Rebecca Nicholson reports:
Yash Kadakia, founder of Security Brigade and Shadow Map, said his group had found a major data breach. The security expert, a self-proclaimed “Code Monkey”, was able to easily access data and passwords from members. After Brussels denied the claims, Mr. Kadakia doubled down and revealed more details of the alleged breach.
This is another one of those cases where a researcher goes public with allegations of a leak or breach while the entity allegedly breached firmly denies any breach. In response to a statement from the European Parliament that they investigated and
can confirm no official accounts or mailboxes of the European Parliament are involved. This information may be related to an old service account of a political group.
Kadakia told the Daily Express a breach had definitely occurred and provided what he considers proof of his claim.
Read more on Express.co.uk. As of the time I’m posting this, I don’t see where this story has really picked up any traction or further assessment in EU news outlets other than those just republishing the Express’s reporting. Nor is there any formal write-up on Shadow Brigade or Shadow Map. Most of the claims appear to be on Twitter in Kadakia’s account. One hour ago, Kadakia posted this update on his timeline:
Update: The issue has been fixed and the portals have been taken offline. I’d love to understand if appropriate GDPR disclosure and incident handling policies are being followed. https://t.co/7ucpy418Sk
— Yash Kadakia (@yashkadakia) May 16, 2020
Update: The issue has been fixed and the portals have been taken offline. I’d love to understand if appropriate GDPR disclosure and incident handling policies are being followed.
So it sounds like somebody did something to lock down the data. But it was it the European Parliament? As yet, we do not know.