines some light on the issue. Yet most of the information that has been surfing around is not even worth reading. https://nordvpn.com/zh-tw/b… and the issue is so out of proportion when only one server out of thousands was affected.
Tomi Engdahl says:
A network of ‘camgirl’ sites exposed millions of users and sex workers
https://tcrn.ch/2PIoakg
A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected.
Tomi Engdahl says:
NordVPN users’ passwords used in credential-stuffing attacks
Ars Technica: NordVPN had a second wave of headlines this week after its breach last month. This time, a number of users’ credentials have been found in several Pastebin posts used in credential stuffing attacks.
[https://arstechnica.com/information-technology/2019/11/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks/](https://arstechnica.com/information-technology/2019/11/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks/)
Tomi Engdahl says:
Trend Micro rogue employee exposes customer data
https://www-bbc-com.cdn.ampproject.org/c/s/www.bbc.com/news/amp/technology-50315544
The company says an employee sold information from its customer-support database, including names and phone numbers, to a third party.
It became suspicious after customers started receiving phone calls from scammers posing as Trend Micro staff.
“It’s every security firm’s nightmare for something like this to occur,” cyber-expert and writer Graham Cluley told BBC News.
“You can have all the security in place to prevent external hackers getting in but that doesn’t stop internal staff from taking data and using it for nefarious purposes,” he said.
Trend Micro Discloses Insider Threat Impacting Some of its Consumer Customers
https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/
Tomi Engdahl says:
Trend Micro reveals rogue employee sold data of up to 120,000 customers
Updated: The cybersecurity firm says the attack came from within, leading to targeted scams.
https://www.zdnet.com/article/trend-micro-reveals-insider-threat-exposing-customer-data/
Tomi Engdahl says:
The 1GB SQL database appears to contain the entirety of the site’s information, including user names, private messages, public posts, registered email addresses, and IP addresses.
Someone Published All the Membership Data From a Neo-Nazi Website
https://futurism.com/the-byte/someone-published-membership-data-neo-nazi-website
Prior to its abrupt close in November 2017, Iron March was one of the most influential neo-Nazi websites in the world. Investigators have linked the site to murders, acts of terrorism, and fascist groups in at least nine different countries.
And now, thanks to a leak from an anonymous source, researchers have access to the entire contents of Iron March — including the user names, registered email addresses, and IP addresses of nearly 1,000 site members.
Tomi Engdahl says:
A ‘Data Breach’ at the DMV Exposed Personal Information of Thousands of Californians
Social Security numbers, immigration status, and other private details were improperly released
https://www.lamag.com/citythinkblog/dmv-data-breach/
California’s DMV just can’t seem to get its act together, and today, news broke of a new problem at the agency. Private information about around 3,200 California drivers was improperly made available to agencies outside the DMV.
Tomi Engdahl says:
Breach affecting 1 million was caught only after hacker maxed out target’s storage
Hacker’s data archive file grew so big that the target’s hard drive ran out of space.
https://arstechnica.com/information-technology/2019/11/breach-affecting-1-million-was-caught-only-after-hacker-maxed-out-targets-storage/#
Tomi Engdahl says:
Hundreds of cops may have been exposed to data breach, Fairfax County police chief says
https://www.fox5dc.com/news/hundreds-of-cops-may-have-been-exposed-to-data-breach-fairfax-county-police-chief-says
FAIRFAX, Va. – Officials say a possible data breach may have compromised the personal information of more than 500 employees of a Virginia police department.
Tomi Engdahl says:
‘Magic: The Gathering’ game maker exposed 452,000 players’ account data
http://social.techcrunch.com/2019/11/16/magic-the-gathering-wizards-data-exposure/
The maker of Magic: The Gathering has confirmed that a security lapse exposed the data on hundreds of thousands of game players.
The game’s developer, the Washington-based Wizards of the Coast, left a database backup file in a public Amazon Web Services storage bucket. The database file contained user account information for the game’s online arena. But there was no password on the storage bucket, allowing anyone to access the files inside.
Tomi Engdahl says:
Gigantin sivuston tietoturva-aukko ehti olla auki kuukauden,
sivustolta pääsi hakemaan henkilötietoja
https://www.hs.fi/kotimaa/art-2000006312024.html
Gigantti-klubi-nimisen etuasiakkuuden rekisteröintisivulla pystyi
hakemaan puhelinnumerolla tietokannasta ihmisten henkilötietoja.
Kyseinen tietokanta on markkina- ja luottotietoyhtiö Bisnoden
yhteystieto- ja henkilömarkkinointirekisteri.. Gigantin
markkinointijohtaja Sami Särkelä kertoi HS:lle sunnuntaina, että
rekisteröintisivun lomake on ollut käytössä noin kuukauden ajan..
