Reports from DoorDash indicate that the company underwent a phishing attack, exposing users data. So far data has not been used for harm.
data breach
Hacker Selling Database After Twitter Vulnerability Exposes Private Data for Millions of Users
“Restore Privacy” reports that a Twitter vulnerability exposed the private data of millions of users. Now the information may be for sale.
Civil Liberties Group Warns of Global Privacy Breach, Google Largest Offender
A civil liberties group warns of a global privacy breach that auctions personal user data. Google is one of the largest offenders.
Okta Claims ‘No Corrective Actions’ Needed After Security Breach
As details emerge of the recent Okta security breach, customers wonder what the security firm isn’t telling them.
Nvidia Confirms Data Breach From Ransomware Attack
Nvidia has confirmed that data was stolen in a data breach that occurred last week. The hackers claim to have stolen 1 terabyte in files.
GiveSendGo Data Breach Affects Donors of 'Freedom Convoy'
Attackers have breached the systems of GiveSendGo, a Christian fundraising platform. People who donated to the Freedom Convoy in Canada.
Security Friday: This Week in (Sad) Data Breaches – TMO Daily Observations 2022-01-21
Andrew Orr joins host Kelly Guimont to discuss a Safari data leak, encrypted messaging, and as always, a new data breach.
Red Cross Data Breach Affects 515,000 Vulnerable People
A contractor for The International Committee of the Red Cross (ICRC) suffered a data breach, as revealed on Wednesday.
TransCredit Data Leak Over 800,000 Records of Credit Reports
Jeremiah Fowler together with the Website Planet research team found an unsecured Transcredit data leak of 822,789 records.
T-Mobile Data Breach Leaves Customers Vulnerable to SIM Swapping
T-Mobile has had another data breach, although a report suggests this one is less severe than the one in August. Only a small set of customers have been affected, but they could be vulnerable to a SIM swapping attack.
This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.
Security Friday: Smarthome Security, Breaches, and Grand Theft AirTag – TMO Daily Observations 2021-12-03
Andrew Orr joins host Kelly Guimont to discuss Security Friday news and introduce a rating system for how worried to be about certain stories.
Planned Parenthood Hack Leaked Data for 400,000 Patients
In October, a Planned Parenthood facility in Los Angeles suffered a data breach. It affected about 400,000 patients.
Letters from PPLA to affected patients warned that “we identified files that contained your name and one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.”
GoDaddy Breach Leaks 1.2 Million Email Addresses of WordPress Customers
On Monday, web hosting company GoDaddy revealed that it suffered a data breach that was discovered on September 6. It happened by way of a compromised password.
email addresses of up to 1.2 million active and inactive Managed WordPress customers had been exposed in an unauthorized third-party access.
Security Friday: Chip Flaws and Data Breaches – TMO Daily Observations 2021-11-19
Andrew Orr and host Kelly Guimont discuss the abundance of security news this week including some hardware issues and This Week in Data Breaches.
Data Breach of California Pizza Kitchen Leaks 100,000 Social Security Numbers
TechCrunch reports that California Pizza Kitchen suffered a data breach in September. The SSNs of over 100,000 employees were leaked as a result.
While CPK didn’t confirm how many people are impacted by the breach, a notification from the Maine attorney general’s office reported a total of 103,767 current and former employees — including eight Maine residents — are affected. CPK employed around 14,000 people as of 2017, suggesting the bulk of those affected are former employees.
Security Friday: News and Precise Locations – TMO Daily Observations 2021-11-12
Andrew Orr and Jeff Butts join host Kelly Guimont to discuss security news, This Week in Data Breaches, and new uses for Precise Location data.
Robinhood Data Breach Leaked Email Addresses From Social Engineering
Robinhood suffered a data breach recently through a social engineering attack on a customer support agent.
At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people.
Security Friday: Good News and Gift Ideas – TMO Daily Observations 2021-11-05
Andrew Orr joins host Kelly Guimont to discuss some good Security Friday news, an update on previous news, and a gift idea for everyone.
Phlebotomy Training Specialists Exposes Student Data in Breach
Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach from Phlebotomy Training Specialists.
Unfortunately, the company was storing the complete records of 10,000s of students nationwide on a single, open cloud account. In this case, Phlebotomy Training Specialists was using an Amazon Web Services (AWS) S3 bucket to store data it collected from students, staff members, and people applying to its courses. S3 buckets are an increasingly popular enterprise cloud storage solution. However, users must set up their security protocols manually to protect the data stored therein.
Security Friday: Bug Bounties, Updates, and Tools for "Good Guys" – TMO Daily Observations 2021-10-29
Andrew Orr joins host Kelly Guimont to discuss Security Friday news and updates including who can get into your phone now, and a massive bug bounty.
Dental Data Breach Affects 125,000 Patients in 10 States
North American Dental Management suffered a data breach between March 31 and April 1, 2021. It happened as the result of phishing. This group provides administrative and technical support services for Professional Dental Alliance (PDA) offices.
PDA said that it had not found any evidence of any actual misuse of personal information and that its investigation of the matter indicates that the attack was limited to email credential harvesting.
The threat actor did not access PDA’s patient electronic dental record or dental images; however, the Alliance found that some sensitive personal information may have been present in the compromised email accounts.
The breach was reported to the DHS’s Office for Civil Rights, impacting 125,760 patients in Connecticut, Florida, Georgia, Illinois, Indiana, Massachusetts, Michigan, New York, Texas and Tennessee.
Security Friday: News, Shenanigans, and Encrypted Backups – TMO Daily Observations 2021-10-15
Andrew Orr joins host Kelly Guimont to discuss Security Friday news, including This Week In Data Breaches and willful misunderstanding of “hacking.”
SMS Routing Company 'Syniverse' Admits it was Hacked in 2016
Syniverse provides backbone services to wireless carriers like AT&T, Verizon, T-Mobile, and several other carriers. It discovered the breach in May 2021 but it began in May of 2016.
Syniverse repeatedly declined to answer specific questions from Motherboard about the scale of the breach and what specific data was affected, but according to a person who works at a telephone carrier, whoever hacked Syniverse could have had access to metadata such as length and cost, caller and receiver’s numbers, the location of the parties in the call, as well as the content of SMS text messages.
Health Apps Must Warn Users of Data Breaches, Says FTC
The Federal Trade Commission issued a policy statement on Thursday. It says that health apps and wearable companies must warn their users of data breaches or face fines.
In a policy statement adopted during an open meeting, the Commission noted that health apps, which can track everything from glucose levels for those with diabetes to heart health to fertility to sleep, increasingly collect sensitive and personal data from consumers These apps have a responsibility to ensure they secure the data they collect, which includes preventing unauthorized access to such information.
Excellent news. Now they should make sure the fines are high enough to deter repeat offenders (cough T-Mobile).