/ SUBMIT / SEARCH / STORE / MENU
Cory Doctorow / 10:26 am Thu, Jul 11, 2019

A prolific credit-card theft ring is scanning for unsecured "buckets" in Amazon's cloud and has compromised 17,000 domains (so far)

Magecart is the hacker gang that pulled off the British Airways and Ticketmaster credit-card heists; now they've build an Amazon cloud scanner that systematically probes S3 storage "buckets" for configuration errors that allow them to overwrite any Javascript files they find with credit-card stealing malware. Read the rest

Cory Doctorow / 11:31 am Wed, Apr 3, 2019

540 million Facebook users' data exposed by third party developers

The Mexican media company Cultura Colectiva and an app called "At the Pool" used their access to their users Facebook data to make local copies of it, then left that data exposed, in the clear, without a password, on the public internet -- 540 million records in all, stored in publicly accessible Amazon S3 buckets. Read the rest