Breaches and leaks

More breaches and leaks this week than actual news. Here we go:

  • Tyler Technologies, a governement services supplier, was hit with ransomware: link.
  • As was Luxottica, the owner of Ray-Ban: link.
  • ArbiterSports, a company that builds match scheduling and training software, detected and stopped a ransomware attack, but not before personal data on 540.000 referees was exfiltrated: link.
  • An unknown federal agency was breached. Not much detail is known, but it's a nice write-up of how the attack happened: link.
  • Not really a leak, but an educational read anyway: Louis Vitton fixed a vulnerability that allowed for account enumeration and takeover: link.
  • The KuCoin crypto exchange had $150mil stolen: link.
  • Not as bad as the headlines looked: Twitter warns that API keys might have leaked. Only in the browser cache though, so really only a concern on shared machines: link
  • Shopify caught two employees accessing customer transaction information: link.
  • Town Sports, a fitness chain, exposed a database with personal data of 600.000 people in it: link.
  • It even happens to the big ones: Microsoft had an unsecured Elasticsearch server exposing Bing search queries: link.
Dieter Van der Stock