exposed
Latest
A security breach opened up access to a genealogy site’s DNA profiles
A security breach changed the permission settings on millions of profiles in GEDmatch, a DNA database used by genealogists.
Analytics firm exposed data for 120 million households
Exposed databases are all too common, but this one may be more serious than most. Researchers at UpGuard discovered that the Australian market analysis firm Tetrad left data for 120 million households exposed in Amazon S3 storage. It appeared to be a blend of data from providers like Experian Mosaic, Claritas/Nielsen's PRIZM as well as Tetrad customers like Chipotle, Kate Spade and Bevmo. The info varied from source to source, but frequently included sensitive details like names, addresses and purchasing habits. Experian Mosaic's data, for example, sorted users into types based on factors like income.
Porn cam network leaked sensitive data for thousands of models
Data leaks by their nature subject people to some kind of unnecessary risk, but this latest could be genuinely dangerous. Researchers at vpnMentor have discovered that a porn cam affiliate network, PussyCash, left nearly 20GB of models' extremely sensitive data exposed in an Amazon S3 bucket. The repository included not only 875,000 keys for different file types (such as photos and videos), but personal info for over 4,000 models worldwide that includes their names, ID photos, passport/ID numbers, release forms and driver's license images. Some of the data could be up to 20 years old, but other info is just weeks old -- there's a very real chance stalkers, extortionists and others could have used this to threaten many of the models.
Over 267 million Facebook users reportedly had data exposed online
More than 267 million Facebook users allegedly had their user IDs, phone numbers and names exposed online, according to a report from Comparitech and security researcher Bob Diachenko. That info was found in a database that could be accessed without a password or any other authentication, and the researchers believe it was gathered as part of an illegal scraping operation or Facebook API abuse.
Millions of text messages were carelessly exposed by a marketing firm
Yet another exposed database has left public data out in the open, and this time it affects something you might use often: the systems businesses use to text you for appointments. Researchers at vpnMentor recently discovered that TrueDialog, an SMS solution provider for businesses, left "millions" of accounts and "tens of millions" of text messages unprotected on the web. The messages sometimes included sensitive info like recipients' full names, email addresses and phone numbers, but the accounts' data was noticeably worse. You could find usernames, email addresses and a mix of clearly visible and lightly-encrypted passwords, including for commonly-used sites like Facebook and Google.
Camgirl sites exposed data for millions of users
Exposed databases are already enough of a security problem, but the latest incident could be particularly damaging for both porn site visitors and sex workers. Condition:Black security researchers have discovered that Barcelona's VTS Media left a database for its camgirl network (including sites like amateur.tv) unprotected for weeks. The trove included months of logs for millions of people, including their usernames, IP addresses, viewing habits, private chats and even passwords from failed login attempts. Some account details also escaped for account workers, Condition:Black told TechCrunch.
Nearly everyone in Ecuador is the victim of a data breach
A massive data breach exposed sensitive data of nearly every individual in Ecuador. The breach impacted an estimated 20 million people -- for reference, Ecuador has a population of about 17 million. According to ZDNet, it exposed data on 6.7 million minors, as well as the country's president and WikiLeaks founder Julian Assange, who was granted political asylum by Ecuador in 2012.
32 million patient records were breached in the first half of 2019
More than 32 million patient records were breached between January and June 2019. That's more than double the 15 million medical records breached in all of 2018, says healthcare analytics firm Protenus. According to the company, the number of disclosed incidents rose to 285 in the first half of the year, and the longstanding trend of at least one health data breach per day shows no signs of slowing down.
K12.com exposed 7 million student records for a week
K12.com, an online education platform, inadvertently exposed the personal information of nearly seven million students, according to security researchers at Comparitech. The exposed database contained full names, email addresses, birthdates and gender identities, as well as the school that the students attend, authentication keys for accessing their accounts and other internal data. The information was available online for more than one week, and it's unclear if the database was at any point accessed by malicious actors. Engadget reached out to K12.com for additional information regarding the data exposure and will update this story if we hear back.
