Data loss

Has Houseparty really been hacked? $1 million reward offered to unearth who is behind widespread claims

In recent days warnings have spread rapidly across social networking sites that the Houseparty app – which makes it easy for anyone to drop in for a video chat with friends locked down during the Coronavirus pandemic – is unsafe.

But is there any evidence?

Cybersecurity insurance firm Chubb investigates its own ransomware attack

A notorious ransomware gang claims to have successfully compromised the infrastructure… of a company selling cyberinsurance.

Read more in my article on the Hot for Security blog.

Third-party data breach exposes GE employees’ personal information

Past and present employees of General Electric (GE) are learning that their sensitive information has been exposed by a data breach at a third-party service provider.

Read more in my article on the Tripwire State of Security blog.

Security firm leaves more than five billion records exposed on unsecured database

A massive database, containing more than five billion records derived from past security breaches between 2012 and 2019, has been left unprotected, without any password protection on the internet.

And who left it exposed? A security firm.

More business websites hit by credit-card skimming malware

In the last few days it has come to light that blender manufacturer NutriBullet and guitar tuition website Truefire fell foul of hackers who planted Magecart-style malicious code on their sites which went undetected for months, stealing the credit card details and personal information from users.

Read more in my article on the Bitdefender Business Insights blog.

Smashing Security #169: Burglaries, breaches, and bidets

How one guy’s exercise routine made him a burglary suspect, how multi-factor authentication can cause headaches as well as stop hacks, and how Virgin Media got itself in a pickle over its sloppy data security.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Secret-sharing app Whisper failed to keep users’ fetishes and locations private

Security researchers raised the alarm after discovering that hundreds of millions of Whisper users’ intimate messages, tied to their locations, had been left publicly available since the app’s launch in 2012.

Read more in my article on the Hot for Security blog.

Comcast Xfinity published the contact details of 200,000 customers who paid for them to be kept private

Nearly 200,000 customers in the United States, who thought they were paying Comcast Xfinity to keep their information safely out of the public eye, have had their details exposed on the company’s online directory… putting their safety and privacy at risk.

Virgin Media left 900,000 consumers’ details exposed in unsecured database

One of the UK’s largest internet providers has admitted that it left a database containing the unencrypted details of more than 900,000 UK residents – including existing and potential customers – freely accessible to anybody on the internet, with no password required.

Exposed data included records which could have linked users to pornographic websites.

Boots suspends loyalty card payments after hackers try to compromise accounts

Hot on the heels of Tesco warning that hackers had attempted to access the accounts of Clubcard users, another UK high street retailer has warned that it has similarly been attacked.

Cathay Pacific slammed for security failures following hack which exposed 9.4 million people worldwide

The UK’s Information Commissioner’s Office (ICO) has fined Cathay Pacific for “a number of basic security inadequacies” which resulted in hackers stealing the data of 9.4 million people worldwide – including 111,578 from the UK.

Read more in my article on the Hot for Security blog.

HackerOne rewards bughunter who found critical security hole in… HackerOne

Vulnerability-reporting platform HackerOne has come clean about a critical security flaw on its own website that could have been used to expose the email addresses of users.

MGM Resorts hacked: 10.6 million guests have their personal data exposed on hacking forum

Over 10 million people who have stayed at MGM Resorts hotels – including Twitter boss Jack Dorsey and pop idol Justin Bieber – have had their personal details posted online by hackers.

Read more in my article on the Tripwire State of Security blog.

China denies it was behind the Equifax hack, as four men charged for data breach

China has denied that it was behind the hack of Equifax in 2017, which saw the personal data of hundreds of millions of individuals stolen – including the names, birth dates and social security numbers for nearly half of all American citizens.

Read more in my article on the Hot for Security blog.

Prison inmates’ sensitive data left exposed on leaky cloud bucket

A completely-avoidable data leak has exposed prescription records, mugshots, and other sensitive information related to an unknown number of prison inmates.

How your screen’s brightness could be leaking data from your air-gapped computer

It may not be the most efficient way to steal data from an organisation, let alone the most practical, but researchers at Ben-Gurion University in Israel have once again detailed an imaginative way to exfiltrate information from an air-gapped computer.

Read more in my article on the Tripwire State of Security blog.