Some of you will recall that on a few occasions, DataBreaches has collaborated with Dutch researcher Jelle Ursem (aka @SchizoDuckie) to report on entities in the medical sector who were leaking their login credentials in GitHub repositories (see “No Need to Hack When It’s Leaking” and “Good Luck Explaining to HHS Why Your PHI is…
Category: Commentaries and Analyses
Atlassian: Confluence hardcoded password was leaked, patch now!
Sergiu Gatlan reports: Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers. As the company revealed this week, the Questions for Confluence app (installed on over 8,000 servers) creates a disabledsystemuser account with a hardcoded password to help admins…
Seventh Circuit Affirms Dismissal Of Class Claims Based Upon Speculative Hacking Risk
Benjamin Cain of Covington and Burling writes: Late last week, the Seventh Circuit affirmed a trial court’s ruling granting dismissal at summary judgment of claims against FCA US LLC (“FCA,” formerly known as Chrysler) and Harman International Industries, Inc. (“Harman”) for lack of Article III standing. See Flynn v. FCA US LLC, — F. 4th —-,…
Recent cyberattacks put Thai citizens’ privacy and data security at greater risk
In December of 2021, Thailand’s National Cyber Security Agency launched after being delayed by the COVID-19 pandemic. In February, it announced that it intended to roll out 40 subordinate regulations of the Cybersecurity Act this year to strengthen the country’s systems. It sounds like an ambitious — but badly needed — update. For the past…
China fines Didi $1.2bn over ‘egregious’ data security violations
AlJazeera reports: China has fined ride-hailing giant Didi almost $1.2bn for “egregious” violations of data security rules, capping a year-long probe that torpedoed the startup’s stock price and forced its delisting from the United States stock market. The Cyberspace Administration of China (CAC) said on Thursday it fined the startup 8.026 billion yuan after finding…
Yet another Neopets breach? Neopets data breach exposes personal data of 69 million members
Lawrence Abrams reports: Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members. Neopets is a popular website where members can own, raise, and play games with their virtual pets. Neopets recently launched NFTs that will be…