Brian Krebs reports: In mid-November 2018, KrebsOnSecurity heard from a Jared customer who found something curious after receiving a receipt via email for a pair of earrings he’d just purchased as a surprise gift for his girlfriend. Dallas-based Web designer Brandon Sheehy discovered that slightly modifying the link in the confirmation email he received and…
Category: Exposure
AU: Commonwealth Bank customers’ medical data exposed in potential privacy breach
Dan Oakes reports: The Commonwealth Bank is urgently investigating a potential data breach that may have given its staff access to customers’ sensitive medical information. The issue was discovered around late July as the bank made preparations for the $3.8 billion sale of its insurance arm, CommInsure, to the AIA group. Medical information supplied by…
Misconfigured Locksmith Services web servers exposed sensitive information
Darryl Burke reports: On Wed Nov 23rd, we discovered a misconfiguration on the web servers of the company “Locksmith Services” which is a US based national dispatch service for Locksmiths. The misconfiguration on the website dispatchlogin.net exposed the; audio recording of calls, emails, customer contact information, photos of drivers licenses and passports, photos of credit…
Allegiant Air customers say airline sent personal information to hundreds
Todd Ulrich reports: Some Allegiant Air customers claim the airline violated their privacy and shared their sensitive information. Customers who have used service and emotional support animals found out their personal email addresses were sent to hundreds of passengers. Action 9 consumer investigator Todd Ulrich reports a class action lawsuit is demanding the airline protect…
Sky Brasil exposes data of 32 million subscribers
Catalin Cimpanu reports: As security experts predicted since last year, ElasticSearch servers –a technology for powering search functions– are becoming the next big source of massive data leaks. The latest company to be added to the list of breach incidents caused by an exposed ElasticSearch server is Sky Brasil, one of the biggest subscription television…
ElasticSearch server exposed the personal data of over 57 million US citizens
Catalin Cimpanu reports: An ElasticSearch server that was left open on the Internet without a password has leaked the personal information of nearly 57 million Americans for almost two weeks, ZDNet has learned. The leaky server was spotted by Bob Diachenko, Director of Cyber Risk Research for cyber-security firm Hacken, during a regular security audit…