Zack Whittaker reports: A bug in T-Mobile’s website let anyone access the personal account details of any customer with just their cell phone number. The flaw, since fixed, could have been exploited by anyone who knew where to look — a little-known T-Mobile subdomain that staff use as a customer care portal to access the…
Category: Business Sector
Insurance startup leaks sensitive customer health data
Zack Whittaker reports: A software startup that provides independent insurance brokers with customer management software has exposed highly sensitive information on thousands of insurance policy holders. A vast cache of data was stored on Amazon S3 storage bucket by AgentRun, a Chicago, Ill.-based company founded in 2012 by Andrew Lech, a former independent insurance broker….
Coca-Cola notifying employees of insider breach (updated)
Coca-Cola is notifying employees that a former employee reportedly misappropriated their personal information. The number of employees or other individuals affected was not disclosed in the notification letter, but Coca-Cola reports that they learned of the breach on September 1, 2017 from law enforcement, who asked them to delay notification. Law enforcement recently gave Coca-Cola…
Comcast website bug leaks Xfinity customer data
ZackWhittaker reports: A bug in Comcast’s website used to activate Xfinity routers can return sensitive information on the company’s customers. The website, used by customers to set up their home internet and cable service, can be tricked into displaying the home address where the router is located, as well as the Wi-Fi name and password….
Teen phone monitoring app leaked thousands of user passwords
Zack Whittaker reports: At least one server used by an app for parents to monitor their teenagers’ phone activity has leaked tens of thousands of accounts of both parents and children. The mobile app, TeenSafe, bills itself as a “secure” monitoring app for iOS and Android, which lets parents view their child’s text messages and…
Two Members of Syrian Electronic Army Indicted for Conspiracy
May 17 – ALEXANDRIA, Va. – A federal grand jury returned an 11-count indictment today charging two Syrian men with offenses relating to their participation in a conspiracy to engage in computer hacking as members of the “Syrian Electronic Army” or “SEA.” Ahmad ‘Umar Agha, who is known online as the “The Pro,” and Firas Dardar,…