Cyber breaches abound in 2019

Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/

News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.

Is this a harbinger of a worse hacking landscape in 2019?

The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also  data-driven businesses simultaneously move into the “target zone” of cyber attacks.

On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.

Here are links to some articles that can hopefully help you to handle your cyber security better:

Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/

Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/

266 Comments

  1. Tomi Engdahl says:

    Russia’s Secret Intelligence Agency Hacked: ‘Largest Data Breach In Its History’
    https://www.forbes.com/sites/zakdoffman/2019/07/20/russian-intelligence-has-been-hacked-with-social-media-and-tor-projects-exposed/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269

    Red faces in Moscow this weekend, with the news that hackers have successfully targeted FSB—Russia’s Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world. The data was passed to mainstream media outlets for publishing.

    Reply
  2. Tomi Engdahl says:

    Russian FSB Intel Agency Contractor Hacked, Secret Projects Exposed
    https://www.bleepingcomputer.com/news/security/russian-fsb-intel-agency-contractor-hacked-secret-projects-exposed/

    A contractor for the Russian Federal Security Service (FSB) has been hacked and secret projects that were being developed for the intelligence agency were leaked to Russian Media.

    In addition, BBC Russia reports that the hackers stole 7.5TB of data from the contractor’s network. This data includes information about numerous non-public projects that were being developed by Sytech on behalf of the Russian government and its intelligence agency.

    Reply
  3. Tomi Engdahl says:

    The latest example of exposed corporate passwords found in public GitHub repositories seems to be security company and SSL certificate issuer Comodo.

    “Seeing as they’re a security company and give out SSL certificates, you’d think that the security of their own environment would come first above all else,”

    https://techcrunch.com/2019/07/27/comodo-password-access-data/

    Reply
  4. Tomi Engdahl says:

    Capital One Data Breach Hits 100 Million; Ex-Amazon Worker Is Charged as Hacker

    The breach at Capital One, which led to charges against a software engineer in Seattle, was one of the largest-ever thefts of bank data.
    The breach at Capital One, which led to charges against a software engineer in Seattle, was one of the largest-ever thefts of bank data.

    A software engineer in Seattle hacked into a server holding customer information for Capital One and obtained the personal data of over 100 million people, federal prosecutors said on Monday, in one of the largest thefts of data from a bank.

    The suspect, Paige Thompson, 33, left a trail online for investigators to follow as she boasted about the hacking, according to court documents in Seattle, where she was arrested and charged with one count of computer fraud and abuse.

    Ms. Thompson, who formerly worked for Amazon Web Services, which hosted the Capital One database that was breached,

    The F.B.I. noticed her activity on Meetup and used it to trace her other online activities, eventually linking her to posts describing the data theft on Twitter and the Slack messaging service.

    https://www.nytimes.com/2019/07/29/business/capital-one-data-breach-hacked.html

    Reply
  5. Tomi Engdahl says:

    Capital One data breach: 1 arrested, tens of millions of customers affected
    https://6abc.com/finance/capital-one-data-breach-1-arrested-tens-of-millions-of-customers-affected-/5428546/

    hacker gained access to personal information from more than 100 million Capitol One credit applications, the bank said Monday as federal authorities arrested a suspect

    The hacker got information, including credit scores and balances, plus the Social Security numbers of about 140,000 customers, the bank said. It will offer free credit monitoring services to those affected.

    Capital One, based in McLean, Virginia, said Monday it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator.

    According to the FBI complaint, someone emailed the bank two days before that notifying it that leaked data had appeared on the code-hosting site GitHub

    Capital One said it believes it is unlikely that the information was used for fraud, but it will continue to investigate. The data breach affected about 100 million people in the U.S. and 6 million in Canada.

    Reply
  6. Tomi Engdahl says:

    LAPD Police Officers’ Personal Information Stolen in Data Breach
    https://www.nbclosangeles.com/investigations/LAPD-Police-Officers-Personal-Information-Stolen-Data-Breach-513340401.html

    A suspected hacker claimed he or she had stolen the personal information of about 2,500 LAPD officers, trainees, and recruits, along with approximately 17,500 police officer applicants, in what may be a large breach of data held by the city of Los Angeles’ Personnel Department.

