Cyber breaches abound in 2019

Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/

News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.

Is this a harbinger of a worse hacking landscape in 2019?

The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also  data-driven businesses simultaneously move into the “target zone” of cyber attacks.

On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.

Here are links to some articles that can hopefully help you to handle your cyber security better:

Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/

Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/

622 Comments

  1. Tomi Engdahl says:

    FBI Seizes Website Suspected Of Selling Access To Billions Of Pieces Of Stolen Data
    https://www.npr.org/2020/01/17/797282149/fbi-seizes-website-suspected-of-selling-access-to-billions-of-pieces-of-stolen-d?utm_source=facebook.com&utm_campaign=npr&utm_medium=social&utm_term=nprnews

    U.S. authorities have seized the domain name of a website that allegedly sold access to billions of usernames, email addresses, passwords and other sensitive information stolen in data breaches.

    Now, visitors to the not-so-subtle website – weleakinfo.com — are greeted with a homepage that reads, “This Domain Has Been Seized.”

    The Justice Department and the FBI took control of the site as part of a “comprehensive law enforcement action” involving authorities in Germany, Northern Ireland, the U.K. and the Netherlands. Two men in Europe have been arrested so far in connection with the site.

    WeLeakInfo billed itself as a “search engine” that subscribers could use to pore over data illegally obtained from more than 10,000 data breaches, U.S. authorities said in a statement.

    WeLeakInfo.com Domain Name Seized
    https://www.justice.gov/usao-dc/pr/weleakinfocom-domain-name-seized

    Site Had Sold Access to Hacked Personal Information and Account Logins

    The website had claimed to provide its users a search engine to review and obtain the personal information illegally obtained in over 10,000 data breaches containing over 12 billion indexed records – including, for example, names, email addresses, usernames, phone numbers, and passwords for online accounts. The website sold subscriptions so that any user could access the results of these data breaches, with subscriptions providing unlimited searches and access during the subscription period (one day, one week, one month, or three months).

    Reply
  2. Tomi Engdahl says:

    THE FBI JUST NOW FINDS THIS SITE WITH 12 BILLION STOLEN RECORDS?!!
    https://www.tacticalshit.com/the-fbi-just-now-finds-this-site-with-12-billion-stolen-records/

    Things are getting spicy in the internet world and we are filling you in on it!

    Storm clouds are gathering in the world of cybersecurity.

    We’ve written lots about the site Have I Been Pwned, which maintains a massive database of leaked credentials so that victims can see if they’re affected. The bizarro world version of that is sites like WeLeakInfo, which takes that same data breach data and sells it for rock bottom prices to hackers who want to exploit it. This week, the FBI announced that it had seized WeLinkInfo

    Reply
  3. Tomi Engdahl says:

    Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
    The list was shared by the operator of a DDoS booter service.
    https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/

    A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) “smart” devices.

    The list, which was published on a popular hacking forum, includes each device’s IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.

    Reply
  4. Tomi Engdahl says:

    Adult Site Leaks 20GB of Porn Cam Models Data, Including Names, Passport Scans
    https://news.softpedia.com/news/adult-site-leaks-20gb-of-porn-cam-models-data-including-names-passport-scans-528892.shtml

    More than 875,000 files that included data belonging to over 4,000 models working on adult websites have been exposed in a nearly 20GB data publicly available on an Amazon server located in Virginia.

    Security researchers at vpnMentor reveal in an analysis of the leak that the server belongs to adult affiliate network PussyCash, owner of ImLive and having more than 66 million members.

    The exposed data includes extremely sensitive information belonging to the cam models, including full names, birth date and birth place, nationality, passport ID numbers and details, ID photo, signature, fingerprints, and emergency contacts. Furthermore, the researchers discovered photographs and scans of full passports and national identification cards with visible data such as full home addresses and ID photos.

    Unsecured and unencrypted database
    Some of the folders are likely to be up to 20 years old, but at the same time, the most recent folders are believed to have been created approximately a few weeks ago.

    The database was completely unsecured and unencrypted, vpnMentor says, and a browser was the only tool required to access all files hosted on the server.

