Breaches and leaks

It's quite a long list this week I'm afraid :-/

  • T-Mobile blocked an attack in progress that was exfiltrating personal data of their customers through a leaky API. Personal information on about 2.3 million people got out.
  • Cheddar's Scratch Kitchen: the fastfood chain had its previous POS system breached. The information of an estimated 567.000 credit cards was stolen.
  • Huazhu Hotels: a Chinese hotel chain. Personal information of an estimated 130 million customers is up for sale on a Dark Web forum.
  • Atlas Quantum: a Brazilian crypto exchange. The information on 264.000 users was exposed.
  • Abbyy: an OCR software provider, with big customers like PwC and Volkswagen. They had an unsecured MongoDB instance online with 142GB of document information.
  • Air Canada had 20.000 user accounts breached, exposing personal information.
  • Eir: an Irish telecom operator. An encrypted laptop was stolen, holding personal information on 37.000 customers. This is an easy fix people, make sure this doesn't happen where you work.
  • Spyfone: a company that sells spywhere to parents and employers :/ They left an s3 bucket unsecured with all spied data like pictures, text messages and more.
  • TheTruthSpy: another creepy spyware/stalking app. They had a vulnerability that gave access to usernames and plaintext passwords, granting the attacker full access to everyone's account.
Dieter Van der Stock