Lawrence Abrams reports: An unsecured database has exposed the personal information of 8 million people from the U.S. who participated in online surveys, sweepstakes, and requests for free product samples. […] Sanyam Jain, an independent security researcher and member of the GDI Foundation, discovered an unsecured Elasticsearch database that exposed the personal information of 8 million people who…
Category: Business Sector
Ca: $60 million class-action lawsuit denied by judge
CTV reports: A proposed class-action lawsuit seeking $60 million in damages against Casino Rama following a cyber-attack has been denied. Lawyers for the plaintiffs argued as many as 200,000 people might have had their personal information stolen in the hack, including employees and patrons. In November 2016, the casino announced it had been the victim…
Burger King’s Online Store for Kids Exposes Customers’ Info
Oops, I had missed this one last week. Sergiu Gatlan reported: An unprotected Elasticsearch cluster found via a Shodan search exposed 37,900 records of Kool King Shop customers, a French online shop specifically tailored to be used by kids who bought Burger King menus. As Security Discovery researcher Bob Diachenko discovered after further investigation, the…
Update: West Hartford officials warn parents of test registration platform data breach
Doug Levin kindly alerted me that the Hartford Courant has a story on the Total Registration data security incident. … The school officials said that Total Registration, used by the district to register students for certain exams, informed them that certain information provided by students including name, grade level, gender, date of birth, address, email…
Hackers access data from more than 460,000 accounts at Uniqlo’s online store
Eustance Huang reports: Fast Retailing, the Japanese company behind the Uniqlo retail chain, announced Monday that the data of more than 460,000 customers on its online shopping sites were accessed by hackers from April 23 to May 10. In a statement released on its website, Fast Retailing said: “It was confirmed on May 10, 2019…
Over 25,00 smart Linksys routers are leaking sensitive data
Charlie Osborne reports: Over 25,000 Linksys Smart Wi-Fi routers are believed to be vulnerable to remote exploit by attackers, leading to the leak of sensitive information. According to Bad Packets’ security researcher Troy Mursch, the security problem was discovered after the firm’s honeypots flagged the persistent flaw, which “allows unauthenticated remote access to sensitive information.”…