Breaches and leaks
More breaches and leaks this week than actual news. Here we go:
- Tyler Technologies, a governement services supplier, was hit with ransomware: link.
- As was Luxottica, the owner of Ray-Ban: link.
- ArbiterSports, a company that builds match scheduling and training software, detected and stopped a ransomware attack, but not before personal data on 540.000 referees was exfiltrated: link.
- An unknown federal agency was breached. Not much detail is known, but it's a nice write-up of how the attack happened: link.
- Not really a leak, but an educational read anyway: Louis Vitton fixed a vulnerability that allowed for account enumeration and takeover: link.
- The KuCoin crypto exchange had $150mil stolen: link.
- Not as bad as the headlines looked: Twitter warns that API keys might have leaked. Only in the browser cache though, so really only a concern on shared machines: link
- Shopify caught two employees accessing customer transaction information: link.
- Town Sports, a fitness chain, exposed a database with personal data of 600.000 people in it: link.
- It even happens to the big ones: Microsoft had an unsecured Elasticsearch server exposing Bing search queries: link.