Dan Goodin reports: According to researchers from security firm Avast, the database storing the names, e-mail addresses, home addresses, phone numbers, and wish lists of Target customers is available to anyone who figures out the app’s publicly available programming interface. Read more on Ars Technica.
Category: Exposure
Meanwhile, back at the VA….
The VA’s monthly report to Congress for November has been released, and we’re still seeing low-tech breaches involving papers being left where they shouldn’t be left. Exhibit A, from the VA in Boston: An 11-page clinic list was found in a public bathroom in a heavily trafficked area. The list had been printed on November 4,…
Update: OkHello (FINALLY) secures its leaking database (Update2)
After discovering that OkHello video chat service’s database was still leaking – nine days after Chris Vickery and I first notified them and tried to get them to secure it – I sent two more emails to OkHello last night to repeat the notification. Both were to email addresses that were only found last night (and great thanks to Steve Ragan…
MacKeeper leak of 13M customers’ data acknowledged by Kromtech
Earlier today, I had mentioned a leak that Chris Vickery uncovered that involved over 13 million customers or users of MacKeeper, but now a bunch of reporters have reported on that leak in more depth. To their credit, Kromtech issued a disclosure statement about the leak, which was posted on MacKeeper: MacKeeper Security Advisory Kromtech is…
Two apps with health info found leaking: researcher. Part 2: Hzone
This is Part 2 of today’s posts reporting on apps leaking health information. The leaks were shared with DataBreaches.net by researcher Chris Vickery, and this one involves very sensitive health and medical information. Part 1 reported on iFit’s data leak. Screenshots provided to DataBreaches.net on December 8 by Vickery revealed that 4,926 user accounts from Hzone Dating App for HIV-positive…
Two apps with health info found leaking: researcher. Part 1: iFit
Apps that collect and store health-related information are often not covered by HIPAA, but a breach involving the data they collect could be problematic. Today, I report on two leaking apps containing health information. Both of these leaks were reported to DataBreaches.net by researcher Chris Vickery. Part 1, below, is on iFit’s data leak. Part 2 will report on…