![]() ![]() ![]() The exposed information could lead to scam, fraud, and other types of impersonation attempts.Īn unprotected database, containing 900 million Whisper posts, and all the metadata related to those posts, was found online earlier in March.Ī “secret-sharing” app, Whisper, who called itself the “safest place on the Internet,” exposed PII, including, intimate confessions, ages, locations and other details, and allowed anyone to access all of the information tied to anonymous “whispers” posted to the app. ![]() However, the records contained PII, such as real names, site usernames, gender, location as well as phone numbers for 172 million users. The database was allegedly not particularly valuable in terms of “hacking potential” since it contained no passwords of payment information. A hacker then claimed to have breached Weibo in mid-2019 and obtained a database that allegedly contained the details of 538 million users and was selling the data for $250 on the dark web. In March, news broke that the personal details of more than 538 million users of Chinese social network Weibo were available for sale online. The records contained user emails in plain text, references to reports and other internal documents, IP Addresses, ports, pathways, and storage information. No evidence was found of unauthorized use of the data.įowler told Forbes that the entire database was accessible to anyone with an internet connection, so anyone could have potentially had access or stolen the data while it was unprotected. In a statement, the company noted that the database was from an “education platform,” which did not contain consumer data. On January 30, security researcher Jeremiah Fowler discovered a database online that contained what he says was "a massive amount of records." The database belonged to cosmetics giant Estée Lauder and contained a total of 440,336,852 records. Most of these records contained caller name (full name, business name, or a generic name such as “wireless caller”), caller phone number, a name or identifier for the voice mailbox (for example, a first name or general label, such as “clinical staff” or “appointments”), and internal identifiers. More than 2 million voicemail records were included in that subset of data, 200,000 of which had been transcribed. One database included transcriptions of hundreds of thousands of voicemails, many involving sensitive information such as details about medical prescriptions and financial loans. Security researcher Bob Diachenko discovered an exposed cluster of databases belonging to the Voice over IP (VoIP) telecommunications vendor Broadvoice that contained the records of more than 350 million customers.ĭiachenko uncovered the database information on October 1 and found it included caller names, phone numbers, and locations, among other data. The incident exposed extensive personal information including names and usernames, email and IP addresses, genders, general geographic location, birth dates and passwords stored as bcrypt hashes. The data was initially sold in private sales of over $100,000, and then published on a public hacking forum where it was broadly shared for free, according to BleepingComputer. In June 2020, the user-generated stories website Wattpad suffered a huge data breach that exposed almost 268.745.495 million records. ![]() Bob Diachenko, security researcher, alerted Microsoft to the exposed database. Microsoft’s investigation found no “malicious use and most customers did not have personally identifiable information (PII) exposed. The misconfiguration was specific to an internal database used for support case analytics, Microsoft says, and did not represent an exposure to its commercial cloud services. In a blog post, the company said a change made to the database’s network security group on Decemcontained misconfigured security rules that enabled exposure of the data.Īccording to ZDNet, the servers contained 250 million entries, with information such as email addresses, IP addresses, and support case details.Įngineers remediated the configuration on Decemto restrict the database and prevent unauthorized access. On January 22, Microsoft disclosed a data breach that took place December 2019. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |