Update: One day later, the story of the OpticsML breach got much worse when Bob Diachenko found a second exposure involving the vendor. Read about it here. Original post: Zack Whittaker reports on a leak discovered by Bob Diachenko of Security Discovery: A trove of more than 24 million financial and banking documents, representing tens…
Category: Of Note
Darknet vendor attempts to sell 100,000 hacked KYC documents from major cryptocurrency exchanges
Oliver Knight reports: A darknet vendor is attempting to sell 100,000 know-your-customer (KYC) documents supposedly stolen from major exchanges including Binance, Bitfinex, Bittrex, and Poloniex. The vendor, who posts on the darknet forum ‘Dread’ under the ‘ExploitDot’ moniker, claims to have obtained details from a security breach of a third-party KYC solution provider. Among the…
Facebook may face record-setting fine for privacy breach
The Washington Post reports: U.S. regulators have met to discuss imposing a record-setting fine against Facebook for violating a legally binding agreement with the government to protect the privacy of its users’ personal data, according to three people familiar with the deliberations but not authorized to speak on the record. The fine under consideration at…
BlackRock exposes info on thousands of advisers via website
Bloomberg reports: BlackRock Inc., the world’s largest asset manager, inadvertently posted confidential information about thousands of financial adviser clients on its website. The data appeared in three spreadsheets, linked on one of the New York-based company’s web pages dedicated to its iShares exchange-traded funds. The documents included names and email addresses of financial advisers who buy…
Ca: Woman says childhood sexual trauma details leaked in privacy breach
Jack Julian reports on a truly horrific leak: A Dartmouth, N.S., woman whose personal information was exposed in the province’s worst-ever privacy breach says the experience has left her angry and hurt. “I felt violated,” the woman said. CBC News is shielding the woman’s identity because the files leaked by the province’s online freedom of information portal…
Monster 773 million-record breach list contains plaintext passwords
Dan Goodin reports: Have I Been Pwned, the breach notification service that serves as a bellwether for the security of login credentials, has just gotten its hands on its biggest data haul ever—a list that includes almost 773 million unique email addresses and 21 million unique passwords that were used to log in to third-party…