Zack Whittaker reports: Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But a bug allowed…
Florida girl, 18, faces 16-year jail for hacking ‘homecoming queen’ contest with mom’s help
There’s an update on a hacking case first reported in March. Unlike high school students who hack to change grades, Emily Grover and her mother stand accused of hacking to rig the homecoming queen election in her favor. Now it appears that she will be charged as an adult to face multiple felony charges.
Worldwide phishing attacks deliver three new malware strains
Sergiu Gatlan reports: A global-scale phishing campaign targeted worldwide organizations across an extensive array of industries with never-before-seen malware strains delivered via specially-tailored lures. The attacks hit at least 50 orgs from a wide variety of industries in two waves, on December 2nd and between December 11th and 18th, according to a Mandiant report published today. UNC2529,…
Circuit Split No More: 2nd Circuit Clarifies Article III Standing in Data Breach Cases
Lissette C. Payne of Bradley writes: While more states push forward on new privacy legislation statutorily granting consumers the right to litigate control of their personal information, federal courts continue to ponder how data breach injury fits traditional standing requirements. Previous to McMorris v. Carlos Lopez, McMorris v. Carlos Lopez & Assocs., LLC, many have argued there was a circuit split…
Ca: Boutin transport company victim of a cyber attack
Groupe Boutin Inc. is a firm in Quebec providing logistics, transportation, and warehousing services, as well as private fleets. Sam Harper reports that the firm called in a security specialist after detecting a problem and receiving a ransom demand. According to the company’s statement (translation): The customer and employee portals, accessible from their website, are…
4,700 Amazon employees had unauthorized access to private seller data
Tim De Chant reports: Thousands of Amazon employees, including those who developed private-label goods for the e-commerce giant, enjoyed years of access to sensitive third-party seller data, according to a new report. An internal audit in 2015 traced the issue to lax security protocols, including the use of a tool called “spoofer access,” which allowed…