Three Lock Box is a construction escrow agency in Las Vegas. And while the name “lock box” might suggest security, unfortunately, they had a misconfigured MongoDB installation that exposed several million dollars in funds available in over 90 accounts. Chris Vickery uncovered the leaky database and contacted them immediately on December 24th because of concern that an attacker might be…
Category: Business Sector
79 escort sites hacked in past week: ElSurveillance
I’ll admit I sometimes ignore data dumps or hacks if they don’t fit my particular interests in reporting on breaches that impact health data or student data. But occasionally I remind myself that all breaches that expose personal information do need to be taken seriously. Yes, even those, as with the Ashley Madison hack, where some people may feel, “Well,…
In the spirit of Christmas giving, Steam gives your account details to others
It was around 3:30 this afternoon when I noticed people starting to complain about weirdness on Steam’s site. Attempts to connect to the site often resulted in a landing page in a different language (I didn’t even recognize the language I was seeing when I connected to the site), and if you logged into your…
Third man associated with #Anonymous in Australia Pleads Guilty to Reduced Charges
CORRECTED: Adam Bennett, aka “Lorax,” was arrested in May, 2014, during the same time period that other members of Anonymous is Australia were arrested. DataBreaches.net has reported on the other two men: Mathew Hutchison (aka Rax) and a third person (aka Juzzy, Absantos, etc.). Information on Bennett’s case was difficult to obtain as the prosecution kept changing…
Malware-Driven Card Breach at Hyatt Hotels
Brian Krebs reports: Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations. Hyatt’s notice to customers has very few details about the investigation, such as how long the breach lasted or how many consumers may have had their card data…
Livestream alerts customers it may have been hacked
Roberto Baldwin reports: Nothing says yuletide cheer like a cup of egg nog, a roaring fire and reseting the password on a video streaming service. Livestream is alerting customers that an “unauthorized person may have accessed our customer account database.” If you have an account with the service, now is a good time to head over there…