Brian Krebs reports: A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging…
Category: Exposure
D.C. Health Exchange Needs Broker Identity Theft Posse
Allison Bell reports: The builders of the Affordable Care Act health insurance exchange system once wondered whether agents and brokers would have a role in the health insurance market. Now, the managers of the ACA public exchange for the District of Columbia are turning to brokers to help persuade more users to protect themselves against the effects of…
Throne fixes security bug that exposed creators’ private home addresses
Zack Whittaker reports: A recently fixed security bug at a popular platform for supporting creators shows how even privacy-focused platforms can put creators’ private information at risk. Throne, founded in 2021, bills itself as “a fully secure, concierge wishlist service that acts as an intermediary between your fans and you.” Throne claims to support more than…
Alcohol recovery startups Monument and Tempest shared patients’ private data with advertisers
Zack Whittaker reports: For years, online alcohol recovery startups Monument and Tempest were sharing with advertisers the personal information and health data of their patients without their consent. Monument, which acquired Tempest in 2022, confirmed the extensive years-long leak of patients’ information in a data breach notification filed with California’s attorney general last week, blaming their use…
Concerns turned into reality… As soon as Samsung Electronics unlocks ChatGPT, ‘misuse’ continues
The following is a Google machine translation of an article in the Economist Korea. Jeong Doo-yong reports: As soon as Samsung Electronics permitted the use of ChatGPT in its device solution (DS/semiconductor) business premises, an accident occurred in which corporate information was leaked. The contents of programs related to semiconductor ‘facility measurement’ and ‘yield/defect’ were entered…
Proskauer Rose Cyber Attack Left Sensitive Client Data Unguarded
Mahira Dayal reports: A data breach at Proskauer Rose exposed client data, including sensitive legal and financial information, the law firm confirmed Friday. “Our tech security team recently learned that an outside vendor that we retained to create an information portal on a third-party cloud-based storage platform had not properly secured it,” Joanne Southern, a…