    The city’s Information Technology Agency said it was contacted last week by someone who claimed to have accessed and downloaded the data, and the person offered some example files

    The LAPD told officers in the message they should monitor their personal financial accounts, get copies of their credit reports, and file a complaint with the Federal Trade Commission.

    Reply
  7. Tomi Engdahl says:

    Cyberattack On LAPD Confirmed: Data Breach Impacts Thousands Of Officers
    https://www.forbes.com/sites/zakdoffman/2019/07/30/lapd-cyberattack-police-department-confirms-it-has-been-hacked/#155677aa14be

    The Los Angeles Police Department has confirmed that it has been hacked, with the personal information of at least 20,000 people exposed.

    Reply
  8. Tomi Engdahl says:

    Education software maker Pearson says data breach affected thousands of accounts in the U.S.
    https://tcrn.ch/2K8sF49

    Pearson, the London-based educational software maker,said todaythat thousands of school and university accounts, mostly in the United States, were affected by a data breach.

    The Wall Street Journal reports that the data breach happened in November 2018 and Pearson was notified by the Federal Bureau of Investigation in March.

    According to Pearson, unauthorized access was gained to 13,000 school and university accounts on AIMSweb, the company’s student monitoring and assessment platform.

    Reply
  9. Tomi Engdahl says:

    CIS Countries Data Theft
    https://pentestmag.com/cis-countries-data-theft/

    Currently, there is no Personal Data protection system in CIS countries at all. The volume of illegal trade of Personally Identifiable Information is enormous.

    Nowadays, it is true that there are forums in the Russian-language segment of the Internet that are exclusively aimed at selling personal data — hacked social network accounts, passport data, mobile phone operator databases etc. I’m not talking about the so-called “Darknet” at all, it is just a fact that you can simply find it on Google not even trying to.

    Reply
  10. Tomi Engdahl says:

    A Technical Analysis of the Capital One Cloud Misconfiguration Breach
    https://www.fugue.co/blog/a-technical-analysis-of-the-capital-one-cloud-misconfiguration-breach

    This is a technical exploration of how the Capital One breach might have occurred, based on the evidence we have from the criminal complaint

    this post is to explore a combination firewall/IAM/S3 attack to illustrate some of the dangers of cloud misconfigurations that every organization on cloud should heed.

    In order to write this, I analyzed the technical details of the FBI complaint, and then formed a hypothesis of how the attack might have taken place. I then simulated the attack in my development account, so that I could provide specific details in this post.

    There were four different elements to the attack that we know about:

    Misconfigured firewall
    Gaining access to an EC2 instance
    Getting IAM role access to S3
    S3 bucket discovery and duplication.

    Reply
  11. Tomi Engdahl says:

    ILLINOIS ACCIDENTALLY PUBLISHED SOCIAL SECURITY NUMBERS OF ALL BOAT OWNERS
    https://1440wrok.com/illinois-accidentally-published-social-security-numbers-of-all-boat-owners/

    If you own a boat or a jetski in Illinois, you might want to do a quick credit check.

    The Department of Natural Resources collects Social Security information for all watercraft owners

    What is a horrible idea is accidentally publishing everyone’s personal information on a public website. Which is what they did.

    Well, at least they said that it won’t happen again.

    Reply
  12. Tomi Engdahl says:

    “No matter what transfer mechanism you use, you end up with a conflict. The U.S. laws allow espionage against EU citizens” – Max Schrems, lawyer and privacy activist

    https://www.politico.eu/article/max-schrems-facebook-europe-data-protection-privacy/

    Reply
  13. Tomi Engdahl says:

    Sites using Facebook ‘Like’ button liable for data, EU court rules
    https://www.euractiv.com/section/digital/news/sites-using-facebook-like-button-liable-for-data-eu-court-rules/

    Europe’s top court ruled Monday (30 July) that companies that embed Facebook’s “Like” button on their websites must seek users’ consent to transfer their personal data to the US social network, in line with the bloc’s data privacy laws

    According to the European Court of Justice ruling, a site that embeds the Facebook “like” icon and link on its pages also sends user data to the US web giant.

