Congressional Republicans say Equifax breach was "entirely preventable," blames "aggressive growth strategy" but reject measures to prevent future breaches

Equifax doxed 145 million Americans, dumping their most sensitive financial data into the world forever, with repercussions that will be felt for decades to come. Read the rest

Not just breaches: Never, ever use Quora

Long before Quora admitted to being breached and losing 100,000,000 million users' account data, it had disqualified itself from being used, by dint of its impulse to hoard knowledge and the likelihood that its limping business model would cause it to imminently implode. Read the rest

Facebook blames malicious browser plugins for leak of 81,000 users' private messages and offer of account data for 120,000,000 users

A user called FBSaler is offering personal data for Facebook users at $0.10 each, claiming to have account data from 120,000,000 users to offer; to prove that they have the goods, they've dumped the private messages sent by 81,000 Facebook users; and account data from 176,000. Read the rest

Cathay Pacific leaks 9.4 million travelers' passport numbers and other data

Cathay Pacific started investigating a potential breach in March; by May they'd learned of breaches to a system with 9.4 million travelers' data on it, then for some reason they didn't tell anyone about it, until now: "The following personal data was accessed: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks and historical travel information." They are sorry if you are upset: "We are very sorry for any concern this data security event may cause our passengers." Read the rest

A detailed anatomy of the hack that compromised Facebook's 50 million user breach

Yesterday, at least 90,000,000 Facebook users were forced to log back into the service without any explanation; later, the company revealed that at least 50,000,000 of them had been hacked, but wouldn't say how. Read the rest

Facebook's spam filter blocked the most popular articles about its 50m user breach

When news broke yesterday that Facebook had suffered a breach affecting at least 50,000,000 users, Facebook users (understandably) began to widely share links to articles about the breach. Read the rest

Firefox Monitor: get alerts if your data shows up in a breach

Firefox Monitor is a new service from Mozilla that draws on data from Have I Been Pwned? (previously) to keep you informed when your data is breached and shows up online. The service also includes important advice, including "Treat security questions like extra passwords" by creating "long, random answers." It's good advice: certainly, it's easier to put into practice than convincing your mother to travel back in time and change her "maiden name." Read the rest

Report: someone is already selling user data from defunct Canadian retailer's auctioned-off servers

When Vancouver tech retailer NCIX went bankrupt, it stopped paying its bills, including the bills for the storage where its servers were being kept; that led to the servers being auctioned off without being wiped first, containing sensitive data -- addresses, phone numbers, credit card numbers, passwords, etc -- for thousands of customers. Also on the servers: tax and payroll information for the company's employees. Read the rest

Defunct Vancouver tech retailer's servers sold off, containing credit cards and other customer details

Jesse writes, "Vancouver tech retailer NCIX was driven into the ground last year (much to the morbid fascination of local techies). Now their fetid corpse is in the news again, after their SQL servers were sold for $1500 at auction without being wiped, containing the personal data – including credit card details – of thousands of customers." Read the rest

It's been a year since Equifax doxed America and nothing's changed

Last year Equifax sheepishly admitted that it had breached hundreds of millions of Americans', Britons' and Canadians' private financial data and then suppressed the news (subsequent months revealed that the company had suffered multiple breaches, so many it didn't know what it had lost and wasn't looking very hard). Read the rest

Porn blackmailers supercharge their scam with password dumps, make bank

The porn extortion scam works like this: you get an email from a stranger claiming that he hacked your computer and recorded video of you masturbating to pornography, which he'll release unless you send him some cryptocurrency. Read the rest

Eight months ago, Panera Bread was warned that they were leaking up to 7 million customers' data. They fixed it yesterday. Kinda.

On August 2, 2017, security researcher Dylan Houlihan contacted Panera Bread to warn them that their customer loyalty website had a serious defect that allowed attackers to retrieve the names, email and physical addresses, birthdays and last-four of the credit cards for up to seven million customers. Read the rest

Fedex bought a company that stored 119,000 pieces of scanned customer IDs in a public Amazon cloud server, shut the company down, left the scans online for anyone to download

Fedex acquired a company called Bongo International in 2014; Bongo specialized in helping North American companies sell overseas and after the acquisition, Fedex renamed the company FedEx Cross-Border International. Read the rest

Leaked Equifax documents provided to US Senate reveal that they dumped all our drivers' licenses, too, but Equifax says it's OK, so...

A leaked set of disclosures made by Equifax to the US Senate have revealed that the breach of 145.5 million Americans' sensitive financial data was even worse than suspected to date: in addition to data like full legal names, dates of birth, Social Security Numbers, and home addresses, it appears that Equifax also breached drivers' license numbers and issue-dates. Read the rest

Thanks to "consent" buried deep in sales agreements, car manufacturers are tracking tens of millions of US cars

Millions of new cars sold in the US and Europe are "connected," having some mechanism for exchanging data with their manufacturers after the cars are sold; these cars stream or batch-upload location data and other telemetry to their manufacturers, who argue that they are allowed to do virtually anything they want with this data, thanks to the "explicit consent" of the car owners -- who signed a lengthy contract at purchase time that contained a vague and misleading clause deep in its fine-print. Read the rest

Vtech covered up a leak of data on 6.3m children and their families, then tried to force us not to sue - the FTC just fined them $0.09/kid

Vtech is the Taiwanese kids' crapgadget vendor that breached sensitive data on 6.3 million children and their families, lied about it and covered it up, then added a dirty EULA to its products that made us promise not to sue them if they did it again. Read the rest

Democratic Senators propose federal breach disclosure law with 5-year prison sentences for covering up data-loss

The Data Security and Breach Notification Act (S2179) was introduced by three Senate Commerce Committee Democrats, Bill Nelson [D-FL], Richard Blumenthal [D-CT] and Tammy Baldwin [D-WI] in the wake of the revelation that Uber hid a breach involving 50,000,000 riders and 7,000,000 drivers for over a year after paying hush-money to the criminals who stole the data. Read the rest

More posts