James Sander joins those taking GearBest out to the cyberwoodshed over a data leak: Over 1.5 million customer records from online electronics seller GearBest, as well as Zaful, Rosegal, and DressLily, were stored in an unprotected Elasticsearch server, according to a joint report from VPNMentor (archived here) and security researcher Noam Rotem. The brands involved…
Category: Exposure
Personal information of over 800,000 blood donors was accessible online for 2 months: HSA
Felicia Choo reports: The personal information of more than 800,000 people who have donated or tried to donate blood in Singapore since 1986 was improperly put online by a Health Sciences Authority (HSA) vendor for more than two months, but access to the database was cut off soon after the discovery. Disclosing this in a…
Unsecured Gearbest server exposes millions of shoppers and their orders
Zeljka Zorz reports: Chinese e-commerce giant Gearbest has exposed information and orders of millions of its customers through an unsecured Elasticsearch server, security researcher Noam Rotem and his team have found. According to Rotem, the server was not protected with a password and anyone could access it and search the data. Also, despite assurances from…
Dozens of companies leaked sensitive data thanks to misconfigured Box accounts
Zack Whittaker reports: Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box enterprise storage accounts that can easily be discovered. The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left…
Thousands of Arizonans hit in Medicaid agency’s data breach
Jessica Suerth reports: Thousands of Arizonans were affected by a data breach earlier this year that targeted the state’s Medicaid agency, it was announced Monday. The breach of the Arizona Health Care Cost Containment System affected more than 3,100 individuals when their IRS 1095-B forms were delivered to the wrong addresses. Read more on KTAR.
Hundreds of immigrant recruits risk ‘death sentence’ after Army bungles data, lawmaker says
Today’s reminder that some “human error” breaches can put lives at risk. Alex Horton reports: Army officials inadvertently disclosed sensitive information about hundreds of immigrant recruits from nations such as China and Russia, in a breach that could aid hostile governments in persecuting them or their families, a lawmaker and former U.S. officials said. A…