Last year, a security researcher alerted Equifax that anyone could have stolen the personal data of all Americans. The company failed to heed the warning. Great reporting by Lorenzo Franceschi-Bicchierai on Motherboard. Go read it all.
Category: Exposure
Whois Maintainer Accidentally Makes Password Hashes Available For Download
Tom Spring reports: The regional internet registrar that administers IP addresses for the Asia Pacific region accidentally leaked Whois database data, including hashed passwords, forcing it to reset all passwords for objects in its Whois database. According to Asia Pacific Network Information Center (APNIC), the organization that maintains domains for the region, it experienced a…
Cosmetics Brand Tarte Exposed Personal Information About Nearly 2 Million Customers
Kate Conger and Dell Cameron report: Tarte Cosmetics, a cruelty-free cosmetics brand carried by major retailers like Sephora and Ulta, exposed the personal information of nearly two million customers in two unsecured online databases. The databases were publicly accessible and included customer names, email addresses, mailing addresses, and the last four digits of credit card…
UK: University of East Anglia not punished over data breach
BBC reports: A university that mistakenly emailed sensitive personal information about students to hundreds of undergraduates will face no further action. Details of health problems, family bereavements and personal issues were sent by the University of East Anglia (UEA) in Norwich to 298 students. The Information Commissioner’s Office said no regulatory action was needed. Read…
Cloudy with a chance of PHI leaks
Maybe we should do this one as a “write your own headline” exercise. Earlier this week, Kromtech Security reported that they had uncovered yet another improperly secured AWS S3 bucket that was exposing protected health information. The company that was responsible for the collection of the home monitoring data, Patient Home Monitoring, was exposing what…
Accenture left a huge trove of highly sensitive data on exposed servers
Zack Whittaker reports: Technology and cloud giant Accenture has confirmed it inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers. The servers, hosted on Amazon’s S3 storage service, contained hundreds of…