Jon Fingas reports: The UK Conservative party is learning a hard lesson about the importance of basic security measures in mobile apps. Users have discovered that you could log into the party’s conference app using only an attendee’s email address, providing access to all kinds of sensitive data. And when many of the conference participants are…
Category: Exposure
Telegram fixes IP address leak in desktop client
Catalin Cimpanu reports: Telegram users who specifically utilize the application for its anonymity features are advised to update their desktop clients as soon as possible to patch a bug that will leak their IP address in some scenarios. The bug was found by Dhiraj Mishra, a bug hunter from Mumbai, India, and was patched by…
United Nations Accidentally Exposed Passwords and Sensitive Information to the Whole Internet
Micah Lee reports: The United Nations accidentally published passwords, internal documents, and technical details about websites when it misconfigured popular project management service Trello, issue tracking app Jira, and office suite Google Docs. The mistakes made sensitive material available online to anyone with the proper link, rather than only to specific users who should have…
Securus Technologies-owned GovPayNow.com Leaks 14M+ Records
Brian Krebs reports: Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone…
Another security breach at Grindr reveals users’ exact location
Tom Capon reports: Grindr’s security issues are once again in the spotlight as a third party app pinpointed users’ exact location. Despite constant reassurances from the app about the difficulties of exploiting their location technology, the latest security breach revealed how malicious parties can locate users. Discovered by blog Queer Europe, they used a third-party…
PA: Independence Blue Cross and subsidiaries notifying members whose PHI was mistakenly exposed on public web site
John George reports: Independence Blue Cross and its subsidiaries AmeriHealth HMO and AmeriHealth Insurance Co. of New Jersey have alerted certain members of a recent incident involving a potential privacy issue related to protected health information. […] “We quickly launched an investigation to determine the nature and scope of this incident, working with a leading…