    Reply
  14. Tomi Engdahl says:

    Spanish brothel chain leaves internal database exposed online
    https://www.zdnet.com/article/spanish-brothel-chain-leaves-internal-database-exposed-online/

    “Men’s club” exposes data about escort girls, customer reviews, and club finances.

    The leaky server, found by Bob Diachenko of Security Discovery, is your typical case of a MongoDB database left connected to the internet without a password for the admin account.

    Reply
  15. Tomi Engdahl says:

    StockX confirms it was hacked (updated)
    https://www.engadget.com/2019/08/03/stockx-hacked/

    Attackers reportedly stole records from 6.8 million customers.

    Reply
  16. Tomi Engdahl says:

    Hundreds of exposed Amazon cloud backups found leaking sensitive data
    https://techcrunch.com/2019/08/09/aws-ebs-cloud-backups-leak/

    How safe are your secrets? If you used Amazon’s Elastic Block Storage, you might want to check your settings.

    You may have heard of exposed S3 buckets — those Amazon-hosted storage servers packed with customer data but often misconfigured and inadvertently set to “public” for anyone to access. But you may not have heard about exposed EBS volumes, which poses as much, if not a greater, risk.

    These elastic block storage (EBS) volumes are the “keys to the kingdom,”

    EBS volumes store all the data for cloud applications. “They have the secret keys to your applications and they have database access to your customers’ information,”

    all too often cloud admins don’t choose the correct configuration settings, leaving EBS volumes inadvertently public and unencrypted. “That means anyone on the internet can download your hard disk and boot it up, attach it to a machine they control, and then start rifling through the disk to look for any kind of secrets,”

    Morris found dozens of volumes exposed publicly in one region alone, he said, including application keys, critical user or administrative credentials, source code and more. He found several major companies, including healthcare providers and tech companies.

    He also found VPN configurations

    Reply
  17. Tomi Engdahl says:

    [https://arstechnica.com/gadgets/2019/08/microsoft-contractors-hear-phone-sex-and-more-while-reviewing-cortana-skype-audio/](https://arstechnica.com/gadgets/2019/08/microsoft-contractors-hear-phone-sex-and-more-while-reviewing-cortana-skype-audio/)

    Apparently the policies are so relaxed, that the contractor actually shared a cache of files to Motherboard.

    Reply
  18. Tomi Engdahl says:

    Zack Whittaker / TechCrunch:
    Researcher finds hundreds of exposed AWS EBS snapshots leaking sensitive customer data, like VPN configurations, passwords, and in some cases government data

    Hundreds of exposed Amazon cloud backups found leaking sensitive data
    https://techcrunch.com/2019/08/09/aws-ebs-cloud-backups-leak/

    Reply
  19. Tomi Engdahl says:

    3fun: Security glitch in threesome hook-up app reveals details of users in Downing Street and White House
    https://www.independent.co.uk/news/uk/home-news/3fun-threesome-app-downing-street-white-house-cyber-security-a9051201.html

    ‘Worst security of any dating app we’ve ever seen,’ say experts

    The app, 3fun, revealed users with locations appearing to be in No 10 in London, and the White House and the US Supreme Court in Washington DC, according to a report on cyber security firm Pen Test Partners’ website.

    Furthermore, private photographs were accessible too.

    Users of the app could restrict the app from showing their locations, but according to Pen Test Partners, the data was only filtered on the mobile app itself, not on the servers containing the data, which their experts were able to query to reveal location information.

    Reply
  20. Tomi Engdahl says:

    Report: Data Breach in Biometric Security Platform Affecting Millions of Users
    https://www.vpnmentor.com/blog/report-biostar2-leak/

    Led by internet privacy researchers Noam Rotem and Ran Locar, vpnMentor’s team recently discovered a huge data breach in security platform Biostar 2.

    Biostar 2 is a web-based biometric security smart lock platform. A centralized application, it allows admins to control access to secure areas of facilities, manage user permissions, integrate with 3rd party security apps, and record activity logs.

    The app is built by Suprema, one of the world’s top 50 security manufacturers, with the highest market share in biometric access control in the EMEA region.

    Suprema recently partnered with Nedap to integrate Biostar 2 into their AEOS access control system.

