breaches
Latest
Sega left one of its European servers wide open
A misconfigured Amazon Web Services S3 bucket contained sensitive information which allowed researchers to arbitrarily upload files to Sega-owned domains and abuse a 250,000-user email list.
India’s privacy ruling could disrupt its biometric society
A landmark judgement has ruled that Indian citizens have a fundamental right to privacy, despite the country's vast biometric identification scheme. In a case bought forward by opponents of the government's Aadhaar biometric program, Chief Justice J.S Khehar said privacy was "protected as an intrinsic part of Article 21 that protects life and liberty". The unanimous verdict from the nine-judge bench overturns two previous rulings by the Supreme Court which said privacy was not a fundamental right.
Two-thirds of Americans are doing nothing to protect their privacy
Americans are still not getting the message about protecting their personal info, despite recent epic data breaches. Consumer Reports said that one in seven US residents, or about 45 million people, received some kind of notice that their personal data was compromised. Those stats reflect a lot of corporate negligence, but individuals aren't innocent, either. About 11 million people fell for email phishing scams and 29 percent had their PCs infected by malware. And despite frequent media reports about such attacks, 62 percent of us have done virtually nothing to toughen our security. Most problems can be avoided by taking a few small actions: using difficult-to-guess passwords and not re-using them, avoiding websites of dubious origin, not posting private info on social networks and not clicking on unknown email attachments, for starters. Finally, if you hear that a site like eBay has been breached and you have an account, change your password.
AT&T breach reveals 114,000 iPad owners' email addresses, including some elite customers
Uh oh. According to Valleywag, an AT&T security breach led to the exposure of 114,000 email addresses (and associated SIM / ICC identifiers) belonging to Apple iPad owners. A group of hackers calling themselves Goatse Security (be careful looking that one up) figured out a number of ICC-IDs and ran a script on AT&T's site through a faked iPad UserAgent, which would then return the associated addresses. Some of those affected were actually quite big names, including the CEOs of The New York Times and Time Inc., some higher-ups at Google and Microsoft, and even a number of employees from NASA, FAA, FCC, and the US military. For its part, AT&T tells AllThingsD that it was informed of the issue on Monday, that only the addresses and associated ICC-IDs were revealed, and that by Tuesday the "feature" that allowed addresses to be seen had been turned off. And as Security Watch's Larry Seltzer cautions in a statement to PC Mag, the impact of this breach -- just email addresses -- is probably somewhat exaggerated. Still, regardless of the magnitude, this can't be making AT&T's day at all bright, and you best believe a number of folks in Cupertino have fire in their eyes over this bad press. [Thanks to everyone who sent this in]
