Phil Muncaster reports: A French retail consultancy exposed data on millions of its clients’ customers as well as sensitive business information, after researchers discovered an unsecured Elasticsearch database. Aliznet, which specializes in digital transformation, names the likes of tech giants IBM, Oracle and Salesforce, retail leaders like Auchan, and big brands including Yves Rocher and…
Category: Business Sector
XKCD forum goes offline after discovery of data leak affecting 562K members
Ravie Lakshmanan reports: XKCD forum, the bulletin board associated with the popular webcomic XKCD, has been taken offline after personal information of more than 562,000 members was exposed online. According to security researcher Troy Hunt, the breach occurred two months ago (on July 1 2019). The compromised data has been added to breach alerting site…
Malicious websites were used to secretly hack into iPhones for years, says Google
Zack Whittaker reports: Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws. Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times…
For Foxit’s sake: PDF editor biz breached, users’ passwords among stolen data
Gareth Corfield reports: Users of software house Foxit’s free and paid-for products, including its popular PhantomPDF editor, may have fallen victim to a data breach – with stolen data including users’ website passwords. Foxit admitted to the breach earlier today, stating that “third parties” had gained access to its My Account user data. Read more…
How sweet it is(n’t): Chocolatier announces breach
Their press release: KANSAS CITY, Mo., Aug. 30, 2019 — Russell Stover Chocolates, LLC (Russell Stover) recently became aware of a data security incident potentially affecting certain data from payment cards used for purchases at Russell Stover retail stores during a limited timeframe. It is important to note that, at this time, there is no…
Imperva discloses security incident impacting cloud firewall users
Catalin Cimpanu reports: Cyber-security and DDoS mitigation firm Imperva disclosed today a security incident that impacts customers of its cloud web application firewall (WAF), formerly known as Incapsula. “On August 20, 2019, we learned from a third party of a data exposure that impacts a subset of customers of our Cloud WAF product who had…