    AEOS is used by over 5,700 organizations in 83 countries,

    This is a huge leak that endangers both the businesses and organizations involved, as well as their employees. Our team was able to access over 1 million fingerprint records, as well as facial recognition information. Combined with the personal details, usernames, and passwords, the potential for criminal activity and fraud is massive.

    Reply
  21. Tomi Engdahl says:

    Report: Data Breach in Biometric Security Platform Affecting Millions of Users
    https://www.vpnmentor.com/blog/report-biostar2-leak/

    a huge data breach in security platform BioStar 2.

    The data leaked in the breach is of a highly sensitive nature. It includes detailed personal information of employees and unencrypted usernames and passwords, giving hackers access to user accounts and permissions at facilities using BioStar 2.

    Our team was able to access over 1 million fingerprint records, as well as facial recognition information.

    steps were taken by the company to close the breach.

    Date discovered: 5th August 2019
    Date vendors contacted: 7th August 2019
    Date of Action: 13th August, the breach was closed

    Our team was able to access over 27.8 million records, a total of 23 gigabytes of data, which included the following information:

    Access to client admin panels, dashboards, back end controls, and permissions
    Fingerprint data
    Facial recognition information and images of users
    Unencrypted usernames, passwords, and user IDs
    Records of entry and exit to secure areas
    Employee records including start dates
    Employee security levels and clearances
    Personal details, including employee home address and emails
    Businesses’ employee structures and hierarchies
    Mobile device and OS information
    One of the more surprising aspects of this leak was how unsecured the account passwords we accessed were.

    Reply
  22. Tomi Engdahl says:

    Biostar security software ‘leaked a million fingerprints’
    https://www.bbc.co.uk/news/technology-49343774

    Researchers working with cyber-security firm VPNMentor managed to access data from a security tool called Biostar 2.

    Reply
  23. Tomi Engdahl says:

    New Data Breach Has Exposed Millions Of Fingerprint And Facial Recognition Records: Report
    http://on.forbes.com/6184E2KNr

    It has been coming for some time, but now the major breach of a biometric database has actually been reported—facial recognition records, fingerprints, log data and personal information has all been found on “a publicly accessible database.” The damage is not yet clear, but the report claims that actual fingerprints and facial recognition records for millions of people have been exposed.

    Reply
  24. Tomi Engdahl says:

    This data leak strikes at the heart of one of the big fears and criticism about biometrics: You can change your username and password with a couple of clicks. Your face and fingerprints are forever.

    https://www.technologyreview.com/f/614163/data-leak-exposes-unchangeable-biometric-data-of-over-1-million-people/?utm_medium=tr_social&utm_campaign=site_visitor.unpaid

    Reply
  25. Tomi Engdahl says:

    European Central Bank Breach: ECB Confirms Hack And Shuts Down Website
    https://www.google.com/amp/s/www.forbes.com/sites/daveywinder/2019/08/16/european-central-bank-breach-ecb-confirms-hack-and-shuts-down-website/amp/

    The European Central Bank (ECB) has confirmed that it has suffered a breach that involved attackers injecting malware and led to a potential loss of data.

    In a statement published August 15, the ECB confirmed that “unauthorized parties” had succeeded in breaching the security of its Banks’ Integrated Reporting Dictionary (BIRD) website. The site, hosted by an external provider, appears to have been attacked in December 2018, according to a Reuters report. The breach was discovered months later as routine maintenance work was being undertaken.

    “Similar to the Capital One breach earlier this summer,” Draper continued, “this further demonstrates the exposures associated with third parties outside of a company’s security team.”

    Reply
  26. Tomi Engdahl says:

    700,000 Choice Hotels records leaked in data breach, ransom demanded
    https://www.zdnet.com/article/700000-choice-hotels-records-leaked-in-data-breach/

    Researchers found the unsecured database, but hackers got there first

    700,000 records belonging to Choice Hotels have reportedly been stolen with hackers demanding payment for their return

    Reply
  27. Tomi Engdahl says:

    Zack Whittaker / TechCrunch:
    Adult website Luscious left data of 1M+ users exposed, including user email addresses, location data, the content they uploaded, liked, and shared

    An anonymous hentai porn site exposed over a million users’ emails
    https://techcrunch.com/2019/08/19/anonymous-luscious-hentai-manga-porn-security-lapse/

    A popular hentai porn site that promises anonymity to its 1.1 million users left a user database exposed without a password, allowing anyone to identify users by their email addresses.

