Ethan Wolff-Mann reports: Equifax used the word “admin” as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia. The lawsuit, filed in January, went viral on Twitter Friday after Buzzfeed reporter Jane Lytvynenko came across the detail. Read more…
Category: Business Sector
Mercedes-Benz app glitch exposed car owners’ information to other users
Zack Whittaker reports: Mercedes-Benz car owners have said that the app they used to remotely locate, unlock and start their cars was displaying other people’s account and vehicle information. TechCrunch spoke to two customers who said the Mercedes-Benz’ connected car app was pulling in information from other accounts and not their own, allowing them to…
Recruitment Sites Exposes 250,000 Resumes Online
CISO Mag reports: Around 250,000 American and British-based job seekers’ personal information has been exposed after two recruiting sites misconfigured their databases. The exposed information included candidates’ names, addresses, contact information, and work experience. The data leak occurred when recruitment sites Authentic Jobs and Sonic Jobs failed to set their cloud storage as private. Read…
Zappos data breach settlement: users get 10% store discount, lawyers get $1.6m
Long-time readers will remember the 2012 Zappos breach that impacted 24 million of their online customers. The breach and its resulting litigation have been covered on this site previously, including Zappos’s failure in March of this year to get the Supreme Court to hear their appeal of a Ninth Circuit decision that had allowed the…
Dutch pharma group Pharming denies involvement in CSL data breach
Carrie LaFrenz reports: Dutch pharma company Pharming Group NV said it “categorically denies“ any involvement in an alleged data breach by a former CSL staffer. Shares in the listed €698 million ($1.14 billion) biotech company recovered in early trade Thursday after tumbling nearly 12 per cent the day before in Europe, after it was revealed…
Two cashback sites leaked data of 3.5 million users
Al Restar writes: Two popular cashback services have leaked nearly two terabytes worth of personally identifiable information (PII) and account data in an unprotected Elastic database. The two cashback websites have been operating mostly in the United Kingdom and India. Cybersecurity experts from the Security Detectives (sic) Research team discovered an unprotected Elasticsearch database containing at…