The HackersBlog crew, who had previously exposed vulnerabilities in a number of security vendor sites and a social networking site, now reports that they were able to exploit an SQL injection vulnerability to access The Telegraph‘s databases, including one that has 700,000 email addresses and passwords of those receiving the paper’s newsletter. Given how many…
Category: Breach Incidents
Bits ‘n Pieces
In the justice system: Ehud Tannenbaum, the hacker known as “The Analyzer,” may be extradicted to the U.S. from Canada. A hearing is tentatively set for May 7. More. Karl Gallagher, who worked for a British Airways’ call center in the UK, has been jailed for 2 1/2 years after admitting he stole customer credit…
HK: File sharing error exposes police data on the internet
The South China Morning Post has a report that Sheung Shui police data containing sensitive information have leaked onto the internet through file-sharing software Foxy. Subscription required to read the whole story, but by now, I suspect most of this site’s readers can pretty much guess what happened.
Lost in the mail? 3,700 NYC employees’ Social Security numbers
Kathleen Lucadamo of the Daily News reports that documents containing the Social Security numbers of 3,700 members of the Office of Staff Analysts union went missing after New York City’s Office of Payroll Administration mailed them to union headquarters. The package, sent “certified, return-receipt mail” – never arrived. There is no indication as to why…
Evicted OK child welfare worker leaves sensitive records behind
In what appears to be yet another breach involving paper records, Jay F. Marks of The Oklahoman reports that the Oklahoma Department of Human Services has opened an investigation into how a child welfare worker’s records ended up in possession of a local news station, KWTV-9. The records, which included names, Social Security numbers, contact…
A bug in Google Docs leads to unintended file sharing
Richard de Vries explains on Slashdot: I work for a small Dutch company that uses Google Apps. This means that we can share documents with users within our domain (www.deondernemers.nl), as well as @gmail.com accounts or other Apps-domains. About three weeks ago, we discovered that some fifteen documents and spreadsheets were unintentionally shared with a…