Two large leaks involving personal information discovered by researchers. First up, Zack Whittaker reports: WeWork India has fixed a security lapse that exposed the personal information and selfies of tens of thousands of people who visited WeWork India’s coworking spaces. Security researcher Sandeep Hodkasia found visitor data spilling from the check-in app on WeWork India’s website, used…
Category: Exposure
Hungarian authority fines data controller EUR 7,500 data breach and rules free online services not suitable for high-risk processing
Dóra Petrányi, Katalin Horváth, Márton Domokos, and Daniella Huszár of CMS Cameron McKenna Nabarro Olswang LLP write: In the latest decision of the National Authority for Data Protection and Freedom of Information (NAIH), a data controller for a political party, responsible for a data breach where six Excel files were made publicly available through a…
Wegmans hit with $400,000 data-breach penalty
Marcia Greenwood reports a follow-up to a data leak initially reported in June 2021: Wegmans Food Markets has been hit with a $400,000 penalty for exposing the personal information of more than 3 million customers chainwide, including more than 830,000 New Yorkers, the New York State Attorney General’s Office announced Thursday. In a statement, the…
Massive Trove of Gun Owners’ Private Information Leaked by California Attorney General
Stephen Gutowski reports: California gun owners have been put at risk by the Attorney General’s office after a new dashboard leaked their personal information. The California Department of Justice’s 2022 Firearms Dashboard Portal went live on Monday with publicly-accessible files that include identifying information for those who have concealed carry permits. The leaked information includes the person’s…
Over 900,000 Kubernetes instances found exposed online
Bill Toulas reports: Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. […] Researchers at Cyble have conducted an exercise to locate exposed Kubernetes instances across the itnernet, using similar scanning tools and search queries to those employed by malicious actors. The results show a…
Indian government issues confidential infosec guidance to staff – who leak it
Simon Sharwood reports: India’s government last week issued confidential information security guidelines that calls on the 30 million plus workers it employs to adopt better work practices – and as if to prove a point, the document quickly leaked on a government website. Read more at The Register.