Troy Hunt writes: Let me make it crystal clear in the opening paragraph: this incident is not about any sort of security vulnerability on GitHub’s behalf, rather it relates to a trove of data from their site which was inappropriately scraped and then inadvertently exposed due to a vulnerability in another service. My data. Probably…
Category: Non-U.S.
Hackers say they took Mega.nz source code and admin logins
Zack Whittaker reports: A hacker group claims to have obtained source code and admin accounts for the file-sharing site Mega.nz, formerly owned by internet entrepreneur Kim Dotcom. The hacker group, known as the Amn3s1a Team, told me by email that they had also obtained internal documents from the company’s servers, by exploiting an escalation of…
AU: Personal details of thousands of residents revealed by Melbourne council in data breach
ABC reports: A local council in Melbourne’s south-east is embroiled in a privacy breach, after the personal details of more than 2,000 residents were accidentally distributed to the public. A survey was emailed to 952 clients of the City of Kingston Maternal and Child Health Service on Wednesday, but there was an excel spreadsheet attached…
Teenage Birmingham brothers quizzed over £1million credit card fraud
Nick McCarthy reports: Two teenage Birmingham brothers have been quizzed over a £1million credit card fraud that sparked co-ordinated raids in England, Finland, Spain and Canada. West Midlands Police swooped on a house in Great Barr and arrested an 18-year-old man on suspicion of fraud and cybercrime offences. Officers also spoke to the teenager’s 15-year-old brother at the…
NHS patients being put ‘at risk’ because of cybersecurity flaws
Tom Cheshire reports: A Sky News investigation has discovered the NHS trusts putting patients at risk by not protecting their data online. Seven NHS trusts, serving more than two million people, spent nothing on cybersecurity in 2015. Sky News worked with security experts to find serious flaws in their cybersecurity, which could be easily exploited by…
In: Data of 34 million Keralites leaked in massive data breach; govt had ignored vulnerability reports
And this, kids, is what happens when an entity keeps ignoring vulnerability reports from researchers or infosec folks. In this case, an IT consultant, “N.T.R.,” hacked civilsupplieskerala.gov: “I wrote to the NIC several times pointing to the vulnerabilities and even called the civil supplies office warning them about a possible breach, but they ignored me….