The Canadian Press reports: The RCMP says a Canadian-based company that peddled an illicit trove of 1.5 billion user names and associated passwords has pleaded guilty to criminal charges. In a news release, the Mounties say Defiant Tech Inc. admitted in court Friday to trafficking in identity information and possession of property obtained by crime…
Over 12,000 MongoDB Databases Deleted by Unistellar Attackers
Sergiu Gatlan reports: Over 12,000 unsecured MongoDB databases have been deleted over the past three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored. Although not on this scale, these types of attacks targeting publicly accessible MongoDB databases have happened since at least early-2017 [1, 2,…
The Total Registration incident– Comments from the K-12 Cybersecurity Resource Center
Doug Levin has a write-up on the Total Registration data security incident first reported by this site. Doug raises a number of important issues and comments, and I hope his commentary gets wider coverage and discussion. I’m still mulling over the fact that a few of the school districts that this site attempted to notify…
Lithuanian watchdog issues first GDPR fine
Sam Clark reports: Lithuania’s data protection authority has fined a payments processing company for breaching three provisions of the GDPR. The State Data Protection Inspectorate has levied a €61,500 fine against fintech company MisterTango for inappropriate data processing, disclosing personal data and failing to report a breach, it said today. The authority said that the…
Oregon Construction Contractors Board reports data breach
KTVZ reports: The Oregon Construction Contractors Board said Friday it has discovered a security breach involving 8,013 online contractor accounts. Unauthorized individuals gained access to some contractors’ usernames and related password information. The incident occurred between Oct. 27 and Oct. 29, 2018, and was discovered on April 12, 2019, during a routine audit conducted by…
After breach, Stack Overflow says some user data exposed
Zack Whittaker reports: After disclosing a breach earlier this week, Stack Overflow has confirmed some user data was accessed. In case you missed it, the developer knowledge sharing site confirmed Thursday a breach of its systems last weekend, resulting in unauthorized access to production systems — the front-facing servers that actively power the site. The…