HHS’s public breach tool added a listing today that was submitted by the Khalil Foundation (DBA Khalil Center). The center describes itself as a psychological and spiritual community wellness center advancing the professional practice of psychology rooted in Islamic principles. They are covered by HIPAA. On December 22, they notified HHS that 1153 individuals had…
Category: Exposure
No need to hack when it’s leaking: Roomster edition (1)
There are leaks and then there are leaks. Hundreds of thousands of people who shared houses via Roomster might want to say a mental “Thank you” to the researcher known as @JayeLTee, who discovered a long-standing data leak and took steps to get it secured. As JayeLTee relates, he first spotted the misconfigured server in…
Massive VW Group Data Leak Exposed 800,000 EV Owners’ Movements, From Homes To Brothels
Thanos Pappas reports: Many people worry about hackers stealing their personal data, but sometimes, the worst breaches come not from shadowy cybercriminals but straight from the companies we trust. According to a new report from Germany, the VW Group stored sensitive information for 800,000 electric vehicles from various brands on a poorly secured Amazon cloud—essentially leaving…
Conversation with a “Nam3L3ss” Watchdog, Part 2: Methods
This is a multi-part interview with the individual known as “Nam3L3ss” who leaked more than 100 databases on a popular hacking forum and will soon be leaking many more. Read the Preface. In Part 1, he answered some questions about his background and what motivated him to do what does. In this part, we talk…
Tracker firm Hapn spilled names of thousands of GPS tracking customers
Zack Whittaker reports: GPS tracking firm Hapn exposed the names of thousands of its customers due to a website bug, TechCrunch has learned. A security researcher alerted TechCrunch in late November to customer names and affiliations — such as the name of their workplace — spilling from one of Hapn’s servers, which TechCrunch has seen….
No need to hack when it’s leaking: Rapido edition
Jagmeet Singh reports: Rapido, a popular ride-hailing platform in India, has fixed a security issue that exposed personal information associated with its users and drivers, TechCrunch has exclusively learned. The flaw, discovered by security researcher Renganathan P, was related to a website form meant to collect feedback from Rapido auto-rickshaw users and drivers. The form…