data breach

Plastic surgery patients at risk after ransomware attack

Past and current customers of a cosmetic surgery clinic are contacted by hackers making ransom demands, after they broke into its network and stole personal information.

Microsoft data breach exposes 250 million customer service and support records

Red faces at Microsoft after a security researcher discovered an internal customer support database had been left exposed for anyone on the internet to access – no password required.

WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI

Law enforcement agencies have seized control of the domain of WeLeakInfo, a website offering cheap access to billions of personal credentials stolen from approximately 10,000 data breaches.

PlanetDrugsDirect reveals security breach, warns customers their data may have been exposed

Canadian online pharmacy has contacted customers warning them that their data might have been exposed in what they euphemistically describe as a “data security incident”.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #161: Love, lucky dips, and 23andMe

The man who hacked the UK National Lottery didn’t end up a winner, Japanese Love hotel booking tool suffers a data breach, and just what is 23andMe planning to do with your DNA?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.

Peekaboo Moments app left baby videos, photos, and 800,000 users’ email addresses exposed on the internet

The developer of a smartphone app has carelessly left a database accessible to anybody with an internet connection, leaving exposed a database of millions of records containing baby videos and photos, as well as the email addresses of users.

Read more in my article on the Hot for Security blog.

PussyCash adult webcam data breach exposes highly sensitive data of models

You may have been expecting to reveal a lot by signing up as an adult webcam model, but I doubt this is quite what you had in mind.

Just one month later, the Currys PC World/Dixons Travel hack would have cost them a heck of a lot more

DSG Retail, the parent company of Currys PC World and Dixons Travel, has been fined £500,000 for a hack which lasted from July 2017 to April 2018.

But if the breach had lasted for just one month longer, they could have expected a much MUCH larger penalty.

Waco water bill attack just the latest in a wave of Click2Gov breaches

The City of Waco has warned residents that their online payments for water services may have been intercepted by hackers who stole credit card details.

Read more in my article on the Tripwire State of Security blog.

Hackers steal credit card details from Sweaty Betty customers

Women’s activewear retailer Sweaty Betty has emailed some of its customers warning that their payment card details may have been compromised by malicious code running on its website.

Read more in my article on the Hot for Security blog.

Amazon battles leaky S3 buckets with a new security tool

A new AWS feature is supposed to help avoid accidental misconfigurations that could result in sensitive data being exposed, a company’s brand being damaged, and even – potentially – put its customers at risk.

Read more in my article on the Bitdefender Business Insights blog.

Palo Alto Networks employee data breach highlights risks posed by third party vendors

The personal details of some past and present Palo Alto Networks employees – their names, dates of birth and social security numbers – have been exposed online. But is it really the company’s fault?

Read more in my article on the Bitdefender Business Insights blog.

Smashing Security #156: Better safe than Sony

In this 20 minute clip from a special bonus episode produced for our Patreon supporters, Graham Cluley and Carole Theriault discuss the 2014 hack of Sony Pictures – reportedly carried out by North Korea for the very oddest of reasons…

Facebook and Twitter warn some users’ private data was accessed via third-party app SDK

Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts.

Read more in my article on the Tripwire State of Security blog.

Hackers attack OnePlus again – this time stealing customer details

Hackers have once again successfully compromised the website of Chinese phone manufacturer OnePlus, opening up opportunities for online criminals to target the company’s customers.

Read more in my article on the Hot for Security blog.

Bad boy of Brexit Arron Banks hacked, private Twitter messages leaked

British businessman Arron Banks, one of the self-styled “Bad Boys of Brexit” and a leading figure of the Leave.EU campaign, has had his Twitter account hacked.