Michael Bentley writes: Appthority has discovered a significant data exposure vulnerability we’ve named Eavesdropper that affects almost 700 apps in enterprise environments. The vulnerability is caused by including hard coded credentials in mobile applications that are using the Twilio Rest API or SDK. By hard coding their credentials, the developers have effectively given global access…
Category: Business Sector
Jaywing suffers data breach affecting CollectPlus, Vodafone and other clients
Jennifer Faull reports: Digital and CRM agency Jaywing has suffered a security breach after its intranet was exposed following a routine update, leaking private information from client CollectPlus as well as internal documents for Vodafone. The intranet – usually a depository for internal material like training manuals – underwent an upgrade on 17 September. However,…
Cracking the Code
Jason Leopold reports: One late morning in May 2016, the leaders of the Democratic National Committee huddled around a packed conference table and stared at Robert Johnston. The former Marine Corps captain gave his briefing with unemotional military precision, but what he said was so unnerving that a high-level DNC official curled up in a…
Corporate watchdog Asic in privacy breach exposing users’ search history
Joshua Robertson reports: Australia’s corporate regulator has committed a serious privacy breach via a flaw in its website that exposes the search records of anyone tapping into its company database. The breach, which opens up free backdoor access to company search histories, including by investigative journalists and finance industry professionals, remained live on the Australian…
Former Yahoo CEO apologizes for data breach, blames Russians
David Shepardson reports: Former Yahoo Chief Executive Marissa Mayer apologized on Wednesday for a pair of massive data breaches at the internet company and blamed Russian agents at a hearing on the growing number of incidents involving major U.S. companies. Read more on Reuters.
HBO sends out breach notifications after May hack
So this is interesting. HBO is sending out breach notification letters related to their breach in May that was disclosed back in July. But to whom are the notifications going? Employees? Customers? Both? And why did it take so many months for notifications to be sent? From their notification letter, copies of which are now…