Turner Wright reports: Joseph Sullivan, a former Chief Security Officer at Uber, allegedly tried to cover up a 2016 hack of sensitive data by funneling a hush money payment of $100,000 in Bitcoin through a bug bounty program. The hackers had obtained the drivers’ license numbers of roughly 600,000 Uber drivers as well as private…
Category: Of Note
Law Enforcement Websites Hit by Blueleaks May Have Been Easy to Hack
Micah Lee reports: Whoever broke into 251 law enforcement websites and obtained the blueleaks trove of documents appears to have reused decades-old software for opening “backdoors” in web servers. The use of the widely available backdoors provides evidence that the hacktivist who compromised the sensitive sites, including fusion centers linked to federal agencies, didn’t need to use sophisticated…
Data breach at Experian, 24 million South Africans’ personal information exposed
Sizwe Dlamini reports: Consumer, business and credit information services agency Experian has experienced a breach of data which has exposed personal information of as many as 24 million South Africans and 793,749 business entities to a suspected fraudster. Experian confirmed in a statement on Wednesday that the breach had been reported to law enforcement and…
Please stop hard-wiring AWS credentials in your code. Looking at you, uni COVID-19 track-and-test app makers
Thomas Claburn reports: Albion College has a plan for students to return safely to campus this fall amid the COVID-19 coronavirus pandemic. It involves being tracked by an app that, at least until a few days ago, appears to have been insecure. The Michigan institution announced its plan on July 28, which calls for testing coordinated by…
NC: Lawsuit: ‘Alarming’ data breach at Coastal Prep Academy exposed sensitive personal data
Benjamin Schachtman reports: According to a letter sent to parents by Coastal Preparatory Academy and a lawsuit filed in Superior Court, a former employee obtained extremely sensitive personal information about parents and students, including social security numbers, health and financial information, and employment records. The charter school has filed several civil actions to recover passwords,…
Report: “No Need to Hack When It’s Leaking:” GitHub Leaks of Protected Health Information
The message request showed up in my Twitter notifications: Hi There! 🙂 I see you have some experience in getting the right amount of attention for medicaid related data leaks. I have found admin credentials to some super sensitive medical billing processing system and get nothing but silence on all available contact channels and no…