The Office of Inadequate Security
BreachForums, a popular hacking-related forum that is on both the clear net and dark web, offers posts about how to “dox” individuals using open source intelligence (OSINT). Ironically, perhaps, some former or current BreachForums users are discovering this week that they have been doxed, and their doxes have been or will be released publicly. A…
Suzanne Smalley reports: Whitepages is the latest data broker to be sued for allegedly flouting laws barring the publication of home addresses and other personal information belonging to judges, police officers, prosecutors and others in law enforcement. A retired West Virginia police officer filed a class action lawsuit against the company late last month for publishing his…
For your “no need to hack when it’s leaking” files: Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained thousands of records belonging to Confidant Health — an AI-powered platform offering mental health and addiction treatment. The database contained patient PII, psychosocial assessments including details about mental health or substance abuse,…
Brian Krebs reports: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its…
Connor Lynch reports: The Belfast Trust is currently investigating a data breach at a mental health unit after pictures were taken of patients’ details through the window of an office. The incident took place at the Rathlin Outpatients ward of the Knockbracken Health Centre when someone entered the grounds and took pictures through an open…
VpnMentor reports that researcher Jeremiah Fowler discovered 13 non-password-protected databases that contained 4.6 million documents, including voter records, ballots, multiple lists, and election-related records. Through his research, Fowler found that the data was owned by Platinum Technology Resource/Platinum Elections Services. Once I was reasonably sure who managed the database, I sent a responsible disclosure notice…