Collaborate Disseminate
Jeremiah Fowler reports finding a non-secured database with more than 25,000 records, many with sensitive information: The unsecured database contained internal screenshots of source code as well as customer documents that were stored in uploads folder… Continue reading No need to hack when it’s leaking, Saturday edition: Translation service leaked 25k records
As reported by vx-underground on Telegram: Tigo, a live video and chatting app for Android and iPhone, accidentally exposed 100,000,000+ user messages online. The app is mostly known for dating & for dudes being thirsty. vx-underground provided the… Continue reading Vido and chatting app leaks more than 100 million user messages
CBC News reports: When Kelsey Puddister-Collins opened an email from Newfoundland and Labrador Fertility Services on Tuesday, she said she was mortified to see the names and email addresses of over 100 people on the email list. Puddister-Collins’… Continue reading Over 100 fertility patients had data breached by N.L. Health Services
Email errors are still a thing. Here’s an apology by Tokyo Tech to 10,000 of its currently enrolled students: A file containing personal information of currently enrolled Tokyo Tech students was attached mistakenly to an email sent on the aftern… Continue reading Jpn: Notice of apology: Email containing current student information mistakenly sent to currently enrolled students
A systems error involving the Arizona Health Care Cost Containment System (AHCCCS) resulted in 2,632 Health-e-Arizona Plus household accounts having their data accidentally exposed to others accessing the website. The breach was discovered on May 11, b… Continue reading 2,632 Medicaid members in Arizona being notified of data leak
I have a scenario where the developers are using SafetyNet API to protect their Android apps. I observed that the SafetyNet API key has been hard-coded within the apk file. This is the first time I came across this behaviour.
Is this expos… Continue reading Is having hard-coded API keys such as the SafetyNet API key considered a vulnerability?
Try to put yourself in the place of an engineer tasked with building a camera in 1961. Your specs include making it easy to operate, giving it automatic exposure control, …read more Continue reading A Solar-Powered Point-and-Shoot, circa 1961
PTI reports: Akasa Air has suffered data breach resulting in access of user information by unauthorised individuals. The airline, which started operations on August 7, has apologised to its customers and has “self-reported the incident” to … Continue reading Akasa Air suffers data breach
Tevye Markson reports: The Government Legal Department has launched an investigation after a data leak in which the names of civil servants claiming expenses was published online. Documents showing officials’ names were published on GOV.UK accide… Continue reading UK: Officials’ personal info published online by government lawyers in ‘regrettable’ data leak
Steve Hunter reports: A city of Kent staff member “inadvertently disclosed to (another city) employee a file containing the 2020 W-2 Wage and Tax Statement information for all city employees,” according to an email sent by Chief Administrative Officer … Continue reading WA: W-2 wage information of Kent city employees ‘inadvertently disclosed’ | Update