Valitettavasti meille selvisi eilen lauantaina, että
asiakastietolomakkeen koodissa oleva virhe on mahdollistanut
sellaisten tietojen näkymisen, joka ei ole tietosuojan mukaista,
Särkelä kertoi sähköpostitse. Hänen mukaansa järjestelmä on nyt
suljettu, ja koodia korjataan parhaillaan.
Tomi Engdahl says:
A blast of sunshine has hit a secretive banking network used by global ultra-wealthy figures following a massive hack by “Phineas Fisher“, a notorious self-described “hacktivist”, of Cayman National Bank and Trust, which serves nearly 1,500 accounts in Isle of Man. Transparency collective Distributed Denial of Secrets has began publishing copies of the bank’s servers, a cache of documents as well as communications among bankers and others. Journalists around the world are investigating and have begun releasing stories.
Massive Hack Strikes Offshore Cayman National Bank and Trust
https://unicornriot.ninja/2019/massive-hack-strikes-offshore-cayman-national-bank-and-trust/
Isle of Man, UK – A blast of sunshine has hit a secretive banking network used by global ultra-wealthy figures following a massive hack by “Phineas Fisher“, a notorious self-described “hacktivist”, of Cayman National Bank and Trust, which serves nearly 1,500 accounts in Isle of Man. Transparency collective Distributed Denial of Secrets has began publishing copies of the bank’s servers, a cache of documents as well as communications among bankers and others.
Tomi Engdahl says:
The Iran Cables
https://theintercept.com/series/iran-cables/
In an unprecedented leak from one of the worlds most secretive
regimes, an anonymous source provided 700 pages of Iranian
intelligence reports to The Intercept, saying they wanted to let the
world know what Iran is doing in my country Iraq.. also:
https://www.nytimes.com/interactive/2019/11/18/world/middleeast/iran-iraq-spy-cables.html.
also: https://yle.fi/uutiset/3-11073974
Tomi Engdahl says:
Hacker Publishes 2TB of Data From Cayman National Bank
https://it.slashdot.org/story/19/11/18/2229213/hacker-publishes-2tb-of-data-from-cayman-national-bank?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Offshore Bank Targeted By Phineas Fisher Confirms it Was Hacked
“A criminal investigation is ongoing,” the Cayman National Bank from the Isle of Man said in a statement.
https://www.vice.com/en_us/article/ne8p9b/offshore-bank-targeted-phineas-fisher-confirms-hack-cayman-national-bank
Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies
It’s a reward for hacktivists and criminals who break into capitalist institutions, offered by one of the most infamous hackers of all time.
https://www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies
Tomi Engdahl says:
That means that personal and payment information of almost every North American who has a credit card was compromised in the last 2 years.
#privacybreach #staysecure #cyberwall #cybersecurity
If you bought anything from these 20 companies recently, your data may have been stolen
https://www.businessinsider.com/data-breaches-retailers-consumer-companies-2019-1?r=US&IR=T
Data breaches are becoming common for all kinds of businesses, including retailers.
Since the start of 2018, at least 20 retailers and consumer companies were hacked and likely had information stolen from them.
Many of these breaches were caused by flaws in payment systems that were taken advantage of by hackers.
Retailers who suffer data breaches risk losing their customers’ trust.
According to a study by KPMG, 19% of consumers said they would completely stop shopping at a retailer after a breach, and 33% said they would take a break from shopping there for an extended period.
Here are the consumer and retail companies that have suffered a data breach since January 2018
Tomi Engdahl says:
Cops Can Now Get Warrants for Entire DNA Websites
https://futurism.com/cops-warrant-entire-dna-websites
With just a single warrant, a Florida detective obtained access to the DNA profiles of more than a million people — and experts say the case sets a dangerous precedent.
Ancestry.com and 23andMe are the largest consumer DNA sites, holding genetic data on 15 million and 10 million people, respectively. However, they aren’t the only DNA sites out there — a smaller service, GEDmatch, currently has about 1.3 million users, each of whom is able to search the site’s entire database.
Tomi Engdahl says:
Macy’s said hackers stole customer credit cards — again
https://tcrn.ch/35leIYD
In a filing with the California attorney general, the retail giant said hackers siphoned off customers’ names, addresses, and phone numbers, but also credit card numbers, card verification codes, and expiration dates by inserting malicious code on its website and quietly sending the stolen data back to the hackers.
