Oops, I had missed this one last week. Sergiu Gatlan reported: An unprotected Elasticsearch cluster found via a Shodan search exposed 37,900 records of Kool King Shop customers, a French online shop specifically tailored to be used by kids who bought Burger King menus. As Security Discovery researcher Bob Diachenko discovered after further investigation, the…
Category: Business Sector
Update: West Hartford officials warn parents of test registration platform data breach
Doug Levin kindly alerted me that the Hartford Courant has a story on the Total Registration data security incident. … The school officials said that Total Registration, used by the district to register students for certain exams, informed them that certain information provided by students including name, grade level, gender, date of birth, address, email…
Hackers access data from more than 460,000 accounts at Uniqlo’s online store
Eustance Huang reports: Fast Retailing, the Japanese company behind the Uniqlo retail chain, announced Monday that the data of more than 460,000 customers on its online shopping sites were accessed by hackers from April 23 to May 10. In a statement released on its website, Fast Retailing said: “It was confirmed on May 10, 2019…
Over 25,00 smart Linksys routers are leaking sensitive data
Charlie Osborne reports: Over 25,000 Linksys Smart Wi-Fi routers are believed to be vulnerable to remote exploit by attackers, leading to the leak of sensitive information. According to Bad Packets’ security researcher Troy Mursch, the security problem was discovered after the firm’s honeypots flagged the persistent flaw, which “allows unauthenticated remote access to sensitive information.”…
WhatsApp urges users to upgrade app after security breach
Steven Scheer reports: Facebook’s WhatsApp urged users to upgrade to the latest version of its popular messaging app after reporting that users might be vulnerable to having malicious spyware installed on phones without their knowledge. […] Earlier, the Financial Times (FT) reported that a vulnerability in WhatsApp allowed attackers to inject spyware on phones by ringing…
1.5 Million Mobile Users’ Card & Information Exposed
Roy Urrico reports: Security researchers discovered an exposed Elasticsearch server containing up to 1.5 million Freedom Mobile users’ personal data, passwordless, and including unencrypted credit card and CVV numbers, expiration dates and verification numbers. The five million exposed customer data logs belonged to Freedom Mobile, Canada’s fourth wireless telecommunications provider. The files, stored in plaintext,…