Personal note

There was -so much- interesting security news this week, probably related to the fact that Blackhat and DEFCON are all happening at the same time.
I've done my very best to be selective, but still ended up going over my usual limit of articles, I'm sorry :-) I hope you enjoy the result though!

Dieter Van der Stock

Breaches and leaks

  • Monzo, the UK-based digital bank, had a big "woops" moment when it discovered that it had customer PIN codes in its logs, exposing it to around 100 internal engineers. About 20% of customers are affected: link.
  • The Bank of Cardiff, based in California, exposed an s3 bucket with one million phone calls to customers: link.
  • StockX, a "fashion and sneaker trading platform" (that's a thing?) was breached. They've fumbled the disclosure process, but at seems that 6.8 million records were stolen with personal information: link.
  • CafePress, a t-shirt and merchandising site, had a breach impacted 23 million users. Half of the passwords were hashed with the inadequate SHA-1: link.
  • State Farm Insurance suffered a credential stuffing attack. It's unclear how many customers were affected: link.
Dieter Van der Stock