Alex Hern reports: Mumsnet has reported itself to the information commissioner after a data breach resulted in users accidentally logging into the accounts of strangers. A botched upgrade to the software the forum runs on meant that for three days, if two users tried to log in at the same time, there was the possibility…
Category: Business Sector
Is your airline’s e-ticketing system putting your data at risk?
Liarna LaPorta of Wandera reports: Wandera’s threat research team has discovered a vulnerability affecting a number of airline e-ticketing systems that can expose passengers’ personally identifiable information (PII). This vulnerability can expose passenger data by using links that are easily intercepted by hackers. The intercepted and unencrypted links enable unauthorized third parties to view, and…
NZ: Landlord’s ‘blacklist’ of tenant’s criminal convictions hacked and leaked online
Samesh Mohanlall reports: A woman was shocked to discover her decades-old criminal record had been published online, part of a blacklist of compromising information compiled by a property investor group and sold to landlords about prospective tenants. Jessica Cross was one of hundreds of Timaru residents to have their sensitive information posted online, including a…
Pharmaca notifies customers of payment card breach affecting brick-and-mortar stores
Those of us who read breach notifications to state attorneys general (yes, we have no life), likely all spotted a notification in mid-January involving Pharmaca. The notification stated that in December, 2018, Pharmaca started receiving reports of payment card fraud. Their investigation, with help from security experts, revealed that malware may have captured customer payment…
Indecent disclosure: Gay dating app left “private” images, data exposed to Web
Sean Gallagher reports on yet another exposed Amazon bucket: Jack’d, a “gay dating and chat” application with more than 1 million downloads from the Google Play store, has been leaving images posted by users and marked as “private” in chat sessions open to browsing on the Internet, potentially exposing the privacy of thousands of users….
Trakt tardily notifies users of data breach that took place over four years ago
Mark Wycislik-Wilson reports: Users of Trakt — a service for “scrobbling”, or tracking the movies and TV shows you watch in the likes of Plex and Kodi — have received emails from the company notifying them of a data breach that took place way back in 2014. Trakt says that although the security breach took…