data leak
Latest
OpenAI says a bug leaked sensitive ChatGPT user data
OpenAI announced Friday that the chat history bug from earlier in the week might have also leaked user and payment data.
AMD CPUs for the past 9 years are vulnerable to data leak attacks
It's not just Intel chips that are vulnerable to hard-to-fix security flaws. Researchers at the Graz University of Technology have detailed a pair of side channel attacks under the "Take A Way" name that can leak data from AMD processors dating back to 2011, whether it's an old Athlon 64 X2, a Ryzen 7 or a Threadripper. Both exploit the "way predictor" for the Level 1 cache (meant to boost the efficiency of cache access) to leak memory content. The Collide+Probe attack lets an intruder monitor memory access without having to know physical addresses or shared memory, while Load+Reload is a more secretive method that uses shared memory without invalidating the cache line.
Porn cam network leaked sensitive data for thousands of models
Data leaks by their nature subject people to some kind of unnecessary risk, but this latest could be genuinely dangerous. Researchers at vpnMentor have discovered that a porn cam affiliate network, PussyCash, left nearly 20GB of models' extremely sensitive data exposed in an Amazon S3 bucket. The repository included not only 875,000 keys for different file types (such as photos and videos), but personal info for over 4,000 models worldwide that includes their names, ID photos, passport/ID numbers, release forms and driver's license images. Some of the data could be up to 20 years old, but other info is just weeks old -- there's a very real chance stalkers, extortionists and others could have used this to threaten many of the models.
Clothing resale site Poshmark suffers data breach
Clothing resale site Poshmark has been hacked. Data from users in the US, including full names, usernames, genders, email addresses, hashed passwords, clothing size preferences and social media profile information, were accessed by "an unauthorized third party."
Nearly 70 percent of hotel websites leak personal data, Symantec study finds
A security flaw may be hiding in that confirmation email you get after booking a hotel room. A Symantec study of more than 1,500 hotels found that 67 percent of them were unwittingly leaking guests' personal information. The hotels in the study were spread across 54 countries, including the U.S., Canada and even some in the E.U., despite strict GDPR protections. They ran the gamut in quality too, from two-star motels to five-star beach resorts.
iPhone 4 pre-order mess takes a sinister turn with privacy breach
In amongst the otherwise fun stampede that befell Apple and AT&T's servers yesterday, some less humorous problems were also taking place. Numerous tipsters reported to Gizmodo during the day that they were being logged into other people's AT&T accounts while going in to try and sign up for an iPhone 4 upgrade. An insider source suggests that this was caused by a major fraud prevention overhaul of AT&T's software last weekend, which was followed by "absolutely no testing" prior to the iPhone 4's launch. Tsk tsk. The network itself has responded by saying it's unable to replicate the issue and is looking into it. While it's doing that, a bunch of people might be "looking into" your AT&T account details. Sleep tight now.
Sprint opens, closes data leak on customer service line
It sure feels like Sprint usually just can't buy a break when it comes to quality customer service. This time around, JD Power's sometimes basement-dwellers have been called out for an automated line that was just a little too ready and willing to dish out customer data to anyone who called in. Basically, you'd call the line, enter any Sprint customer's number of your choosing, and promptly be asked to verify the customer's compu-spoken name and home address --among other juicy details -- while calling another number would spit out their bill balance. Understandably, this raised a ruckus in the user community; to their credit, Sprint patched the system rather quickly and issued a statement to that effect -- but not without going into full CYA mode, pointing out that "this process operated well within the bounds of applicable federal and state privacy laws."
