Tom Pullar-Strecker reports: Vodafone says customers were able to access other people’s account information through its MyVodafone app on Wednesday morning. Spokeswoman Meera Kaushik said the privacy breach followed a planned upgrade to the app at 7am, which resulted in an “unexpected caching issue”. Read more on Stuff.
Month: September 2019
Northshore School District hit by significant cyber attack
KOMO News reports: A cyberattack has crippled some of the systems in the Northshore School District, which covers Bothell, Woodinville and Kenmore. The district is calling this a “significant” attack that’s taken out some phones and all voice mail servers, but adds there’s no evidence that student or staff information has been compromised. A notice…
Heyyo dating app leaked users’ personal data, photos, location, more
Catalin Cimpanu reports: Online dating app Heyyo has made the same mistake that thousands of companies have made before it — namely, it left a server exposed on the internet without a password. This leaky server, an Elasticsearch instance, exposed the personal details, images, location data, phone numbers, and dating preferences for nearly 72,000 users,…
Anonymous researcher drops vBulletin 5.x zero-day impacting tens of thousands of sites
Catalin Cimpanu reports: An anonymous security researcher has published details about a zero-day in vBulletin, today’s most popular internet forum software. Because of this individual’s actions, security experts are now concerned that the publication of details about this unpatched vulnerability could trigger a wave of forum hacks across the internet, with hackers taking over forum…
UK: Unshredded NHS records were dumped in a town centre to weigh down scaffolding at art festival
We really need to have an “Oh, FFS!” category for breaches. Rob Pattinson reports: Medical records of hundreds of thousands of NHS patients were dumped in a town centre to weigh down scaffolding. They were meant to be shredded but instead used as ballast for an art festival structure. Read more on The Sun.
[CORRECTED] Peoples Injury Network Northwest notifies patients of ransomware incident
Like so many other ransomware incidents we’ve read about in the past year, investigators were not able to conclusively determine that patient data had not been accessed or exfiltrated. As a result, the Peoples Injury Network Northwest (PINN) of Washington recently notified 12,502 Washington residents that their data was potentially at risk from an April…