Zack Whittaker reports: Rela (热拉), a popular dating app for gay and queer women, has exposed millions of user profiles and private data because a server wasn’t protected with a password. Rela disappeared from app stores in May 2017 after it was reportedly shut down by Chinese regulators, though the government never confirmed it took…
Category: Business Sector
Voya Financial Advisors exposes more sensitive adviser information on its website
Less than six months after Voya made headlines by agreeing to pay $1 million to settle SEC charges stemming from a 2016 breach, they have been back in the news after two incidents — one embarrassing and one concerning. Bruce Kelly reports: Weeks after a computer glitch risked exposing the Social Security numbers of its…
Hosting Provider Finally Takes Down Spyware Leak of Thousands of Photos and Phone Calls
Lorenzo Franceschi-Bicchierai has an update on a recent story: A company that sells cellphone spyware to consumers left 95,000 images and more than 25,000 audio recordings on a server accessible to anyone on the internet for weeks. The sensitive data was so easy to access, that Motherboard couldn’t even name the spyware company in its…
Supreme Court rejects Amazon’s Zappos on data breach lawsuit
Melissa Locker reports: In 2012, 24 million Zappos customers found out that hackers had accessed their personal information. Since then, customers have fought to sue Zappos, Amazon’s online shoe retailer, over the data breach. Now, the U.S. Supreme Court has rejected an appeal, meaning they can move forward with a class-action lawsuit against the company for…
Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers
Kim Zetter reports: Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world’s largest computer makers, was used to unwittingly install a malicious backdoor on thousands of its customers’ computers last year after attackers compromised a server for the company’s live software update tool. The malicious file was signed with legitimate ASUS…
AU: Security researcher pleads guilty in GoGet case
There’s an update to a case previously noted on this site in January, 2018. Rohan Pearce reports: Illawarra-based security researcher Nikola Cubrilovic has pleaded guilty to charges related to unauthorised access to the GoGet service and will be sentenced in May. Cubrilovic was arrested in January 2018 and charged with allegedly accessing a database the car-sharing…