“I think absurd is exactly the right word,” said Saudi Prince Faisal Read the rest

An unsecured facial recognition database that contained info on thousands of children from 20 schools in China, half of which are located in historically ethnic Tibetan areas, has been found online. Read the rest

Dear Boing Boing readers --

Around 11:30 EST on January 10th, An unknown party logged into Boing Boing's CMS using the credentials of a member of the Boing Boing team. Read the rest

In a decision released late Tuesday night, a federal judge ruled that up to 29 million Facebook users whose personal info was stolen in a September 2018 data breach are not entitled to sue Facebook as a group for damages -- but the users may be entitled to demand better personal data security at Facebook. Read the rest

Cellular phone provider T-Mobile on Monday is confirming earlier reports of a data breach, and says the breach affected over a million of its customers. Read the rest

T-Mobile today admitted that a recent "criminal hack" accessed personal data of some prepaid wireless customers' accounts. Read the rest

A number of malicious websites that were recently reported to have been secretly hacking into iPhones over a two-year period were in fact targeting Uyghur Muslims, Zack Whittaker of TechCrunch reports today. Read the rest

Hackers have breached Perceptics, which sells border security technology and license plate reader systems and the like to governments and other entities. The U.S. government uses their readers, including along the US-Mexico border. Read the rest

That massive Equifax data breach on September 7, 2017, shocked everyone, but a year and a half later, where the data of all those 143 million Equifax users ended up is still a mystery. Read the rest

Hackers have published a big dump of private data related to German Chancellor Angela Merkel and hundreds of other of the country's politicians, in what is said to be the biggest data dump of its kind ever in Germany. Read the rest

The question-and-answer sharing website Quora says about 100 million users were affected by a hack blamed on a “malicious third party.” Read the rest

Dell released a statement on Wednesday that says the computer giant reset passwords for all accounts on the Dell.com online electronics store on Nov. 14.

That was a full 5 days after they discovered and reportedly thwarted hackers who were trying to steal customer data. Read the rest

Facebook says an attack on its network left the personal information of some 50 million users—perhaps you?—exposed to hackers. Who were the hackers, and what did they want? Facebook doesn't know, or won't say. But the company has confirmed that execs Mark Zuckerberg and Sheryl Sanders were among the users affected.

“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Zuckerberg said about Facebook's Cambridge Analytica scandal earlier this year.

Well. You heard the man. Read the rest

Reddit announced to users that the site had a "security incident."

"On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers. Already having our primary access points for code and infrastructure behind strong authentication requiring two-factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA."

Data accessed includes all Reddit data through 2007, including account credentials and email addresses, along with source code and employee workspace files.

We had a security incident. Here's what you need to know. [Reddit] Read the rest

Ticketmaster UK today admitted that an unknown number of customers' data may have been stolen in a malware attack. Read the rest

A university, mercifully left unnamed, blew off complaints from students about its slow network. When the problem became too bad to ignore, their IT team found the culprit thanks to a "sudden big interest in seafood-related domains."

The firewall analysis identified over 5,000 discrete systems making hundreds of DNS lookups every 15 minutes. Of these, nearly all systems were found to be living on the segment of the network dedicated to our IoT infrastructure. With a massive campus to monitor and manage, everything from light bulbs to vending machines had been connected to the network for ease of management and improved efficiencies. While these IoT systems were supposed to be isolated from the rest of the network, it was clear that they were all configured to use DNS servers in a different subnet. ... botnet spread from device to device by brute forcing default and weak passwords. Once the password was known, the malware had full control of the device and would check in with command infrastructure for updates and change the device’s password – locking us out of the 5,000 systems.

The Internet of Hacked Things strikes again! I'm sure some content filtering and updating passwords will do the trick. Read the rest