Yesterday, I noted a somewhat alarming report that misconfigured MongoDB installations are being wiped by a hacker who steals the databases and then holds them for ransom of .2 BTC (approximately $200 at yesterday’s rate or $220 at today’s rate). This latest threat was reported yesterday by Catalin Cimpanu of Bleeping Computer after an ethical hacker, Victor Gevers, disclosed the discovery he had made as part of Project 366. On…
Category: Exposure
Box.com plugs account data leakage flaw
Tom Spring writes: Box.com has changed the way it handles publicly shared accounts and folders after a researcher found confidential documents and data belonging to Box.com users via Google, Bing and other search engines. While Box.com maintains this is a case of its customers unintentionally over-sharing, it says it has “fixed” the issue. The problem…
MongoDB Databases Held Up for Ransom by Mysterious Attacker
Catalin Cimpanu reports: An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing their content, and asking for a Bitcoin ransom to return the data. These attacks have been happening for more than a week and have hit servers all over the world. The first one to notice the attacks was…
Customer records from used car dealership found dumped in Detroit’s Brightmoor area
If you were a customer of Get Fresh Auto in Detroit, you may want to read a report by Randy Wimbley for Fox2. Contacted after a watchdog found customer information just dumped on a debris-littered street, the used car dealership’s owner’s responses to the reporter’s questions about how the papers wound up there reminded me of Sgt. Schultz in Hogan’s Heroes. “As soon…
US government subcontractor leaks confidential military personnel data
Charlie Osborne reports: A Pentagon subcontractor has exposed reams of highly sensitive details belonging to active military healthcare professionals online, some of which hold top-secret security clearances. Potomac Healthcare Solutions, a subcontractor brought on board to supply healthcare professionals to the US government and military organizations through its Washington, DC.-based contractor Booz Allen Hamilton, was…
Veterans say mail from VAC outs medical marijuana users
Andrea Gunn reports yet another incident where Canadian medical marijuana users have been outed by a mailing gaffe. Veterans across Canada are reporting a security breach involving mail sent out by Veterans Affairs Canada that lets anyone looking at the outside of the envelope know it was issued under the federal medical marijuana program. Veteran…