Jeremy Kirk reports: David Stier, a San Francisco-based data scientist, has uncovered situations in which Facebook’s Instagram service exposed the contact details of minors, such as email addresses and phone numbers. In the last month, Stier discovered that Instagram was leaking kids’ email addresses within the HMTL of the web version of users’ profiles. Instagram…
Category: Exposure
Verizon has been leaking customers’ personal information for days (at least)
Dan Goodin reports: Verizon is struggling to fix a glitch that has been leaking customers’ addresses, phone numbers, account numbers, and other personal information through a chat system that helps prospective subscribers figure out if Fios services are available in their location. The personal details appear when people click on a link to chat with…
Belgium: Belgian DPA announces potential data breach at Bpost
OneTrust DataGuidance writes: The Belgian Data Protection Authority (‘Belgian DPA’) announced, on 1 December 2020, that it had learned of a potential security incident at Bpost through media articles. In particular, the Belgian DPA outlined that, given the position Bpost plays in Belgian society, a data breach would have made possible access to personal data…
‘Apodis Pharma’ Leaked Over 1.7 TB of Confidential Data Online
Bill Toulas reports: The French digital supply chain management and software solutions provider ‘Apodis Pharma’ has misconfigured an ElasticSearch database for public access, essentially leaking over 1.7 TB of confidential business-related data. The client portfolio of ‘Apodis Pharma’ includes big pharmaceutical firms, so the particular data leak is considered a grave security event. Read more…
AU: Australia’s largest cryptocurrency exchange accidentally exposed the names and emails of 270,000 customers
Cam Wilson reports that an old-fashioned email goof by BTC Markets exposed members’ names and email addresses: Early on Tuesday morning, an Australian cryptocurrency exchange that bills itself as the largest in the country inadvertently exposed more than 270,000 of its members names and email addresses. Users posted to social platforms like Twitter and Reddit to complain…
Cayman Islands investment fund left entire filestore viewable by world+dog in unsecured Azure blob
Gareth Corfield reports: A Cayman Islands-based investment fund has exposed its entire backups to the internet after failing to properly configure a secure Microsoft Azure blob. Details of the fund’s register of members and correspondence with its investors could be freely read by anyone with the URL to its Azure blob, the Microsoft equivalent of…