An unknown number of online gamblers lost more than a few bucks when several unnamed online casinos left an Elasticsearch database open exposing the details of 108 million bets. Justin Paine, director of trust and safety at Cloudflare, posted the finding on his Twitter page, noting that these instances are now so common that he…
While the Collection 1 data dump – a whopping 773 million unique emails – dazzled with its size, it also underscored the need to shift away from reliance on passwords and renewed calls for investments in more up-to-date and reliable security. “The sheer size and almost certain impacts of “Collection 1” are historic, but unfortunately…
Communications provider Voipo left a customer database exposed revealing tens of gigabytes worth of customer data including personally identifiable information. Independent researcher Justin Paine discovered the improperly secured ElasticSearch database belonging to the voice-over-internet provider firm which containing nearly seven million call logs, six million SMS/MMS message logs, and plaintext internal system credentials including unencrypted…
The large collection of files on the MEGA cloud service that exposed nearly 773 million unique emails and 21 million unique passwords and was posted on a hacking forum, came from a number of breaches and sources, according to security researcher Troy Hunt, who dubbed the breach “Collection 1.” Hunt, who cleaned up the data and…
An unsecured storage server belonging to the Oklahoma Department of Securities exposed millions of files, containing personal data, systems credentials and internal commission documents as well as communications meant for the Oklahoma Securities Commission. The server, discovered by the UpGuard Data Breach Research team, has since been secured, the researchers said in a blog post.…
A data breach of an third-party online payment system has compromised the personal information of Hanover County, Virginia, residents. In an official online notification, county officials have disclosed that an unauthorized party stole credit card information processed by the Click2Gov payment portal between Aug. 1, 2018 and Jan. 9, 2019. Exposed information includes customer names,…
Amazon’s Ring devices reportedly granted the company’s Ukraine-based research and development team as well as U.S. executives and engineers virtually unfettered round the clock access to live feeds from some customer’s cameras, claims which Ring denies. The workers, regardless of whether they needed the information or not, allegedly had access to a folder on Amazon’s…
A pair of recent cyberattacks against kitchen product companies may bring forth visions of microwave ovens being set to expel X-rays or Wi-Fi enabled refrigerators being hacked and set to 100 degrees, but instead, in each case, the result was a data breach. OXO International, a maker of kitchen utensils, and Discountmugs.com, which sells a variety of…
A group email recently sent by DePaul University reportedly exposed the names and email addresses of 656 employees who had completed the school’s wellness program. According to Crain’s Chicago Business, the Chicago-based private university sent congratulatory emails to faculty members last Dec. 14, but neglected to use the “blind copy” feature. Consequently, recipients’ names and…
Neiman Marcus settled a class action lawsuit for $1.5 million that was brought after the department store suffered a data breach in 2014. The settlement was reached with the attorney generals in 43 states and the District of Columbia where the victims resided. The point-of-sale breach took place in 2013, but was not noticed by…
