Archive for the ‘data breach’ Category

100,000 Razer users’ data leaked due to misconfigured Elasticsearch

September 14th, 2020
This redacted sample record from the leaked Elasticsearch data shows someone's June 24 purchase of a $2,600 gaming laptop.

Enlarge / This redacted sample record from the leaked Elasticsearch data shows someone's June 24 purchase of a $2,600 gaming laptop. (credit: Volodymyr Dianchenko)

In August, security researcher Volodymyr Diachenko discovered a misconfigured Elasticsearch cluster, owned by gaming hardware vendor Razer, exposing customers' PII (Personal Identifiable Information).

The cluster contained records of customer orders and included information such as item purchased, customer email, customer (physical) address, phone number, and so forth—basically, everything you'd expect to see from a credit card transaction, although not the credit card numbers themselves. The Elasticseach cluster was not only exposed to the public, it was indexed by public search engines.

Diachenko reported the misconfigured cluster—which contained roughly 100,000 users' data—to Razer immediately, but the report bounced from support rep to support rep for over three weeks before being fixed.

Read 12 remaining paragraphs | Comments

Posted in Biz & IT, data breach, Data leak, identity theft, infosec, Razer | Comments (0)

SBA says data breach may have affected almost 8,000 loan applicants

April 22nd, 2020
Three people stand by a podium in front of the White House logo.

Enlarge / Small Business Administrator Jovita Carranza is flanked by Donald Trump and Secretary of Treasury Steve Mnuchin on April 2, 2020. (credit: Win McNamee/Getty Images)

Almost 8,000 business owners who applied for a loan from the Small Business Administration may have had their personal information exposed to other applicants, the SBA admitted on Tuesday.

The breach relates to a long-standing SBA program called Economic Injury Disaster Loans (EIDL). It has traditionally been used to aid owners whose businesses are disrupted by hurricanes, tornadoes, or other disasters. It was recently expanded by Congress in the $2.2 trillion CARES Act. In addition to loans, the law authorized grants of up to $10,000 that don't need to be paid back.

The EIDL program is separate from the larger Paycheck Protection Program that was also part of the CARES Act. The SBA says that PPP applicants were not affected by the breach.

Read 7 remaining paragraphs | Comments

Posted in data breach, EIDL, Policy, PPP, SBA, security | Comments (0)

Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests

March 31st, 2020
International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years. "At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property," Marriott said in a

Posted in Cyber Attack, cyber security, data breach, Database Security, hotel reservations, Marriott International, Privacy | Comments (0)

How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats

March 18th, 2020
The Coronavirus is hitting hard on the world's economy, creating a high volume of uncertainty within organizations. Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light of these insights, Cynet has also shared a few ways to best prepare for the

Posted in coronavirus, COVID-19, cyber security, data breach, data theft, healthcare, Malware attack, phishing attack | Comments (0)

TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach

March 17th, 2020
Online guitar tutoring website TrueFire has apparently suffered a 'Magecart' style data breach incident that may have potentially led to the exposure of its customers' personal information and payment card information. TrueFire is one of the popular guitar tutoring websites with over 1 million users, where wanna-be-guitarists pay online to access a massive library of over 900 courses and

Posted in credit card breach, credit card hacking, cyber security, data breach, hacking news, magecart | Comments (0)

Virgin Media Data Leak Exposes Details of 900,000 Customers

March 6th, 2020
On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach, the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What happened? Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was

Posted in data breach, data leaked, Database Security, hacking news, Telecom company, Telecom hacking, Virgin Media, Virgin Mobile | Comments (0)

Hackers Compromise T-Mobile Employee’ Email Accounts and Steal User’ Data

March 5th, 2020
If you are a T-Mobile customer, this news may concern you. US-based telecom giant T-Mobile has suffered yet another data breach incident that recently exposed personal and accounts information of both its employees and customers to unknown hackers. What happened? In a breach notification posted on its website, T-Mobile today said its cybersecurity team recently discovered a sophisticated

Posted in cybersecurity, data breach, data leaked, data security, hacking news, t-mobile, T-Mobile hack, Telecom company, Telecom hacking | Comments (0)

A Massive U.S. Property and Demographic Database Exposes 200 Million Records

March 5th, 2020
More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. The exposed data — a mix of personal and demographic details — included the name, address, email address, age, gender, ethnicity, employment, credit rating, investment preferences,

Posted in cyber security, data breach, data leaked, database breached, Database Security | Comments (0)

Secretive face-matching startup has customer list stolen

February 26th, 2020
A video surveillance camera hangs from the side of a building on May 14, 2019, in San Francisco, California.

Enlarge / A video surveillance camera hangs from the side of a building on May 14, 2019, in San Francisco, California. (credit: Justin Sullivan | Getty Images)

Clearview, a secretive facial-recognition startup that claims to scrape the Internet for images to use, has itself now had data unexpectedly scraped, in a manner of speaking. Someone apparently popped into the company's system and stole its entire client list, which Clearview to date has refused to share.

Clearview notified its customers about the leak today, according to The Daily Beast, which obtained a copy of the notification. The memo says an intruder accessed the list of customers, as well as the number of user accounts those customers set up and the number of searches those accounts have conducted.

"Unfortunately, data breaches are part of life in the 21st century," Tor Ekeland, an attorney for Clearview, told The Daily Beast. "Our servers were never accessed. We patched the flaw and continue to work to strengthen our security."

Read 7 remaining paragraphs | Comments

Posted in clearview, clearview.ai, data breach, facial recognition, Policy | Comments (0)

App Used by Israel’s Ruling Party Leaked Personal Data of All 6.5 Million Voters

February 11th, 2020
An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a legislative election. In Israel, all political parties receive personal details of voters before the election, which

Posted in cybersecurity, data breach, database leaked, Database Security, election app, election hacking, election software, Israel, website security | Comments (0)