    The exposed data also included records that connected all of a user’s activity on the site, including their username, blog posts, followers and locations. Those records also contained users’ non-public email addresses.

    The database was exposed since at least August 4, according to data from Shodan, a search engine for exposed devices and databases.

    Reply
  28. Tomi Engdahl says:

    Stop saying, ‘We take your privacy and security seriously’
    https://techcrunch.com/2019/02/17/we-take-your-privacy-and-security-seriously/

    In my years covering cybersecurity, there’s one variation of the same lie that floats above the rest. “We take your privacy and security seriously.”

    You might have heard the phrase here and there. It’s a common trope used by companies in the wake of a data breac

    The truth is, most companies don’t care about the privacy or security of your data. They care about having to explain to their customers that their data was stolen.

    About one-third of all 285 data breach notifications had some variation of the line.

    It doesn’t show that companies care about your data. It shows that they don’t know what to do next.

    Every industry has long neglected security. Most of the breaches today are the result of shoddy security over years or sometimes decades, coming back to haunt them. Nowadays, every company has to be a security company, whether it’s a bank, a toymaker or a single app developer.

    Reply
  29. Tomi Engdahl says:

    An exposed database on a MoviePass subdomain housing 161 million records was left unsecured and exposed credit card and customer card information on at least 60,000 of the ticket service’s customers.

    The database, which included expiration dates, names and addresses on some users as well as email and passwords, was discovered by SpiderSilk security researcher Mossab Hussein.

    “Because a database was left publicly accessible, reportedly for months, at least 58,000 records related to MoviePass customers are vulnerable to misuse and abuse at the hands of cybercriminals,”

    https://www.scmagazine.com/home/security-news/moviepass-database-exposes-161-million-records/

    Because “technically, this breach can be interpreted as the company giving away customer data for free” and because the exposed data included personally identifiable information and payment card details, it leaves “impacted customers vulnerable to future fraud or phishing attacks,” said Arkose Labs CEO Kevin Gosschalk.

    Reply
  30. Tomi Engdahl says:

    Via Techmeme:

    Brian Krebs / Krebs on Security:
    Sources: new data dump of 5.3M+ credit card accounts is linked to compromised gas pumps, coffee shops, and restaurants operated by Hy-Vee supermarket chain

    https://krebsonsecurity.com/2019/08/breach-at-hy-vee-supermarket-chain-tied-to-sale-of-5m-stolen-credit-debit-cards/

    Reply
  31. Tomi Engdahl says:

    Web host Hostinger says data breach may affect 14 million customers
    https://techcrunch.com/2019/08/25/web-host-hostinger-data-breach/?tpcc=ECFB2019&fbclid=IwAR3dsMh9jdJmKduioQvuLteUnOHUnuv9Rl6XN2HQ42KlWE0b46k-jGcg3Jg

    Hostinger said it has reset user passwords as a “precautionary measure” after it detected unauthorized access to a database containing information on millions of its customers.

    Reply
  32. Tomi Engdahl says:

    The latest major data breach highlights the risk of using debit cards to pay at the pump.

    Why You Should Stop Paying For Gas With Your Debit Card
    http://on.forbes.com/6180E4p1r

    Another week, another data breach. The latest happened at Hy-Vee, an Iowa-based chain of gas pumps, coffee shops and restaurants operating throughout the Midwest. 

    Consequently, about 5.3 million stolen credit and debit cards from 35 U.S. states have hit the black market. “One of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale, reported cyber security investigative blogger Brian Krebs.

    Reply
  33. Tomi Engdahl says:

    Some of Russia’s surveillance tech leaked data for more than a year
    https://www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d68837a4b188d00011b2240&utm_medium=trueAnthem&utm_source=facebook

    Security researcher finds that some of Russia’s SORM wiretapping equipment had been leaking user data.

    A Russian security researcher has found that hardware equipment meant to be used by Russian authorities to intercept internet traffic had been leaving data exposed on the internet.

