It was almost exactly one year ago that this site pointed readers to a report by Zack Whittaker that dozens of DoorDash customers were claiming that their accounts had been hacked. As Zack reported at the time, DoorDash denied any breach of their system. Fast-forward one year and Zack reports that DoorDash has confirmed it…
Category: Business Sector
Polish data protection authority issues €645,000 fine to online retailer
Jessica Belton reports: Poland’s Personal Data Protection Office (UODO) this week imposed a PLN 2.8 million (€645,000) fine on online retailer Morele.net for “insufficient organisational and technical safeguards”. The data breach affected approximately 2.2 million customers who purchased products through one of the group’s nine websites. Read more on IT Governance.
Vodafone customer account details ‘briefly exposed’ after software update
Tom Pullar-Strecker reports: Vodafone says customers were able to access other people’s account information through its MyVodafone app on Wednesday morning. Spokeswoman Meera Kaushik said the privacy breach followed a planned upgrade to the app at 7am, which resulted in an “unexpected caching issue”. Read more on Stuff.
Heyyo dating app leaked users’ personal data, photos, location, more
Catalin Cimpanu reports: Online dating app Heyyo has made the same mistake that thousands of companies have made before it — namely, it left a server exposed on the internet without a password. This leaky server, an Elasticsearch instance, exposed the personal details, images, location data, phone numbers, and dating preferences for nearly 72,000 users,…
Anonymous researcher drops vBulletin 5.x zero-day impacting tens of thousands of sites
Catalin Cimpanu reports: An anonymous security researcher has published details about a zero-day in vBulletin, today’s most popular internet forum software. Because of this individual’s actions, security experts are now concerned that the publication of details about this unpatched vulnerability could trigger a wave of forum hacks across the internet, with hackers taking over forum…
Tesco parking app hauled offline after exposing 10s of millions of Automatic Number Plate Recognition images
Gareth Corfield had the exclusive on this one: Tesco has shuttered its parking validation web app after The Register uncovered tens of millions of unsecured ANPR images sitting in a Microsoft Azure blob. The images consisted of photos of cars taken as they entered and left 19 Tesco car parks spread across Britain. Visible and…