Tom Spring reports: A cache of data including 3.3 million user credentials belonging to Hello Kitty parent company Sanrio surfaced over the weekend. The breach was originally reported in December 2015, but at the time Sanrio denied any data was stolen as part of the breach. The breach was tied to a misconfigured MongoDB installation that…
Category: Exposure
Eastern Health Investigating Unusual Privacy Breach
It was ultimately a case of calling the wrong phone number, but due to a combination of factors, the error wasn’t realized until after some patient information had been revealed. VOCM reports: Eastern Health is investigating after VOCM Backtalk host Pete Soucy found himself in a recent comedy of errors that resulted in a privacy…
Misconfigured MongoDB database exposes sleep disorder program patients’ information
I blacked out while driving and wrecked …. So begins a message that was just one of more than 1,000 messages and more than 1,200 patient profiles exposed to the world because a sleep disorder clinic serving military personnel had a misconfigured MongoDB database that was indexed by Shodan. Thankfully, the files were still intact when MacKeeper Security Research…
Emory Healthcare patient data hijacked and held for ransom? (UPDATED)
Yesterday, I noted a somewhat alarming report that misconfigured MongoDB installations are being wiped by a hacker who steals the databases and then holds them for ransom of .2 BTC (approximately $200 at yesterday’s rate or $220 at today’s rate). This latest threat was reported yesterday by Catalin Cimpanu of Bleeping Computer after an ethical hacker, Victor Gevers, disclosed the discovery he had made as part of Project 366. On…
Box.com plugs account data leakage flaw
Tom Spring writes: Box.com has changed the way it handles publicly shared accounts and folders after a researcher found confidential documents and data belonging to Box.com users via Google, Bing and other search engines. While Box.com maintains this is a case of its customers unintentionally over-sharing, it says it has “fixed” the issue. The problem…
MongoDB Databases Held Up for Ransom by Mysterious Attacker
Catalin Cimpanu reports: An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing their content, and asking for a Bitcoin ransom to return the data. These attacks have been happening for more than a week and have hit servers all over the world. The first one to notice the attacks was…