    30 SORM DEVICES HAVE LEAKED SURVEILLANCE DATA
    But in a talk at the Chaos Constructions security conference last Sunday, on August 25, a Russian security researcher named Leonid Evdokimov revealed that some of these wiretapping devices have been leaking data.

    Evdokimov said he found 30 SORM devices installed on the network of 20 Russian ISPs that were running FTP servers that were not secured with a password.

    These FTP servers contained traffic logs from past law enforcement surveillance operations

    Reply
  34. Tomi Engdahl says:

    Freedom Hosting II Hacked: 10,613 .onion Sites are Down
    https://resources.infosecinstitute.com/freedom-hosting-ii-hacked-10613-onion-sites/

    A fifth of the Dark Web is down
    https://resources.infosecinstitute.com/freedom-hosting-ii-hacked-10613-onion-sites/

    The Anonymous hacktivist group hacked the popular Dark Web hosting provider Freedom Hosting II. Roughly 10,613 .onion sites leveraging on the service have taken down.

    Reply
  35. Tomi Engdahl says:

    It was sensitive data from a U.S. anti-terror program – and terrorists could have gotten to it for years, records show
    https://www.latimes.com/science/sciencenow/la-sci-biowatch-20190402-story.html?_amp=true

    The information — housed on a dot-org website run by a private contractor — has been moved behind a secure federal government firewall, and the website was shut down in May. But Homeland Security officials acknowledge they do not know whether hackers ever gained access to the data.

    Reply
  36. Tomi Engdahl says:

    https://thehackernews.com/2019/09/xkcd-forum-hacked.html?m=1

    XKCD—one of the most popular webcomic platforms known for its geeky tech humor and other science-laden comic strips on romance, sarcasm, math, and language—has suffered a data breach exposing data of its forum users.
    The security breach occurred two months ago, according to security researcher Troy Hunt

    Reply
  37. Tomi Engdahl says:

    A huge database of Facebook users’ phone numbers found online
    https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/amp/?__twitter_impression=true

    Hundreds of millions of phone numbers linked to Facebook accounts have been found online.

    The exposed server contained over 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.

    But because the server wasn’t protected with a password, anyone could find and access the database.

    Reply
  38. Tomi Engdahl says:

    Phone numbers for as many as 419 million Facebook users were reportedly found sitting online in a file where anybody could have found them
    https://www.businessinsider.com.au/phone-numbers-400-million-facebook-users-found-online-2019-9

    Phone numbers linked to over 400 million Facebook accounts were recently found on an online server that was not password-protected

    The issue, a Facebook spokesperson told Business Insider on Wednesday, stemmed from a feature, which has since been shut down, that allowed users to search for friends by their phone numbers. Third parties could have used that feature to harvest the information

    Reply
  39. Tomi Engdahl says:

    ICE FAILS TO PROPERLY REDACT DOCUMENT, REVEALS LOCATION OF FUTURE ‘URBAN WARFARE’ TRAINING FACILITY
    https://www.newsweek.com/ice-fails-redact-document-reveals-location-urban-warfare-training-facility-1458732

    Reply
  40. Tomi Engdahl says:

    Leaks: Data leaks happen with shocking regularity. Especially as companies have moved to the cloud in recent years, various misconfigurations and mistakes have left mountains of private data publicly exposed on the internet for anyone to see.

    Reply
  41. Tomi Engdahl says:

    Database leaks data on most of Ecuador’s citizens, including 6.7 million children
    https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/

    Elasticsearch server leaks personal data on Ecuador’s citizens, their family trees, and children, but also some users’ financial records and car registration information.

    Reply
  42. Tomi Engdahl says:

    Data on almost every Ecuadorean citizen leaked
    https://bbc.in/2An7l5n

    Personal data about almost every Ecuadorean citizen has been found exposed online.

    Names, financial information and civil data about 17 million people, including 6.7 million children, was found by security company vpnMentor.

    The massive cache of data was found on an unsecured Amazon cloud server almost anyone could look at.

    “The data breach involves a large amount of sensitive personally identifiable information at the individual level,” wrote Noam Rotem and Ran Locar, from vpnMentor.

    https://www.vpnmentor.com/blog/report-ecuador-leak/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*