Catalin Cimpanu reports: Online dating app Heyyo has made the same mistake that thousands of companies have made before it — namely, it left a server exposed on the internet without a password. This leaky server, an Elasticsearch instance, exposed the personal details, images, location data, phone numbers, and dating preferences for nearly 72,000 users,…
Category: Business Sector
Anonymous researcher drops vBulletin 5.x zero-day impacting tens of thousands of sites
Catalin Cimpanu reports: An anonymous security researcher has published details about a zero-day in vBulletin, today’s most popular internet forum software. Because of this individual’s actions, security experts are now concerned that the publication of details about this unpatched vulnerability could trigger a wave of forum hacks across the internet, with hackers taking over forum…
Tesco parking app hauled offline after exposing 10s of millions of Automatic Number Plate Recognition images
Gareth Corfield had the exclusive on this one: Tesco has shuttered its parking validation web app after The Register uncovered tens of millions of unsecured ANPR images sitting in a Microsoft Azure blob. The images consisted of photos of cars taken as they entered and left 19 Tesco car parks spread across Britain. Visible and…
Twitter suspends account claiming responsibility for WoW DDoS attack, Blizzard confirms suspect has been arrested
Dom Sacco has an update to reporting of September 8: UPDATE (September 20th): Blizzard has announced that a suspect has been arrested over this incident. It said in a forum post: “Immediately after the Distributed Denial of Service attacks against our game service began, the Blizzard Security Team worked around the clock with local and…
Football Leaks: Suspected hacker charged in Portugal
BBC reports: A man linked to the Football Leaks disclosures which prompted investigations into the Manchester City and Paris St-Germain clubs has been charged with 147 offences in Portugal. Rui Pinto, 30, is accused of crimes relating to unauthorised access to data and attempted extortion. Read more on BBC.
TalkTalk hacker also breached EtherDelta cryptocurrency exchange
Catalin Cimpanu has the scoop on this one: US authorities have indicted two suspects for hacking cryptocurrency exchange EtherDelta in December 2017, changing the site’s DNS settings, and redirecting traffic to a clone where they logged user credentials and then stole customer funds. One of the two suspects is Elliott Gunton, also known as “Glubz,”…