Tim Collins reports: Hackers who attacked the now defunct website of second hand goods store Cash Converters may have access to the account details of thousands of customers. Usernames, passwords, delivery addresses and potentially partial credit card numbers are among the data believed to have been stolen. The culprits are said to be holding the…
Category: Business Sector
Huddle’s ‘highly secure’ work tool exposed KPMG and BBC files
Chris Foxx reports: The BBC has discovered a security flaw in the office collaboration tool Huddle that led to private documents being exposed to unauthorised parties. A BBC journalist was inadvertently signed in to a KPMG account, with full access to private financial documents. Huddle is an online tool that lets work colleagues share content…
Retailer Forever 21 discloses payment card breach
So far, all I’ve seen is their press release, so it will have to do until we get more details from other sources, but I do wonder what kind of “third party” alerted them to this – was it a third party vendor who had some responsibility for data security or a customer who experienced…
Fasten data leak: Nearly 1 million users’ sensitive data mistakenly exposed by US ride-hailing firm
India Ashok reports: Over one million users’ personal and financial data was inadvertently publicly exposed by US-based ride hailing firm Fasten. The leaked data includes names, emails, phone numbers, credit card data, links to photos, device IMEI numbers, GPS data and users’ taxi routes. The firm also exposed sensitive information of its own drivers, including…
Equifax spends $87.5 million on data breach, more expenses on deck
Larry Dignan reports: Equifax spent $87.5 million in the third quarter on its recent data breach. The disclosure, which came amid an earnings report that showed revenue growth of 4 percent to $834.8 million and net income of $96.3 million. In other words, the data breach affecting 145 million Equifax customers dented the cash cow,…
Eavesdropper: The Mobile Vulnerability Exposing Millions of Conversations
Michael Bentley writes: Appthority has discovered a significant data exposure vulnerability we’ve named Eavesdropper that affects almost 700 apps in enterprise environments. The vulnerability is caused by including hard coded credentials in mobile applications that are using the Twilio Rest API or SDK. By hard coding their credentials, the developers have effectively given global access…