    Reply
  5. Tomi Engdahl says:

    Liza Lin / Wall Street Journal:
    An unsecured facial-recognition database with info on thousands of children from 20 schools in China, half in areas with large Tibetan populations, found online

    Thousands of Chinese Students’ Data Exposed on Internet
    Information leak from facial-recognition database raises questions about school surveillance and cybersecurity in China
    https://www.wsj.com/articles/thousands-of-chinese-students-data-exposed-on-internet-11579283410

    A Chinese facial-recognition database with information on thousands of children was stored without protection on the internet, a researcher discovered, raising questions about school surveillance and cybersecurity in China.

    Reply
  6. Tomi Engdahl says:

    Mitsubishi Electric discloses security breach, China is main suspect
    https://www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/
    In a short statement published today on its website, Mitsubishi
    Electric, one of the world’s largest electronics and electrical
    equipment manufacturing firms, disclosed a major security breach..
    Although the breach occurred last year, on June 28, and an official
    internal investigation began in September, the Tokyo-based corporation
    disclosed the security incident today, only after two local
    newspapers, the Asahi Shimbun and Nikkei, published stories about the
    hack.. Both publications blamed the intrusion on a Chinese-linked
    cyber-espionage group named Tick (or Bronze Butler), known to the
    cyber-security industry for targeting Japan over the past few years

    Reply
  7. Tomi Engdahl says:

    Hanna Andersson Data Breach: Hackers Compromise Website of Children’s Clothier
    https://www.securityweek.com/hanna-andersson-data-breach-hackers-compromise-website-childrens-clothier

    Portland, Oregon-based children’s clothing maker Hanna Andersson has quietly disclosed a breach to affected customers. Very few details of the breach have been made public.

    Reply
  8. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/10341-microsoft-paljasti-250-miljoonaa-asiakastietoa

    Uuden vuoden aikaan Microsoft paljasti verkossa lähes 250 miljoonaa asiakaspalvelu- ja tukitietoa (CSS). Tietueissa oli lokit keskusteluista Microsoftin tukiasiamiesten ja asiakkaiden välillä ympäri maailmaa, ja ne ulottuivat 14 vuoden ajanjaksolle vuodesta 2005 joulukuuhun 2019. Kaikki tiedot olivat kenen tahansa luettavissa pelklllä webbiselaimella.

    Bob Diachenkon johtama Comparitech-tietoturvatutkimusryhmä paljasti viisi Elasticsearch-palvelinta, joista jokainen sisälsi ilmeisesti samanlaisen 250 miljoonan tietueen sarjan. Diachenko ilmoitti heti Microsoftille paljastuneen tiedon löytämisestä, ja Microsoft ryhtyi pikaisiin toimiin sen turvaamiseksi.

    Tietokantojen paljastuminen on aika tavallista. Esimerkiksi viime vuoden lopulla 267 miljoonan Facebook-käyttäjän nimet ja puhelinnumerot olivat netissä vapaasti luettavissa.

    Reply
  9. Tomi Engdahl says:

    China steals ‘massive amounts’ of data in West, US official says
    Iran has allegedly hacked ‘almost 200 universities
    https://www.foxbusiness.com/technology/china-steals-massive-amounts-of-data-in-west-us-official-says

    Robert Strayer, deputy assistant secretary of state for cyber and international communications, said in Paris that the data theft “happens on a regular basis.”

    Over the last few years, the Chinese “compromised the largest of the global service providers and cloud providers … and they use that to gain access to the corporate databases of major, large companies,” he told reporters. The stolen data is “in some cases” given to private industry within China “to compete against” the companies they stole from, Strayer said.

    Reply
  10. Tomi Engdahl says:

    China is stealing “massive amounts” of data from Western companies and Iran has stolen data from some 200 universities, the top U.S. cybersecurity diplomat said Wednesday

    China steals ‘massive amounts’ of data in West, US official says
    Iran has allegedly hacked ‘almost 200 universities
    https://www.foxbusiness.com/technology/china-steals-massive-amounts-of-data-in-west-us-official-says

    PARIS — China is stealing “massive amounts” of data from Western companies and Iran has stolen data from some 200 universities, the top U.S. cybersecurity diplomat said Wednesday.

    Reply
  11. Tomi Engdahl says:

    Sodinokibi Ransomware Threatens to Publish Data of Automotive Group
    https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/
    The attackers behind the Sodinokibi Ransomware are now threatening to
    publish data stolen from another victim after they failed to get in
    touch and pay the ransom to have the data decrypted.. Sodinokibi
    claims that this data was stolen from GEDIA Automotive Group, a German
    automotive supplier with production plants in Germany, China, Hungary,
    India, Mexico, Poland, Hungary, Spain, and the USA.

