Michael Bentley writes: Appthority has discovered a significant data exposure vulnerability we’ve named Eavesdropper that affects almost 700 apps in enterprise environments. The vulnerability is caused by including hard coded credentials in mobile applications that are using the Twilio Rest API or SDK. By hard coding their credentials, the developers have effectively given global access…
Category: Exposure
Jaywing suffers data breach affecting CollectPlus, Vodafone and other clients
Jennifer Faull reports: Digital and CRM agency Jaywing has suffered a security breach after its intranet was exposed following a routine update, leaking private information from client CollectPlus as well as internal documents for Vodafone. The intranet – usually a depository for internal material like training manuals – underwent an upgrade on 17 September. However,…
University of East Anglia investigates another data leak
Warwick Ashford reports: The University of East Anglia is investigating a second personal data leak in six months after an employee’s personal data was sent to hundreds of postgraduate research students. The email was sent on 5 November to about 300 recipients in the social science faculty. When the error was discovered, the university sent…
Local Salvation Army website updated after personal information released
WRDW reports: Well that’s me right there and that’s pretty horrible.” It’s the last information anyone would want popping up on a stranger’s phone. But that’s exactly what Sterling Gray saw when I showed him the Augusta Salvation Army’s Auto Auction website. “It’s easy enough if you are knowledgeable how to go out and find…
Corporate watchdog Asic in privacy breach exposing users’ search history
Joshua Robertson reports: Australia’s corporate regulator has committed a serious privacy breach via a flaw in its website that exposes the search records of anyone tapping into its company database. The breach, which opens up free backdoor access to company search histories, including by investigative journalists and finance industry professionals, remained live on the Australian…
UK: Confidential information ‘may’ have been in stolen hospital container
The Dudley News reports: Bosses have admitted that a waste container stolen from Russells Hall Hospital may have contained confidential information. The container, which held paper waste, was stolen from the back of the hospital at 6.45pm on October 5. Read more on Dudley News.