Unsecured database exposed thousands of Instagram influencers (updated)
A database containing contact information for what was originally thought to be millions of Instagram influencers was reportedly found online, exposing info like phone numbers and email addresses for celebrities, influencers and brand accounts. According to TechCrunch, the database was hosted on Amazon Web Services and left without a password. Original reports claimed it contained as many as 49 million records, but Instagram has since confirmed that the database contained records for about 350,000 accounts.
A public database exposed medical records of 150,000 rehab patients
Nearly 150,000 patients who sought treatment at an addiction recovery facility in Pennsylvania had their medical records exposed online. Through the public search engine Shodan, independent researcher Justin Paine found an ElasticSearch database with nearly five million rows of data. It appeared to include personally identifiable information (PII) of patients who were treated at Steps to Recovery between mid 2016 and late 2018.
Google Wallet gets prepaid security fix, but 'brute-force' issue still hangs in the air
Google says it's fixed a Wallet security flaw that potentially allowed a phone thief to spend a user's prepaid balance. The ability to provision new prepaid cards had been suspended pending the update, but has now been restored. Things aren't quite back to normal in the Big G's world of mobile money, however. Users still find themselves caught between two competing arguments over an entirely different vulnerability, which involves a 'brute-force' attack on rooted devices. Google insists that this isn't a major concern, so long as Wallet users refrain from rooting, and that the system still "offers advantages over the plastic cards and folded wallets in use today." On the other hand, the company that discovered this issue -- zvelo -- has come back at Google with an equally blunt response. It acknowledges that a handset must be rooted to be vulnerable, but crucially its researchers also say that a device doesn't have to be rooted before it's stolen. In other words, they allege that a savvy thief can potentially steal a phone and then root it themselves, and they won't be happy with Wallet until it requires longer PIN number. Whichever argument sways you, it's worth bearing in mind that there's no evidence that anyone has yet managed to exploit these weaknesses for criminal purposes.
Provisioning for prepaid Google Wallet cards on hold while PIN-related security hole gets fixed
Remember that Google Wallet exploit from a few days ago? The one that would allow 'brute-force' PIN attacks, but only on rooted Android devices? Well, another PIN-related security hole was discovered soon after, putting even non-rooted Androids at risk. As Android Central points out, should your phone make its way into the wrong hands, your Google Wallet PIN number could be reassigned, allowing access to the prepaid account attached to the phone itself -- yikes. As such, the folks at Mountain View have taken action, shuttering provisions to prepaid cards until it finds a permanent fix for the problem. Despite the troubles, Google is sticking by its original tune, stating that Google Wallet offers multiples levels of protection (when used on official builds of Android) that go beyond traditional plastic cards, including your phone's lock screen. There's no estimate on when things will be back to normal, but you'll find Google's assessments and assurances about this situation at the source link below.
Sony Ericsson's Xperia Play retail booths exposed
We said it at the Show and we'll say it again, Sony Ericsson just can't keep a lid on (any) secret information. The Xperia Play, formerly and more poetically known as the PlayStation Phone, has been previewed, videoed, and loved (mostly by us), but today we can add even more to our foreknowledge about this still unannounced device in the form of its in-store booths. Yes, SE has planned out how resellers and carriers will pimp its gaming smartphone at retail, and yes, renders of that "brand experience" have leaked out. It's nothing jaw-dropping, just some upright pedestals with the words "smart phone, smart gaming" on its side, but at least it signals that we're at an advanced stage of preparations ahead of the handset's launch. There is a T-Mobile logo on there too, but that could be just a placeholder or could refer to territories outside the US. Either way, spring does sound like the perfect time for some more Gingerbread in our lives. Update: Although we've been assured that the layout above is genuine, the slim device pictured on top of the stands looks like the Xperia Arc. The device at the bottom looks more like a cross between a PSP Go and the Xperia Play. Of course, we're expecting to see a myriad of Android devices announced with PlayStation Suite support, so who knows.