    Sodinokibi Ransomware Threatens to Publish Data of Automotive Group
    https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/
    The attackers behind the Sodinokibi Ransomware are now threatening to
    publish data stolen from another victim after they failed to get in
    touch and pay the ransom to have the data decrypted.. Sodinokibi
    claims that this data was stolen from GEDIA Automotive Group, a German
    automotive supplier with production plants in Germany, China, Hungary,
    India, Mexico, Poland, Hungary, Spain, and the USA.

    Reply
  12. Tomi Engdahl says:

    Maze Ransomware Not Getting Paid, Leaks Data Left and Right
    https://www.bleepingcomputer.com/news/security/maze-ransomware-not-getting-paid-leaks-data-left-and-right/
    Maze ransomware operators have infected computers from Medical
    Diagnostic Laboratories (MDLab) and are releasing close to 9.5GB of
    data stolen from infected machines.. This action was prompted by the
    company’s refusal to pay a ransom of 200 bitcoins (a little over $1.7
    million today) that would buy from the attacker the file decryption
    key from the attacker and the promise to destroy the data.

    Reply
  13. Tomi Engdahl says:

    Tietovuoto Porin rakennusvalvonnassa noin 2 000 asiakkaan lupatiedot
    olivat ulkopuolisten ulottuvilla
    https://yle.fi/uutiset/3-11173114
    Järjestelmään on asetettu suojaus, eikä kaupungin mukaan
    väärinkäyttötapauksia ole havaittu.

    Reply
  14. Tomi Engdahl says:

    WindiLeaks: 250 million Microsoft customer support records dating back to 2005 exposed to open internet
    Quickly shuttered partially redacted leaky DB included ‘internal notes marked as confidential’
    https://www.theregister.co.uk/2020/01/22/microsoft_support_database_leak/

    Reply
  15. Tomi Engdahl says:

    Amazon Engineer Leaks Encryption Keys To Public GitHub Repo

    https://gizmodo.com/amazon-engineer-leaked-private-encryption-keys-outside-1841160934

    An Amazon Web Services (AWS) engineer last week inadvertently made public almost a gigabyte’s worth of sensitive data, including their own personal documents as well as passwords and cryptographic keys to various AWS environments.

    While these kinds of leaks are not unusual or special, what is noteworthy here is how quickly the employee’s credentials were recovered by a third party, who—to the employee’s good fortune, perhaps—immediately warned the company.

    On the morning of January 13, an AWS employee, identified as a DevOps Cloud Engineer on LinkedIn, committed nearly a gigabyte’s worth of data to a personal GitHub repository bearing their own name. Roughly 30 minutes later, Greg Pollock, vice president of product at UpGuard, a California-based security firm, received a notification about a potential leak from a detection engine pointing to the repo.

    “In reviewing this publicly accessible data, I have come to the conclusion that data stemming from your company, of some level of sensitivity, is present and exposed to the public internet,” he told AWS by email.

    AWS responded gratefully about four hours later and the repo was suddenly offline.

    At least some of the documents in the cache, however, are labeled “Amazon Confidential.”

    UpGuard says it chose to make the incident known to demonstrate the importance of early detection and underscore that cloud security is not invulnerable to human error.

    Reply
  16. Tomi Engdahl says:

    No big deal, Rogers, your internal source code and keys are only on the open web. Don’t hurry to take it down
    https://www.theregister.co.uk/2020/01/24/rogers_code_exposed/

    ‘Closed source’ blueprints available for all to gawp at – and potentially exploit

    Source code, internal user names and passwords, and private keys, for the website and online account systems of Canadian telecoms giant Rogers have been found sitting on the open internet.

    The leaked software, seemingly uploaded to GitHub by a Rogers engineer before they left the telco, is written in Java and powered various components of Rogers.com. The materials are marked “closed source” and copyright Rogers, yet can be found on the web if you know where to look. Details of and credentials for services and systems on the ISP’s internal networks are included.

    Reply
  17. Tomi Engdahl says:

    Microsoft exposes 250M customer service records via misconfigured Elasticsearch database
    https://siliconangle.com/2020/01/22/microsoft-exposes-250m-customer-service-records-via-misconfigured-elasticsearch-database/

    “Misconfigurations are unfortunately a common error across the industry,” Microsoft’s Security Response Center noted. “We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database. As we’ve learned, it is good to periodically review your own configurations and ensure you are taking advantage of all protections available.”

