Phil Muncaster reports: A leading European hotel booking platform has leaked over 1TB of data on customers, clients and partners thanks to an unsecured Elasticsearch database, exposing them to account takeover, identity theft and financial fraud. The database reportedly belongs to French B2B hotel booking firm Gekko Group, a subsidiary of Europe’s largest hotel group,…
Personal And Social Information Of 1.2 Billion People Discovered In Massive Data Leak, But Who’s Responsible??
Over on DataViper.io, Vinny Troia reports that he and Bob Diachenko found a massive data leak that appears to implicate two data enrichment firms: People Data Labs (PDL), and OxyData.io. But “implicate” is not the same thing as being able to actually attribute ownership of the elasticsearch server that was open at 35.199.58.125, and both…
Lithuanian national, extradited from Ukraine, charged with unauthorized computer intrusion, other crimes
A criminal complaint was unsealed today in federal court in Brooklyn charging Lithuanian national Vytautas Parfionovas with computer intrusion, securities fraud, money laundering, bank fraud and wire fraud, among other offenses. The charged crimes stem from a variety of criminal conduct between 2011 and 2018 in which Parfionovas gained access to U.S.-based computers, including email…
Yet another city reports a Click2Gov breach
Another city has reported a breach involving Click2Gov software by CentralSquare Technologies. WTVY reports Dothan, Alabama has joined more than four dozen other cities using Click2Gov that have experienced breaches involving payment card data of residents using online payment portals: “It has come to the City of Dothan’s attention that CentralSquare, the third-party processor of…
Port Neches-Groves ISD recovered access to files — but only after paying ransom
There’s an update to the ransomware attack on Port Neches-Groves ISD in Texas, previously noted on this site on November 12. Raegan Gibson reports that as of Monday, November 18, the district had regained access to its files — but it involved paying ransom, most of which was covered by the district’s insurance: The attackers…
MA: Chicopee school computers, servers hit by Ransomware
Ryan Trowbridge, Sarah Guernelli, and Andrew Masse report that Chicopee Public Schools in Massachusetts was hit with a ransomware attack — specifically, Ryuk ransomware. The attacker(s) have demanded $300,000, but the district says they are not paying it and have been working to deal with the situation since Monday morning. Read more on Western Mass…