Zack Whittaker reports: AIESEC, a non-profit that bills itself as the “world’s largest youth-run organization,” exposed more than four million intern applications with personal and sensitive information on a server without a password. Bob Diachenko, an independent security researcher, found an unprotected Elasticsearch database containing the applications on January 11, a little under a month…
Month: January 2019
Why doesn’t Twitter have a way to notify them of leaks or concerns outside of a bug bounty program?
L33tdawg writes: Twitter has owned up to a privacy goof that exposed some Android users’ private tweets. That would be bad enough if the problem existed for an hour, or a day, or a month. But unfortunately for Twitter (and affected users) the problem was present from November 3 2014 until January 14 2019. That’s…
Privacy breach hits 45,000 recipients of Ontario’s disability support program
Kristin Rushowy reports: Ontario’s social services minister has apologized after the Mississauga disability support program office mistakenly emailed the private information of 45,000 people to 100 recipients. “On December 20th, due to a clerical error, the Mississauga ODSP office unintentionally shared some individuals’ information over email,” said Lisa MacLeod in a statement. [..] The December…
New Rumba STOP Ransomware Being Installed by Software Cracks
Lawrence Abrams reports: The STOP ransomware has seen very heavy distribution over the last month using adware installers disguised as cracks. This campaign continues with a new variant released over the past few days that appends the .rumba extension to the names of encrypted files. Using adware bundles and software cracks as a new distribution method, STOP…
North Carolina AG re-introduces legislation to protect against identity theft
Back in January, 2018, North Carolina Attorney General Josh Stein and state Rep. Jason Saine (R) introduced legislation called “Act to Strengthen Identity Theft Protections.” In January, 2019, they’ve reintroduced it. A press release from the Attorney General explains: Attorney General Josh Stein and Rep. Jason Saine today unveiled legislation to strengthen North Carolina’s laws to prevent…
Graeter’s: Website breach could compromise 12,000 customers’ credit card data
WLWT reports: Cincinnati-based Graeter’s ice cream has issued notices to thousands of customers: Your credit card information may be compromised. The ice cream chain sent out 12,000 notices to customers who made purchases on Graeter’s website last year, saying that an “unauthorized code” was added to the website’s checkout page. As a result, thousands of…