    Reply
  18. Tomi Engdahl says:

    Wawa customer’s hacked info being sold, cybersecurity firm says
    https://6abc.com/firm-says-wawa-customers-hacked-credit-card-info-being-sold/5886283/

    Wawa said Tuesday it is responding to reports that hacked information from its customers’ credit cards may be being sold on the dark web.

    The company said in a news release that customers who may be affected can obtain free credit monitoring and identity theft protection.

    Cybersecurity firm Gemini Advisory said information from the Wawa theft began to show up for sale on the dark web this week. Gemini said the data breach ranks among the largest ever, potentially exposing 30 million sets of payment records.

    The breach affected all of Pennsylvania-based Wawa’s stores, which stretch along the East Coast.
    https://6abc.com/5769537/

    Reply
  19. Tomi Engdahl says:

    A Christian-friendly payments processor spilled 6 million transaction records online
    https://techcrunch.com/2020/01/28/cornerstone-payments-credit-cards/?tpcc=ECFB2020

    A little-known payments processor, which bills itself as a Christian-friendly company that does “not process credit card transactions for morally objectionable businesses,” left online a database containing years’ worth of customer payment transactions.

    The database contained 6.7 million records since 2013, and was updating by the day. But the database was not protected with a password, allowing anyone to look inside.

    Security researcher Anurag Sen found the database. TechCrunch identified its owner as Cornerstone Payment Systems

    Although there was some evidence of tokenization — a way of replacing sensitive information with a unique string of letters and numbers — the database itself was not encrypted.

    Reply
  20. Tomi Engdahl says:

    According to the researchers’ report, the breach allowed them to access information about more than 30,000 buyers, including scans of government-issued photo IDs and details about the amount and types of cannabis products customers purchased

    30,000 MARIJUANA BUYERS’ PERSONAL INFO EXPOSED IN DATA BREACH
    https://futurism.com/the-byte/30000-marijuana-buyers-personal-info-exposed-data-breach

    A team of data privacy researchers discovered a major breach in a platform used by multiple marijuana dispensaries in the United States to manage sales.

    According to the researchers’ report, the breach allowed them to access information about more than 30,000 buyers, including scans of government-issued photo IDs and details about the amount and types of cannabis products customers purchased.

    Report: Cannabis Users’ Sensitive Data Exposed in Data Breach
    https://www.vpnmentor.com/blog/report-thsuite-breach/

    Reply
  21. Tomi Engdahl says:

    LabCorp security lapse exposed thousands of medical documents
    https://tcrn.ch/38J4Eu2

    A security flaw in LabCorp’s website exposed thousands of medical documents, like test results containing sensitive health data.

    It’s the second incident in the past year after LabCorp said in June that 7.7 million patients had been affected by a credit card data breach of a third-party payments processor. That breach also hit several other laboratory testing companies, including Quest Diagnostics.

    Using computer commands, we determined the approximate number of exposed documents by asking the exposed server if a document existed by returning certain properties about the file — such as its size — but not the document itself. This allowed us to see if a document was on the server without accessing large amounts of patient information, and thus preventing any further exposure to the patient’s privacy.

    The results showed at least 10,000 documents were exposed.

    Running afoul of HIPAA can result in heavy fines.

    “This is a massive privacy issue — and one that could impact affected users and patients for years to come,” said Rachel Tobac, a hacker, social engineer and founder of SocialProof Security. “The sensitive nature of those documents and the leak of private medical status is a huge privacy violation for those patients for obvious reasons, but also sadly for some possibly less glaring reasons, as well.”

    Reply
  22. Tomi Engdahl says:

    “There were lengthy delays in security projects, and, internally, departments were ignoring compliance efforts……over the nearly 1,500 websites and web apps identified only a single one had carried out a security assessment.”

    UN didn’t patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it
    https://www.theregister.co.uk/2020/01/29/un_covered_up_hack/

    For an organization accused of being ‘all talk, no action’, there’s not even enough talking – to its own employees

    The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants’ fingertips. Incredibly, the organization decided to cover it up without informing those affected nor the public.

    That is the extraordinary claim of The New Humanitarian, which until a few years ago was an official UN publication covering humanitarian crises. Today, it said the UN has confirmed both the hack and the decision not to divulge any details.

