James Walker reports: HURR Collective, a UK-based fashion rental company, has notified around 400 users of a data security incident that resulted in their email addresses being exposed, The Daily Swig has learned. A misconfigured plugin on the HURR website meant that users’ email addresses could be obtained simply by clicking ‘View Source’ on certain web pages….
Category: Exposure
Over 267 million Facebook users had their names, phone numbers, and profiles exposed thanks to a public database, researcher says
Kevin Webb reports: Cybersecurity researchers said on Thursday that more than 267 million Facebook users had their personal data exposed in an online database that collected their names, Facebook IDs, and phone numbers. The database was available online without a password to anyone who accessed it for about two weeks, according to Comparitech, a tech website,…
UK: Information Commissioner’s Office takes enforcement action against pharmacy
From the ICO: The Information Commissioner’s Office (ICO) has fined a London-based pharmacy £275,000 for failing to ensure the security of special category data. Doorstep Dispensaree Ltd, which supplies medicines to customers and care homes, left approximately 500,000 documents in unlocked containers at the back of its premises in Edgware. The documents included names, addresses,…
SonyLIV Fixes leaky Elasticsearch in record time
Once again, a service owned and control by a division of official Sony Entertainment has slipped up. This time, their error exposed a elasticsearch server leaking log entries that feed into a third-party tool. Sony is no stranger when it comes to reports of poor infosecurity and hacking incidents, but it is not often we…
China Citizen Watch (Finally) Secures 150TB of Leaking Data
China Citizen Watch, the official Chinese division of the Japanese watch giant Citizen, and Bulova Watch Company (a Citizen brand in the U.S.) have both been affected because China Citizen Watch or its hosting company left an unsecured RSYNC server online with more than 150TB of files. Cursory skimming of the files, necessitated by Citizen…
CMS Blue Button API Coding Error Potentially Exposes Health Data
Jessica Davis reports: December 18, 2019 – The Centers for Medicare and Medicaid Services has taken its Blue Button 2.0 API offline, as it investigates a coding error that potentially exposed the protected health information of about 10,000 beneficiaries. The BB2.0 platform is used by Medicare beneficiaries to authorize third-party applications to access their Medicare claims data. The system…