Caredig ap Tomos reports: Sensitive data relating to students’ self-identification continued to be shared with students running elections on Cambridge Students’ Union’s voting platform months after the issue was originally raised. Sources have told Varsity that countless students were “effectively outed without even knowing it” because of the ‘breach’ of sensitive data, which took nine months to…
Category: Other
34,942 PayPal users notified of data security incident in December
PayPal has sent breach notifications to 34,942 users this week. Their notification reads, in part: On December 20, 2022, we confirmed that unauthorized parties were able to access your PayPal customer account using your login credentials. We have no information suggesting that any of your personal information was misused as a result of this incident,…
Mailchimp says it was hacked — again
Zack Whittaker reports: Email marketing and newsletter giant Mailchimp says it was hacked and that dozens of customers’ data was exposed. It’s the second time the company was hacked in the past six months. Worse, this breach appears to be almost identical to a previous incident. The Intuit-owned company said in an unattributed blog post that its security team detected an intruder…
NortonLifeLock warns that hackers breached Password Manager accounts
Bill Toulas reports: Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks. According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the…
For sale on eBay: A military database of fingerprints and iris scans
Kashmir Hill, John Ismay, Christopher F. Schuetze, and Aaron Krolik report: The shoebox-shaped device, designed to capture fingerprints and perform iris scans, was listed on eBay for $149.95. A German security researcher, Matthias Marx, successfully offered $68, and when it arrived at his home in Hamburg in August, the rugged, hand-held machine contained more than…
Vendor Claims to Have Scraped 400M Twitter User Records (with UPDATE 1)
Perhaps the top story this past week involves a sales offering on a popular hacking-related forum. The seller, who first joined the forum in December, has listed information on 400 million Twitter users for sale. No price is specified in the listing. The data, that were allegedly scraped due to a vulnerability, include email, name,…