Ionut Ilascu reports: Security researchers discovered that personal data of more than 100 million Android users has been exposed due to various misconfigurations of cloud services. The data was found in unprotected real-time databases used by 23 apps with download counts ranging from 10,000 to 10 million and also includes internal developer resources. Read more…
Category: Exposure
Recruiter’s Cloud Snafu Exposes 20,000 CVs and ID Documents
Phil Muncaster reports: Tens of thousands of jobseekers have had their personal information exposed by a misconfigured cloud account, according to researchers. A team at Website Planet discovered the AWS S3 bucket left unprotected and unsecured by FastTrack Reflex Recruitment, now TeamBMS. The firm apparently specializes in recruitment for the building management systems sector, for projects including skyscrapers…
Wyoming Health Director, Tech Officer Quit After Data Leak
Mead Gruver of AP reports: Wyoming’s health director and chief information officer have resigned after a data leak involving the personal information of tens of thousands of people who were tested for the coronavirus. A state Department of Health employee working with computer code accidentally released COVID-19 test results, as well as blood alcohol test…
Nz: Police admit privacy breach after nearly 40 gun licence applicants copied into same email
Mark Quinlivan reports: Police have admitted nearly 40 firearms licence applicants have had their privacy breached. A police spokesperson told Newshub 38 people had been impacted by the “localised” privacy breach after an email was sent advising the recipients to undertake a firearms safety course. Read more on NewsHub.
Jp: Two Salesforce incidents reportedly shut down online vaccination reservation systems, exposed other personal info
Updated May 18: See the Salesforce statement issued May 17 that says confirming that there was no data loss or breach involving the first incident described below. Yomiuri Shimbun reports: A failure in a cloud computing system provided by U.S.-based IT company Salesforce.com Inc. paralyzed COVID-19 vaccination reservation systems operated by local governments across Japan…
UK: NHS vaccination website leaks people’s medical data
Joel Khalili reports: A gaping security hole has been discovered in the NHS vaccination booking website, which can be easily exploited to find out whether someone has received a jab. The problem relates to the way the website treats different users, depending on how far along they are in the vaccination process. Read more on…