In less than a month’s time, the “Unistellar” hacking group has reportedly accessed over 12,000 unsecured MongoDB databases and stolen their contents, apparently holding them for ransom. Security researcher Sanyam Jain initially discovered the wiped databases late last month using the BinaryEdge scanning service, according to a BleepingComputer report last Friday. The 12,564 sabotaged databases…
An unauthorized party accessed Stack Overflow’s production systems earlier this month and executed privileged web requests that exposed information on roughly 250 public network users, the Q&A website for programmers announced last Friday. Stack Overflow Vice President of Engineering Mary Ferguson said in a May 17 blog post that the intruder exploited a bug in…
Hackers accessed President Trump’s U.S. Golf Association account and added four fake golf scores for games allegedly played at two courses. After being alerted to media reports, “as we dug into the data it appears someone has erroneously posted a number of scores on behalf of the GHIN user,” Golfweek cited Craig Annis, the managing…
The recent mistaken exposure of the information of 8 million people due to an open Elasticsearch database exposed the danger not only of cloud storage security, but the importance of individuals keeping their personal information close to the vest. Security researcher Sanyam Jain came across a database belonging to Ifficient, a company that gathered leads…
New Jersey last week officially passed Bill S-52, which amends its previous data breach notification law. Governor Phil Murphy signed the bipartisan legislation into law on May 10, after the bill sailed through the state’s General Assembly and Senate last February. The new law expands the definition of what constitutes personal information that, if exposed in…
Boost Mobile was hit with a breach which affected an unknown number of customer accounts. “Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code,” the company said in a notification. “The Boost Mobile fraud team discovered the incident and was able…
Hackers stole data, including partial credit card numbers, on 460,000 Uniqlo Japan online customers in an incident that took place between April 23 and May 10. “We deeply apologize to our customers and pledge to prevent this from happening again,” according to a statement from Fast Retailing Co., the parent of Uniqlo and GU Japan, which…
McAfee, Symantec and Trend Micro are reportedly the anti-virus companies whose source code the cybercriminal group Fxmsp claims to have stolen. Comments issued by the vendors minimized the threat, although Trend Micro did confirm that a breach had occurred. Last week cybersecurity firm Advanced Intelligence (AdvIntel) reported in a company blog post that Fxmsp was…
In Equifax’s latest Security and Exchange Commission filing the company is estimating it has spent about $1.4 billion recovering from its 2017 data breach that exposed the PII of 148 million customers, according to a published report. This includes a $690 million charge made during the first quarter of 2019 related to outstanding litigation and…
A high-profile hacking collective claims it compromised the networks of four premiere U.S. anti-virus vendors, and is offering to sell their stolen source code for $300,000, according to researchers. The cybercriminal group, called Fxmsp, is known for breaching corporate and government networks, then selling their digital assets via a network of proxy resellers, according to…