    Dozens of UN servers were impacted in an attack that began in mid-July 2019 but was only noticed one month later, according to a confidential report dated September 20. The publication gained access to that report, which outlines a series of security holes discovered by an external forensic company as well as internal efforts to contain the hack.

    A senior IT official dubbed the attack a “major meltdown,” in which personnel records – as well as contract data covering thousands of individuals and organizations – was accessed

    Reply
  23. Tomi Engdahl says:

    Cannabis Data Breach Leaks 85,000 Dispensary Files
    https://www.ganjapreneur.com/cannabis-data-breach-leaks-85000-dispensary-files/

    A data breach discovered in the cannabis point-of-sale system THSuite has reportedly leaked more than 85,000 files from dispensaries, including patient info, throughout the U.S.

    Reply
  24. Tomi Engdahl says:

    Dozens of companies have data dumped online by ransomware ring seeking
    leverage
    https://arstechnica.com/information-technology/2020/01/dozens-of-companies-have-data-dumped-online-by-ransomware-ring-seeking-leverage/
    Maze operators “gift” Pensacola by removing data dump, but others not
    so lucky.. The Maze ransomware ring has taken extortion to new heights
    by publicly posting breached data on the Internetand threatening full
    dumps of stolen data if the ring’s “customers” don’t pay for their
    files to be unencrypted.

    Reply
  25. Tomi Engdahl says:

    Twitter warns hackers exploited an API bug on its platform to inappropriately match and learn linked phone numbers of millions of users. Based on IP addresses engaged in the attack, Twitter believes some of them may have ties to state-sponsored actors.

    An Incident Impacting your Account Identity
    https://privacy.twitter.com/en/blog/2020/an-incident-impacting-your-account-identity

    On December 24, 2019 we became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers. We immediately suspended these accounts and are disclosing the details of our investigation to you today because we believe it’s important that you are aware of what happened, and how we fixed it.

    Reply
  26. Tomi Engdahl says:

    Millions of Israeli voters’ data leaked by election management app
    https://www.slashgear.com/millions-of-israeli-voters-data-leaked-by-election-management-app-09609144/

    Elections are one of the oldest sociopolitical activities of humanity and, given its rather sensitive nature, has been slow to change over the centuries. Attempts to modernize elections and the systems around them have always been met with suspicion and scrutiny due to fears of data and security breaches. In Israel, those fears materialized in what may be the worst case the country has faced, and it isn’t even due to the election system itself and only a third-party app for managing voters

    “one-off incident that was immediately dealt with”. It might have been too late, however, as unrestricted access to data of 6,453,254 citizens in Israel may have been available for an undisclosed period of time. Those pieces of information included full names, identity card numbers, addresses, genders, phone numbers, and other pieces of personal data

    Israeli newspapers Haaretz reports that this isn’t the first time the Likud has been involved in security breaches but this may be one of the most massive.

    Various parties, advocates, and experts have pointed out the security risks of the system in the past

    Reply
  27. Tomi Engdahl says:

    Horrible but hilarious… #CampaigningTheRightWay #RightClickViewSource

    Personal Data of All 6.5 Million Israeli Voters Is Exposed
    https://www.nytimes.com/2020/02/10/world/middleeast/israeli-voters-leak.html

    Reply
  28. Tomi Engdahl says:

    Misconfigured Docker Registries Expose Thousands of Repositories
    https://www.securityweek.com/misconfigured-docker-registries-expose-thousands-repositories

    Thousands of code repositories were found exposed in over one hundred Docker registries that are accessible from the Internet without authentication, Palo Alto Network reports.

    Containing critical business data such as application source code and historical versions, these registries could put an organization’s entire cloud infrastructure at risk. Exposure could result in stolen proprietary intellectual property, hijacked operation critical data, or malicious code being injected.

    Docker registries are servers where Docker images are stored and organized into repositories, with each repo containing images of one application and multiple versions of the application, each with a unique tag. Docker registries include support for three primary operations: pushing, pulling, and deleting images.

    Of 941 Docker registries found to be exposed to the Internet, 117 do not require authentication, Palo Alto Networks’ security researchers say. Of the misconfigured registries, 80 allow the pull operation, 92 the push operation, and 7 the delete operation.

