Archive for the ‘Data leak’ Category

100,000 Razer users’ data leaked due to misconfigured Elasticsearch

September 14th, 2020
This redacted sample record from the leaked Elasticsearch data shows someone's June 24 purchase of a $2,600 gaming laptop.

Enlarge / This redacted sample record from the leaked Elasticsearch data shows someone's June 24 purchase of a $2,600 gaming laptop. (credit: Volodymyr Dianchenko)

In August, security researcher Volodymyr Diachenko discovered a misconfigured Elasticsearch cluster, owned by gaming hardware vendor Razer, exposing customers' PII (Personal Identifiable Information).

The cluster contained records of customer orders and included information such as item purchased, customer email, customer (physical) address, phone number, and so forth—basically, everything you'd expect to see from a credit card transaction, although not the credit card numbers themselves. The Elasticseach cluster was not only exposed to the public, it was indexed by public search engines.

Diachenko reported the misconfigured cluster—which contained roughly 100,000 users' data—to Razer immediately, but the report bounced from support rep to support rep for over three weeks before being fixed.

Read 12 remaining paragraphs | Comments

Posted in Biz & IT, data breach, Data leak, identity theft, infosec, Razer | Comments (0)

More than 20GB of Intel source code and proprietary data dumped online

August 6th, 2020
An Intel promotional has been modified to include the words

Enlarge (credit: Tillie Kottman)

Intel is investigating the purported leak of more than 20 gigabytes of its proprietary data and source code that a security researcher said came from a data breach earlier this year.

The data—which at the time this post went live was publicly available on BitTorrent feeds—contains data Intel makes available to partners and customers under NDA, a company spokeswoman said. Speaking on background, she said Intel officials don’t believe the data came from a network breach. She also said the company is still trying to determine how current the material is and that, so far, there is no signs the data includes any customer or personal information.

“We are investigating this situation,” company officials said in a statement. “The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, Data leak, Intel, source code, Tech | Comments (0)

HIV dating app leaks sensitive user data, threatens infection when alerted

December 16th, 2015

Hzone threatened to infect the admin for a site that planned to write about its week-long spillage of a laundry list’s worth of PII.

Posted in Chris Vickery, CSO, Data leak, data leakage, data loss, DataBreaches.net, Dating Apps, Hzone, MongoDB, online dating, PII, responsible disclosure, Security threats, Tinder, Vulnerability | Comments (0)

vBulletin enforces password reset after website attack

November 4th, 2015

vBulletin and Foxit Software forums hack exposes hundreds of thousands of records amid zero-day vulnerability speculation.

Posted in Data leak, data loss, Featured, password, vbulletin, Zero-Day Vulnerability | Comments (0)