Manikanta Immann reports: Scoolio is a german app for students, used mainly for educational updates, record keeping, and networking. After informing the flaw to Scoolio’s developer, a fix was released this week to patch the bug. […] In September, a security researcher named Lilith Wittmann of Zerforchung firm has discovered a flawed API in Scoolio, through which she was able…
Category: Exposure
Government data breach exposes Afghans to more danger
Evan Dyer reports: The names of several hundred vulnerable Afghans seeking refuge from the Taliban were recently leaked in emails sent in error by Immigration, Refugees and Citizenship Canada (IRCC), CBC News has learned. The Afghans in question fear reprisals from the Taliban, who took over the country in August. Some are in hiding because…
Data breach leads to £10k fine for Scottish charity
Graham Martin reports: A prominent Scottish charity has been fined £10,000 for a data protection breach. The action was taken after HIV Scotland sent out an email containing the personal details of dozens of people. The breach involved an email to 105 people, including patient advocates representing people living in Scotland with HIV. Read more…
Ohio State University email gaffe creates a FERPA breach
An email gaffe due to not using bcc: instead of cc: or TO: revealed almost 400 Ohio State University students’ disability status to other students. Read the story on The Lantern. Note that this is a FERPA issue, and there really is no requirement for breach notification to those impacted, but the unintended disclosure needs…
A massive ‘stalkerware’ leak puts the phone data of thousands at risk
Zack Whittaker reports: The private phone data of hundreds of thousands of people are at risk. Call records, text messages, photos, browsing history, precise geolocations and call recordings can all be pulled from a person’s phone because of a security issue in widely used consumer-grade spyware. But that’s about as much as we can tell you….
UK: Schools email marketing company told us to go away when we told them of exposed database creds, say infoseccers
Gareth Corfield reports: An email marketing company claiming to hold details on a million UK teachers and school admin personnel was potentially exposing those to the public internet thanks to a misconfigured error page on its website. Not only that, but the Schools Marketing Company (SMC) seemingly dismissed the findings of the infosec company which…