Oops? Art Raymond reports: A vigilant UDOT Express Pass customer discovered a glaring security breach in the third-party website that manages pass accounts, but state officials don’t yet know if the personal information of approximately 21,000 current and former customers has been compromised. That information on customers who have purchased passes for accessing HOV lanes…
Month: November 2017
Google: Our hunt for hackers reveals phishing is far deadlier than data breaches
Liam Tung reports: Google has released the results of a year-long investigation into Gmail account hijacking, which finds that phishing is far riskier for users than data breaches, because of the additional information phishers collect. Hardly a week goes by without a new data breach being discovered, exposing victims to account hijacking if they used…
Eavesdropper: The Mobile Vulnerability Exposing Millions of Conversations
Michael Bentley writes: Appthority has discovered a significant data exposure vulnerability we’ve named Eavesdropper that affects almost 700 apps in enterprise environments. The vulnerability is caused by including hard coded credentials in mobile applications that are using the Twilio Rest API or SDK. By hard coding their credentials, the developers have effectively given global access…
Jaywing suffers data breach affecting CollectPlus, Vodafone and other clients
Jennifer Faull reports: Digital and CRM agency Jaywing has suffered a security breach after its intranet was exposed following a routine update, leaking private information from client CollectPlus as well as internal documents for Vodafone. The intranet – usually a depository for internal material like training manuals – underwent an upgrade on 17 September. However,…
University of East Anglia investigates another data leak
Warwick Ashford reports: The University of East Anglia is investigating a second personal data leak in six months after an employee’s personal data was sent to hundreds of postgraduate research students. The email was sent on 5 November to about 300 recipients in the social science faculty. When the error was discovered, the university sent…
Baylor College of Medicine notifies former applicants after data from 2016 breach found on publicly available web site
Baylor College of Medicine is sending notification letters to an unspecified number of former applicants. In the letter, Randy Langenderfer, Vice President, Chief Compliance and Audit Officer writes that they first became aware of a possible database breach in October, 2016. In November 2016, those affected were notified of the compromise. Now Langenderfer writes: In late…