DataLeak
Latest
Massive data leak affects hundreds of German politicians
A number of German politicians have been the target of a massive data leak, one that contains extensive amounts of information. The data in question includes email addresses, private correspondence, passwords, phone numbers, work emails and photos, among other information, and those affected reportedly include journalists and celebrities as well as politicians. According to multiple reports, the data was leaked from the Twitter account @_0rbit -- which has since been suspended -- and the account began sharing the stolen information in December.
Popsugar’s celebrity look-alike app is leaking users’ photos
I can't think of a more fitting way to end 2018 than with another, final data leak. This one is from #Twinning tool, the popular new app from Popsugar that matches your selfie with your top five celebrity look-alikes. Turns out, while you were uploading your face and crossing your fingers for who you would or wouldn't be compared to, Popsugar was doing a poor job of protecting your images.
Another Google+ data bug exposes info for 52.5 million users
Google's semi-defunct social media platform Google+ has suffered its second data breach in three months and, as a result, will be completely shuttered in April, four months earlier than previously planned.
Amazon blames technical error for exposing customer information
Amazon informed some of its users this morning that the company's website may have exposed their names and email address in a way that made the information publicly accessible. Amazon chalked the issue up to a technical error and said the problem has since been fixed. It's not clear how many people are effected by the leak.
Google is shutting down Google+ following massive data exposure
Following a massive data exposure first reported on by The Wall Street Journal, Google announced today that it is shutting down its social network Google+ for consumers. While data was exposed, there is no evidence that it was improperly accessed. The company finally admitted that Google+ never received the broad adoption or engagement with users that it had hoped for -- according to a blog post, 90 percent of Google+ user sessions last for less than five seconds. In light of these newly revealed security concerns with Google+'s API, the company has opted to put it out of its misery over the next ten months rather than try and make the social network more secure.
A spying service leaked personal data on millions of customers
This week, Krebs on Security revealed that mSpy leaked the data of millions of paying customers online, including passwords, call logs, text messages, contacts, notes, location data and even Apple iCloud usernames and authentication tokens. mSpy is software that can be installed on devices and used to snoop on kids, partners and more. The company has since taken the database down.
Home Depot left customers' unprotected personal data online
It's been awhile since hackers broke into Home Depot's servers and stole 56 million customers' credit card information back in 2014. But recently, a tipster pointed business watchdog site Consumerist to a web address under the HomeDepot.com domain. The unprotected page stored photos of various home improvement projects...and 13 Excel spreadsheets filled with customer data. All told, it had names, phone numbers, and physical and email addresses for up to 8,000 people. And all those files sat there unprotected, unencrypted and discoverable by search engines for an unknown period of time.
Professional football is the latest victim of a giant data leak
Big data leaks are becoming more and more common, and today another massive victim has been revealed: professional soccer (or football, if you live anywhere but the US). German publication Der Spiegel just released the first in what will be a steady stream of details about corruption in various European football clubs as well as the sport's players. A group known as "Football Leaks" got its hands on a whopping 1.9 terabytes of data, covering 18.6 million documents -- including secret agreements between clubs and players. Basically, it's the Snowden release of professional football.
WHSmith mistakenly emails customer details to other customers
IT gaffes don't come much bigger than this. UK newsagent WHSmith has accidentally leaked a wealth of customer information by mass-emailing details that were submitted through a "contact us" form. The affected page is supposed to send customer messages and their contact details directly to WHSmith -- instead, they were reportedly sent to everyone on its mailing list. It's a huge technical blunder, and to make matters worse, some subscribers used the form when they first received the emails, thereby putting their own details into circulation. WHSmith confirmed to the Guardian that the problem was "a bug, not a data breach" and that it was caused by I-subscribe, an external company that manages its magazine subscriptions: "I-subscribe have immediately taken down their 'Contact Us' online form which contains the identified bug, while this is resolved."
iPhone 4 pre-order mess takes a sinister turn with privacy breach
In amongst the otherwise fun stampede that befell Apple and AT&T's servers yesterday, some less humorous problems were also taking place. Numerous tipsters reported to Gizmodo during the day that they were being logged into other people's AT&T accounts while going in to try and sign up for an iPhone 4 upgrade. An insider source suggests that this was caused by a major fraud prevention overhaul of AT&T's software last weekend, which was followed by "absolutely no testing" prior to the iPhone 4's launch. Tsk tsk. The network itself has responded by saying it's unable to replicate the issue and is looking into it. While it's doing that, a bunch of people might be "looking into" your AT&T account details. Sleep tight now.
Sprint opens, closes data leak on customer service line
It sure feels like Sprint usually just can't buy a break when it comes to quality customer service. This time around, JD Power's sometimes basement-dwellers have been called out for an automated line that was just a little too ready and willing to dish out customer data to anyone who called in. Basically, you'd call the line, enter any Sprint customer's number of your choosing, and promptly be asked to verify the customer's compu-spoken name and home address --among other juicy details -- while calling another number would spit out their bill balance. Understandably, this raised a ruckus in the user community; to their credit, Sprint patched the system rather quickly and issued a statement to that effect -- but not without going into full CYA mode, pointing out that "this process operated well within the bounds of applicable federal and state privacy laws."