    Reply
  29. Tomi Engdahl says:

    Software Error Exposes the ID Numbers For 1.26 Million Danish Citizens
    https://yro.slashdot.org/story/20/02/10/2022246/software-error-exposes-the-id-numbers-for-126-million-danish-citizens?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    A software error in Denmark’s government tax portal has accidentally exposed the personal identification (CPR) numbers for 1.26 million Danish citizens, a fifth of the country’s total population.

    Software error exposes the ID numbers for 1.26 million Danish citizens
    Danish tax portal accidentally shares tax payer identification numbers with Google and Adobe analytics services.
    https://www.zdnet.com/article/software-error-exposes-the-id-numbers-for-1-26-million-danish-citizens/

    Reply
  30. Tomi Engdahl says:

    App Used by Netanyahu’s Likud Leaks Israel’s Entire Voter Registry
    https://www.haaretz.com/israel-news/elections/.premium-app-used-by-netanyahu-s-likud-leaks-israel-s-entire-voter-registry-1.8509696
    The Likud has uploaded the full register of Israeli voters to an
    application, causing the leak of personal data on 6,453,254 citizens.
    The information includes the full names, identity card numbers,
    addresses and gender of every single eligible voter in Israel, as well
    as the phone numbers and other personal details of some of them..
    Also:
    https://www.zdnet.com/article/netanyahus-party-exposes-data-on-over-6-4-million-israelis/

    Reply
  31. Tomi Engdahl says:

    Beauty and the Breach: Estée Lauder Exposes 440 Million Records in Unprotected Database
    https://www.securityweek.com/beauty-and-breach-est%C3%A9e-lauder-exposes-440-million-records-unprotected-database

    Cosmetic company Estée Lauder exposed 440 million records to the Internet in a database that was left accessible without proper protection, a security researcher says.

    Headquartered in New York, Estée Lauder sells products in more than 135 countries and territories. The Estée Lauder Companies owns multiple internationally renowned brands.

    The exposed database was discovered on January 30 by Security Discovery security researcher Jeremiah Fowler, who attempted to contact Estée Lauder immediately after identifying user email addresses in the database.

    In total, 440,336,852 records were inadvertently exposed to the Internet, including audit logs containing a large number of email addresses in each document.

    The exposed data, Fowler says, included user email addresses in plain text. Internal email addresses from the @estee.com domain were also present in the database.

    Additionally, there were production, audit, error, CMS, and middleware logs left widely accessible to anyone with an Internet connection. References to reports and other internal documents were also found in the database.

    Reply
  32. Tomi Engdahl says:

    Estee Lauder Data Leak, 440 Million Records Exposed
    http://on.forbes.com/61871itDT

    On January 30, security researcher Jeremiah Fowler discovered a database online that contained what he says was “a massive amount of records.” That internet-facing database had no password protection in place, contained a total of 440,336,852 records, and was connected to the New York-based cosmetics giant, Estee Lauder.

    Last year I reported how 198 million car buyer records had been exposed online in a massive data leak. The man behind that story was Jeremiah Fowler, a senior security researcher at Security Discovery. So, when Fowler contacted me earlier today with news of a leak more than twice as big, you can bet I sat up straight and paid attention.

    Estee Lauder quick to close down access to the database

    It proved far more difficult than it should do to report such a thing, but this isn’t unusual when dealing with large companies in the experience of Fowler. “When I call a company or organization, the first thing I ask is ‘who can I speak with to report a data incident,’ but you would be shocked at how many companies do not have a protocol when it comes to exposed data.” I am not shocked.

    “They were responsive and restricted public access the same day I notified them,” Fowler says, adding, “they closed it so fast that I was unable to get a real in-depth look inside many of the folders.” However, the entire database was accessible to anyone with an internet connection, so anyone could have potentially had access or stolen the data while it was unprotected, Fowler says. “Only a full cyber forensic investigation will determine who else gained access.”

    Such exposed databases appear to be increasingly common. I have reported on how 250 million Microsoft custromer records were exposed, data on 419 million Facebook users was found on unsecured databases and, most shocking of all, the entire 16.6 million population of Ecuador was leaked online in a similar fashion.

    Reply
  33. Tomi Engdahl says:

    Jailcore database leaks PII of inmates & correctional officers across US
    https://www.hackread.com/jailcore-database-leaks-us-inmates-pii-correctional-officers/

    A new data breach has taken place involving the information of inmates this time as opposed to conventional cases. The data exposure was discovered though an Amazon s3 bucket that belongs to a company named JailCore which is a “correctional facility management and compliance cloud-based application” as they advertise themselves.

