Joseph Cox reports: Cameo, the increasingly popular app for paying celebrities to record short personal videos, exposed a wealth of user data including email addresses, hashed and salted passwords and phone numbers, and messages via a misconfiguration in its app. The site also has an issue where videos that are supposed to be private are…
Category: Exposure
Household Names: How Tetrad Exposed Data on 120 Million Consumers
From UpGuard: The UpGuard Research team can now disclose that a collection of data sets detailing the purchasing habits and consumer behavior profiles of virtually every American household has been secured. The publicly exposed data comes from market analysis company Tetrad but includes data blended from many sources, including Experian Mosaic, Claritas/Nielsen’s PRIZM, and what…
A ‘stalkerware’ app leaked phone data from thousands of victims
Zack Whittaker reports: A spyware app designed to “monitor everything” on a victim’s phone has been secretly installed on thousands of phones. The app, KidsGuard, claims it can “access all the information” on a target device, including its real-time location, text messages, browser history, access to its photos, videos and app activities, and recordings of phone…
University of Washington Medicine patients file class action lawsuit over December 2018 leak
Amy Clancy has an update on a University of Washington Medicine breach that was disclosed in February 2019. The breach was a human error incident that resulted in more than 970,000 patients having their information exposed online for several weeks. Clancy reports that the breach has now led to a class-action lawsuit that could eventually…
Information about 69,000 Phoenix pay system victims sent in error
Catharine Tunney reports: More than 69,000 public servants caught up in the Phoenix pay system debacle are now victims of a privacy breach after their personal information was accidentally emailed to the wrong people, says Public Services and Procurement Canada. The problem-plagued electronic payroll system has improperly paid tens of thousands of public servants since its launch…
Plastic Surgery Patient Photos, Info Exposed by Leaky Database
I’ve reported on a number of hacks and leaks involving plastic surgery centers where nude photos of identifiable patients wind up exposed or in bad actors’ hands. Sergiu Gatlan reports on yet another leak. This one exposed hundreds of thousands of documents in a misconfigured Amazon AWS S3 bucket owned by NextMotion, a French plastic…