Tomi Engdahl says:
1.19 billion confidential medical images available on the internet
https://www.helpnetsecurity.com/2019/11/20/confidential-medical-images/
1.19 billion confidential medical images are now freely available on
the internet, according to Greenbones research into the security of
Picture Archiving and Communication Systems (PACS) servers used by
health providers across the world to store images of X-rays as well as
CT, MRI and other medical scans.. Greenbone report:
https://www.greenbone.net/wp-content/uploads/Greenbone_Security_Report_Unprotected_Patient_Data_a_Review.pdf
Tomi Engdahl says:
Exposed database left terabyte of travelers’ data open to the public
https://www.cnet.com/news/exposed-database-left-terabyte-of-travelers-data-open-to-the-public/
Security researchers found that one of Europe’s largest hotel booking
companies left more than a terabyte of sensitive data exposed on a
public server.. The exposed database contained travelers’ information
like names, home addresses, lodging, children’s personal information,
credit card numbers and thousands of passwords stored in plaintext,
the security researchers said Wednesday. The database stores
information on 140,000 clients, each of which could be an individual,
a group of travelers or an organization.
Tomi Engdahl says:
Video-editing upstart bares users’ raunchy flicks to world+dog via leaky AWS bucket
Lock the front door, you chumps
https://www.theregister.co.uk/2019/11/20/veed_io_unsecured_aws_bucket_user_videos_exposed/
A British video-editing startup exposed what is claimed to be “thousands” of user-uploaded videos, including family films and home-made pornography, in an unsecured Amazon AWS bucket.
“Criminals and malicious hackers could these videos against their creators to target them in various ways, with ruinous consequences, personally and financially,” said VPN Mentor, quite correctly pointing out that “private, intimate, home-made pornography is a valuable tool in blackmail and extortion”.
There is no mitigation for VEED users: because the videos were left online for anyone to view and download, changing your password and all the standard security advice that normally applies for a data breach won’t have any effect here. All you can do is hope that nobody’s downloaded your self-starring grumble flicks and recognised you.
Tomi Engdahl says:
Smartphone maker OnePlus discloses data breach
Hackers accessed some OnePlus customer data through a vulnerability in the vendor’s website.
https://www.zdnet.com/google-amp/article/smartphone-maker-oneplus-discloses-data-breach/?__twitter_impression=true
OnePlus says hackers gained access to past customer orders. Exposed information included details like customer names, contact numbers, emails, and shipping addresses, but not passwords or financial details, the company said.
This is the second security breach in the smartphone vendor’s short history. It suffered a similar one in January 2018, when attackers gained access to the data of around 40,000 users.
Tomi Engdahl says:
T-Mobile confirms customers’ personal data accessed in hack
https://www.engadget.com/2019/11/22/t-mobile-data-breach/
Hackers were able to steal names, billing addresses, phone numbers and account information.
https://www.tmonews.com/2019/11/t-mobile-data-breach-prepaid-customers/
Tomi Engdahl says:
More than 1 million T-Mobile customers exposed by breach
https://tcrn.ch/2reBgeT
T-Mobile has confirmed a data breach affecting more than a million of its customers, whose personal data (but no financial or password data) was exposed to a malicious actor. The company alerted the affected customers but did not provide many details in its official account of the hack.
https://www.t-mobile.com/customers/6305378822
Tomi Engdahl says:
Personal And Social Information Of 1.2 Billion People Discovered In Massive Data Leak
https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/
On October 16, 2019 Bob Diachenko and Vinny Troia discovered a wide-open Elasticsearch server containing an unprecedented 4 billion user accounts spanning more than 4 terabytes of data.
A total count of unique people across all data sets reached more than 1.2 billion people, making this one of the largest data leaks from a single source organization in history. The leaked data contained names, email addresses, phone numbers, LinkedIN and Facebook profile information.
What makes this data leak unique is that it contains data sets that appear to originate from 2 different data enrichment companies.
For a very low price, data enrichment companies allow you to take a single piece of information on a person (such as a name or email address), and expand (or enrich) that user profile to include hundreds of additional new data points of information. As seen with the Exactis data breach, collected information on a single person can include information such as household sizes, finances and income, political and religious preferences, and even a person’s preferred social activities.
Tomi Engdahl says:
https://www.stuk.fi/stuk-valvoo/lasereiden-valvonta
Tomi Engdahl says:
Synchrony Bank Hacked.
https://www.reddit.com/r/personalfinance/comments/e1k0r6/scam_emails_from_synchrony_bank_andor_amazon/
I got these two and have confirmed they are being sent by Synchrony’s email servers.
Tomi Engdahl says:
Data leak exposes unchangeable biometric data of over 1 million people
https://www.technologyreview.com/f/614163/data-leak-exposes-unchangeable-biometric-data-of-over-1-million-people/
You can always change your password. Your fingerprints and face are another story.
A major leak of data discovered this week in the UK includes fingerprints of over 1 million individuals, face recognition information, unencrypted names and passwords, and other personal info from Suprema, a security company used by UK police, banks, and military contractors, according to a report in the Guardian.
Leaks: Data leaks happen with shocking regularity. Especially as companies have moved to the cloud in recent years, various misconfigurations and mistakes have left mountains of private data publicly exposed on the internet for anyone to see