    Yet, the latter part of their service offering focused on creating a cloud-based application has resulted in this crisis in the first place. You see, to offer such a service, they needed to create a database online.

    Initially, the database was discovered this year on January 3 and reported to the firm 2 days later on January 5. However, due to a lack of action on behalf of the company, the researchers had to notify the USA’s Pentagon on January 15 which eventually led to the bucket being taken down.

    According to vpnMentor’s blog post, containing 36,077 files to be precise, it hosted personally identifiable information (PII) of inmates that were present in specific detention centers along with the correctional officers.

    Report: Inmates’ Prescriptions & PII Leaked in Breach Spanning Multiple Jailhouses
    https://www.vpnmentor.com/blog/report-jailcore-leak/

    Reply
  34. Tomi Engdahl says:

    Over 15.1 Billion Records Exposed in Data Breaches in 2019
    https://www.securityweek.com/over-151-billion-records-exposed-data-breaches-2019

    More than 15.1 billion records were exposed in 2019 as part of the data breaches that were publicly reported, Risk Based Security reveals.

    The number of exposed records registered a massive 284% spike compared to the previous year (which had 5.3 billion records exposed), and also marked a 91% increase compared to 2017 (7.95 billion records).

    A total of 7.2 billion records were compromised between October 1 and December 31, 2019, with four events accounting for 93.5% of these records. All four involved open, misconfigured databases that were made publicly accessible.

    The number of reported data breaches was of 7,098 last year, representing only a 1% increase compared to the 7,035 breaches reported in 2018.

    Reply
  35. Tomi Engdahl says:

    PhotoSquared app exposed customer photos and shipping labels
    https://techcrunch.com/2020/02/14/photosquared-shipping-labels-exposed/

    At least 10,000 shipping labels were stored in a public Amazon Web Services (AWS) storage bucket. There was no password on the bucket, allowing anyone who knew the easy-to-guess web address access to the customer data. All too often, these AWS storage buckets are misconfigured and set to “public” and not “private.”

    The exposed data included high-resolution user-uploaded photos and generated shipping labels, dating back to 2016, and was updating by the day. The app has more than 100,000 users, according to its Google Play listing.

    It’s not known how long the storage bucket was left open.

    Reply
  36. Tomi Engdahl says:

    App used by Netanyahu’s Likud leaks Israel’s entire voter registry
    https://www.haaretz.com/israel-news/elections/.premium-app-used-by-netanyahu-s-likud-leaks-israel-s-entire-voter-registry-1.8509696

    Names, identification numbers and addresses of over 6 million voters were leaked through the unsecured Elector app

    The Likud has uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens. The information includes the full names, identity card numbers, addresses and gender of every single eligible voter in Israel, as well as the phone numbers and other personal details of some of them. 

    Reply
  37. Tomi Engdahl says:

    Facebook was repeatedly warned of security flaw that led to biggest data breach in its history
    https://www.telegraph.co.uk/technology/2020/02/09/facebook-repeatedly-warned-security-flaw-led-biggest-data-breach/

    Exclusive: Employees described feeling remorse and ‘guilt’ that they ‘could have prevented’ the cyber attack that affected 29 million people

    Facebook knew about a huge security flaw that let hackers to steal personal data from millions of its users almost one year before the crime, yet failed to fix it in time, the Telegraph can reveal.

    Legal documents show that the company was repeatedly warned by its own employees as well as outsiders about a dangerous loophole that eventually led to the massive data breach in September 2018.

    Reply
  38. Tomi Engdahl says:

    Ever stayed here for DEFCON?

    Yeah about that…. you just got pwned…

    Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum
    https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/

    MGM Resorts said security incident took place last summer and notified impacted guests last year.

    The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.

    Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world’s largest tech companies.

    MGM RESORTS SAYS THEY NOTIFIED CUSTOMERS LAST YEAR

    Within hours, the MGM Resorts team was able to verify the data and track it to a past security incident.

    An MGM spokesperson told ZDNet the data that was shared online this week stems from a security incident that took place last year.

    “Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts,”

    A POTENTIAL DANGER OF SIM SWAPPING AND SPEAR-PHISHING
    However, while MGM’s security incident went under the radar last year, the publication of this data dump on a very popular hacking forum this week has brought it to many hackers’ attention.