EVE Evolved: The faction warfare mission debacle
When faction warfare went live with EVE Online's Empyrean Age expansion back in the summer of 2008, It was a magnificent success. It was intended as a way for newer players to get into PvP and as a stepping stone from the safe haven of empire to full-on sovereignty warfare. It wasn't long before large fleets were duking it out in low security space and for a time, it was great. Eventually, problems began to come to light that demanded developer attention. Capturing exploits and a lack of rewards were causing players to leave the war and after a year with no development, faction warfare was looking abandoned. Rewards were eventually implemented in an attempt to revitalise the ageing faction warfare system and promote PvP. With the Dominion expansion came the most anticipated of those rewards - new tier 1 navy battleships available only from the faction warfare loyalty point store. Since the announcement that they were coming, mission-runners have been farming faction warfare missions like crazy for loyalty points. The promise of unique rewards from the missions was intended to revitalise the game and give pilots something to fight over. But did the rewards really improve faction warfare and promote PvP or was it a huge mistake? In this three page exposé, I run down the history of faction warfare missions, from the development mistakes to the EVE corp that made almost enough ISK to build a titan. Did the mission buff revitalise faction warfare or did it put the final nail in its coffin? And just how did mission-runners make billions of ISK?
EVE Evolved: The faction warfare mission debacle, page 2
The save came in the form of the previously mentioned unique items limited to the faction warfare loyalty point store. LP was given out for kills against the enemy militia and completion of missions. The hope was to get more people back into the war and give them some incentive to do faction missions that put pilots at risk of PvP.
EVE Evolved: The faction warfare mission debacle, page 3
Certain missions that required the collection of an item from a wreck or killing a lot of ships were eliminated as they would take extra time or pose extra risk. With intense practice, missions ended up taking as little as 30 seconds each and at most a few minutes. By using a strong PvP presence to lock down the systems in which they took missions by force they were able to keep their mission-runners safe and run 45 missions in an average of one and a half hours.
Asus' Eee PC 701 exposed in Russian review
Well, would you take a look at this. Turns out, 3DNews somehow managed to get their palms around (and within) Asus' Eee PC 701 for a hands-on review. Granted, a heap of the writeup was a bit hard to grasp without understanding Russian (or being a master in deciphering broken translations), but we were able to notice that their sample unit boasted a 900MHz ULV Intel Celeron M processor, 512MB of DDR2 RAM, a seven-inch 800 x 480 resolution display, Ethernet, a 56k modem, and 802.11b/g. Additionally, the wee machine was even put through a series of benchmarks, so if you're interested in digging through an early review (or just want to brush up on your Russian), head on over to the read link -- but for those just yearning for a few more pics, they're posted after the break.
Urilift: the disappearing public urinal (and we do mean public)
While there's no shortage of bathroom-based oddities floating around out there, the Urilift system definitely takes top honors. Since the presumably alcoholics anonymous-approved Wizmark urinals can't keep everyone from getting a little tipsy, officials in Victoria, British Columbia are taking a note from European countries to keep urine off the streets. Rather than leaving inebriated party-going males nowhere to relieve themselves on the streets, the government is considering installing hydraulic toilets in the roadways, which are remotely triggered at night to appear from their subterranean dwelling place. While there's no doors or privacy factor involved, those who were previously choosing to take it to the sidewalks probably won't mind all that much, and designers say the open design discouraged loitering and criminal activity anyway. Priced at $75,000 a pop, Victoria plans to become the first North American locale to try these newfangled restrooms out -- and hey, at least we know where to head for a clean(er) Spring Break now, right?
Samsung BD-P1000 exposed
Looks like our friends across the pond are going to have to wait even longer than expected to see this player in action, so we thought we'd let y'all peep some hands on pics of the Samsung BD-P1000 and its innards while your spirits are still down. The word on the street is that load times are a fairly snappy 15 seconds or so, but that there might be some lame 1080p24 to 1080i60 to 1080p60 conversion going on for HDMI output, so we'll be on the lookout for more details as they come.[Via HD Beat]Read - Samsung BD-P1000 hands on & cracked open @ AVS ForumRead - Samsung BD-P1000 hands on at Avsite.grRead - Samsung BD-P1000 cracked open at HDTVPolska (registration -- in polish -- required)
