In this bad app report we’ll be looking at one of the most popular coupon apps for Android, and how it shares private data it collects from mobile devices. This app also illustrates how privacy issues can extend beyond just the servers used by the app from using HTML5, by mishandling private data, they have…
Hackers use Amazon cloud to scrape mass number of LinkedIn member profiles
Dan Goodin reports: LinkedIn is suing a gang of hackers who used Amazon’s cloud computing service to circumvent security measures and copy data from hundreds of thousands of member profiles each day. Read more on Ars Technica.
HHS Issues Proposed Rule on HIPAA and Firearm Background Check Reporting
Rachel Grunberger and Anna Kraus write: On January 7, 2014, the Department of Health and Human Services (HHS) published a notice of proposed rulemaking to modify the HIPAA Privacy Rule to expressly allow certain disclosures to the National Instant Criminal Background Check System (NICS). As we previously reported, this was one of the executive actions…
Dentrix claims it encrypts their data, but does it?
A few weeks ago, I had no idea what Dentrix software was. Now I’ve seen it mentioned in connection with two recent breaches involving PHI (the first one was this breach, involving an older version of Dentrix). Such coincidences often get my attention. Dr. Rob Meaglia is a dentist in Rocklin, California. According to his December…
The Straight Dope forum hacked – reset your passwords
The following notice was posted on The Straight Dope on January 7: Important Message about your Straight Dope Account and Password Our security team recently discovered that the Straight Dope message board forum was targeted and hacked. This resulted in the illegal acquisition of message board users’ information, namely usernames, email addresses, and Straight Dope…
Internet Scammers Change Some Boston University Direct Deposit Accounts
Rich Barlow reports: Apparently using a common internet deception called phishing, scammers obtained log-in information allowing them to change direct deposit routing information for the paychecks of 10 BU employees in December. The employees’ monthly paychecks were then routed elsewhere. […] Shamblin says that users of suspicious internet protocol (IP) addresses gained access to the…