    Reply
  39. Tomi Engdahl says:

    US defense agency says personal data ‘compromised’ in 2019 data breach
    https://tcrn.ch/32mPqsV

    A U.S. defense agency charged with providing information technology and communications support to the U.S. government, including the president and other senior officials, says its network may have been “compromised.”

    The Defense Information Systems Agency sent letters to possible victims earlier this month to warn of a “data breach” involving a system run by the agency.

    It’s believed Social Security numbers and other sensitive information may have been taken in the data breach between May and July 2019, the letter said. But it’s not known if the data was stored on a classified system.

    DISA, a division of the Dept. of Defense., has about 8,000 military staff and contractors.

    Reply
  40. Tomi Engdahl says:

    Celeb Shout-Out App Cameo Exposes Private Videos and User Data
    https://www.vice.com/en_us/article/akwj5z/cameo-app-exposed-private-videos-user-data-passwords

    Motherboard wrote basic code to compile lists of videos that users had explicitly marked as private on the app.

    Cameo, the increasingly popular app for paying celebrities to record short personal videos, exposed a wealth of user data including email addresses, hashed and salted passwords and phone numbers, and messages via a misconfiguration in its app. The site also has an issue where videos that are supposed to be private are actually available for anyone to find and download.

    Reply
  41. Tomi Engdahl says:

    U.S. agency that handles Trump’s secure communication suffered data breach
    https://www.reuters.com/article/us-usa-defense-breach/u-s-agency-that-handles-trumps-secure-communication-suffered-data-breach-idUSKBN20E27A

    The letters, dated Feb. 11, 2020, say that between May and July 2019, personal data may have been compromised “in a data breach” of a system hosted by the Defense Information Systems Agency.

    The agency provides direct telecommunications and IT support for the president, Vice President Mike Pence, their staff, the U.S. Secret Service, the chairman of the Joint Chiefs of Staff and other senior members of the armed forces, according to its website.

    Reply
  42. Tomi Engdahl says:

    https://techcrunch.com/2020/01/30/spicejet-breach-millions-passengers/

    SpiceJet, one of India’s largest privately owned airlines, suffered a data breach involving the details of more than a million of its passengers, a security researcher told TechCrunch.

    Reply
  43. Tomi Engdahl says:

    US: 2019 Healthcare Data Breach Report
    https://www.hipaajournal.com/2019-healthcare-data-breach-report/
    Figures from the Department of Health and Human Services Office for
    Civil Rights breach portal show a major increase in healthcare data
    breaches in 2019. Last year, 510 healthcare data breaches of 500 or
    more records were reported, which represents a 196% increase from
    2018.

    Reply
  44. Tomi Engdahl says:

    Third-Party Breaches and the Number of Records Exposed Increased
    Sharply in 2019
    https://www.darkreading.com/attacks-breaches/third-party-breaches—and-the-number-of-records-exposed—increased-sharply-in-2019/d/d-id/1337037
    Third-party risks are quickly mounting for enterprise organizations if
    the number of data breaches and total number of records exposed as a
    result are any indication. In a recent analysis of data pertaining to
    security breaches in 2019, Risk Based Security uncovered a sharp
    increase in incidents involving companies handling sensitive data for
    business partners and other clients. The total number of such
    third-party breaches hit 368 in 2019, up from 328 in 2018 and 273 in
    2017 a 35% increase in two years.

    Reply
  45. Tomi Engdahl says:

    Slickwraps Discloses Data Breach
    https://www.securityweek.com/slickwraps-discloses-data-breach

    Slickwraps, a company that provides protection solutions and accessories for phones, computers and other devices, has revealed that user data was compromised recently after a third party accessed an unprotected database left accessible from the Internet.

    The Kansas-based company says user names, email addresses, and physical addresses were included in the databases, although no passwords or financial details were stored there.

    According to Slickwraps, the incident impacted “some of our non-production databases,” all of which were immediately secured after learning of the exposure. However, the company recommends that users reset their passwords and be wary of phishing emails.

    Reply
  46. Tomi Engdahl says:

    Samsung Says it Leaked Data on Handful of UK Customers
    https://www.securityweek.com/samsung-says-it-leaked-data-handful-uk-customers

    Samsung said Tuesday that a “technical error” caused its website to display other customers’ personal information.

    The technology company said the error affected only its U.K. website at http://samsung.com/UK and affected fewer than 150 customers.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*