Database
Latest
Cloud leak exposed sensitive data from over 200,000 voicemails
Broadvoice's cloud voicemail system leaked over 200,000 messages, many of them with sensitive details.
India's biggest mobile carrier left COVID-19 self-test data unsecured
Facebook's new best friend left a database connected to its COVID-19 checker unsecured for anyone to snoop.
Reddit lists all political ads and spending in a special subreddit
Reddit has launched a subreddit called r/RedditPoliticalAds that will provide much more transparency about political advertising on the site. It also updated its political ad policies, requiring campaigns to work with Reddit’s sales team and leave comments turned on for at least 24 hours.
Analytics firm exposed data for 120 million households
Exposed databases are all too common, but this one may be more serious than most. Researchers at UpGuard discovered that the Australian market analysis firm Tetrad left data for 120 million households exposed in Amazon S3 storage. It appeared to be a blend of data from providers like Experian Mosaic, Claritas/Nielsen's PRIZM as well as Tetrad customers like Chipotle, Kate Spade and Bevmo. The info varied from source to source, but frequently included sensitive details like names, addresses and purchasing habits. Experian Mosaic's data, for example, sorted users into types based on factors like income.
Microsoft accidently exposed 250 million customer service records
While most people were out celebrating the start of a new year, Microsoft's security teams were working overtime to close a potentially enormous security loophole. On Thursday, the company disclosed a database error that temporarily left approximately 250 million customer service and support records accessible to anyone with a web browser.
Over 267 million Facebook users reportedly had data exposed online
More than 267 million Facebook users allegedly had their user IDs, phone numbers and names exposed online, according to a report from Comparitech and security researcher Bob Diachenko. That info was found in a database that could be accessed without a password or any other authentication, and the researchers believe it was gathered as part of an illegal scraping operation or Facebook API abuse.
SEC charges IT administrator over $7 million insider trading ring
Insider trading among tech companies is nothing new, but some of these unscrupulous workers are more 'successful' than others. The SEC has charged former Palo Alto Networks IT administrator Janardhan Nellore and four friends with conducting insider trading that earned the group over $7 million between 2015 and 2018. Allegedly, Nellore exploited his "IT credentials and work contacts" to access his company's financial data and make illegal share trades. The group was also aware it might be tracked -- Nellore reportedly had the group use variants of the codeword "baby" in emails and texts to refer to the company stock, and the friends made small transactions to avoid tipping off the bank.
Millions of text messages were carelessly exposed by a marketing firm
Yet another exposed database has left public data out in the open, and this time it affects something you might use often: the systems businesses use to text you for appointments. Researchers at vpnMentor recently discovered that TrueDialog, an SMS solution provider for businesses, left "millions" of accounts and "tens of millions" of text messages unprotected on the web. The messages sometimes included sensitive info like recipients' full names, email addresses and phone numbers, but the accounts' data was noticeably worse. You could find usernames, email addresses and a mix of clearly visible and lightly-encrypted passwords, including for commonly-used sites like Facebook and Google.
FISA court: FBI use of NSA's electronic surveillance data was illegal
A US court ruled that some of the FBI's electronic surveillance activities violated the constitutional privacy rights of Americans. The Foreign Intelligence Surveillance Court (FISC) deemed that FBI officials improperly searched a National Security Agency (NSA) intelligence database for info on Americans. The ruling was made last year but just revealed by the intelligence community today.
Nearly everyone in Ecuador is the victim of a data breach
A massive data breach exposed sensitive data of nearly every individual in Ecuador. The breach impacted an estimated 20 million people -- for reference, Ecuador has a population of about 17 million. According to ZDNet, it exposed data on 6.7 million minors, as well as the country's president and WikiLeaks founder Julian Assange, who was granted political asylum by Ecuador in 2012.
App allows citizen scientists to track monarch butterfly migration
If you've ever pulled out your phone to take a picture of a butterfly, researchers want your help. A team from the University of Maine is using an app that lets citizens scientists along the East Coast take photos of monarch butterfly migration sites and log details about where they're found. The responses will be compiled in an online database and help researchers determine if their monarch migration predictions are accurate.
K12.com exposed 7 million student records for a week
K12.com, an online education platform, inadvertently exposed the personal information of nearly seven million students, according to security researchers at Comparitech. The exposed database contained full names, email addresses, birthdates and gender identities, as well as the school that the students attend, authentication keys for accessing their accounts and other internal data. The information was available online for more than one week, and it's unclear if the database was at any point accessed by malicious actors. Engadget reached out to K12.com for additional information regarding the data exposure and will update this story if we hear back.
Exposed database revealed security details for large hotel chains
Yet another unprotected database could pose a security risk -- this time if you're a traveler. VPNMentor researchers have discovered an exposed database that contained security audit logs for hotels run by the Pyramid Hotel Group, including numerous locations attached to major chains. Affected chains included Marriott's Aloft Hotels in Florida, Tarrytown House Estate in New York and multiple Irish hotels (such as Temple Bar), and might include more -- Pyramid operates hotels on behalf of Sheraton, Westin and others.
Unsecured database exposed thousands of Instagram influencers (updated)
A database containing contact information for what was originally thought to be millions of Instagram influencers was reportedly found online, exposing info like phone numbers and email addresses for celebrities, influencers and brand accounts. According to TechCrunch, the database was hosted on Amazon Web Services and left without a password. Original reports claimed it contained as many as 49 million records, but Instagram has since confirmed that the database contained records for about 350,000 accounts.
Florida governor says Russians accessed voter databases in 2016
Hackers from Russia gained access to voter databases in two Florida counties before the 2016 presidential election, Gov. Ron DeSantis said. While the hackers didn't compromise election results or manipulate any data, the fact that they gained access at all is significant.
Exposed database holds sensitive data on over 80 million US households
Large-scale database exposures are sadly nothing new, but they're particularly worrisome when there isn't even a clear owner. Researchers Ran Locar and Noam Rotem have found an unguarded database hosted on a Microsoft server that holds sensitive info for more than 80 million US households (over half of the 128 million in the US), but doesn't have a clear owner. The data includes full names, addresses and locations, as well as coded content like gender, income, dwelling type, homeowner status and marital status.
Dozens of law enforcement agencies are helping ICE track cars
More than 9,200 Immigration and Customs Enforcement employees have access to a license plate database that allows authorities to track the movement of vehicles over time. The American Civil Liberties Union says more than 80 law enforcement agencies across several states are sharing license plate details with ICE, which purportedly doesn't have sufficient safeguards to prevent abuse.
US prisons are reportedly creating 'voice print' databases
Prisons across the United States are reportedly building biometric databases that include voice recordings of incarcerated people, according to The Intercept. The report cites contracting documents for the state of New York's prison system, as well as statements from officials in Texas, Florida, Arkansas and Arizona confirming that prisons are actively using voice recognition technology that can extract and digitize voices to create unique and identifiable biometric signatures known as voice prints.
A popular fetish app stored passwords in plain text
"Pursuant to our records, we have not identified an account associated with [your email address]. In order to enable us to exercise your request to receive access to your personal data, we kindly request the below information (please respond with the below to this email): · The email address you registered with on Whiplr; · Your username on Whiplr; · Your password on Whiplr."
DNC reports attempted cyberattack targeting its voter database
The Democratic National Committee appears to be the target of another cybersecurity attack, CNN reports, and it has alerted the FBI about a phishing attempt aimed at gaining access to its voter database. A fake login page created to look just like the one Democratic officials use to log into a service called Votebuilder was spotted by a the cybersecurity firm Lookout earlier this week. Lookout then informed the DNC of its findings.
