Automated money-laundering scheme found in free-to-play games

The scammers automatically created iOS accounts with valid email accounts, then automatically used stolen cards to buy and resell stuff. Continue reading Automated money-laundering scheme found in free-to-play games

Hundreds of thousands of voter records found exposed on misconfigured server: report

Yet another misconfigured Amazon S3 bucket has exposed the sensitive information of unsuspecting people. This time, hundreds of thousands of voters’ information was left open for the taking by a Virginia robocalling firm called Robocent, according to Bob Diachenko, a security researcher at cybersecurity firm Kromtech. Diachenko wrote in a LinkedIn blog post Wednesday that he discovered a trove of about 26,000 files, including audio files with pre-recorded political messages and spreadsheets containing voter information, in the leaky server. The voter data, according to Diachenko, includes names, phone numbers, addresses, political affiliations, birth dates, genders, jurisdictions and some demographic information. The Robocent files were accessible to anyone who did a specialized web search for “voters,” said Diachenko. By the time it was identified by Kromtech, the server had already been indexed by GrayhatWarfare, another website that scans the internet for open S3 buckets. Diachenko says he disclosed the finding to Robocent […]

The post Hundreds of thousands of voter records found exposed on misconfigured server: report appeared first on Cyberscoop.

Continue reading Hundreds of thousands of voter records found exposed on misconfigured server: report

Scanned IDs of 119,000 FedEx customers exposed online

An unsecured Amazon Web Services bucket holding personal information and scans of IDs of some 119,000 US and international citizens has been found sitting online by Kromtech security researcher earlier this month. The stored data had been stockpiled by… Continue reading Scanned IDs of 119,000 FedEx customers exposed online

‘Confidential’ Verizon credentials, server logs left publicly exposed

Stop us if you’ve heard this before: Sensitive data was left publicly exposed on an Amazon Web Services S3 storage server owned by a billion-dollar corporation. This time the offender is Verizon Wireless who left data including server logs and internal credentials exposed, according to Kromtech Security Research Center. “Although no customers data are involved in this data leak, we were able to see files and data named ‘VZ Confidential’ and ‘Verizon Confidential’, some of which contained usernames, passwords and these credentials could have easily allowed access to other parts of Verizon’s internal network and infrastructure,” Bob Diachenko, a Kromtech executive, explained in a statement. “Another folder contained 129 Outlook messages with internal communications within Verizon Wireless domain, again, with production logs, server architecture description, passwords and login credentials.” The leak, first reported by ZDNet, is the latest in a long march of 2017 exposures highlighting just how easy it is […]

The post ‘Confidential’ Verizon credentials, server logs left publicly exposed appeared first on Cyberscoop.

Continue reading ‘Confidential’ Verizon credentials, server logs left publicly exposed

Charter Communications is assessing damage in ‘massive’ 600gb data leak

Approximately 600 gigabytes of data containing 4 million records that held sensitive information on Time Warner Cable customers were mistakenly available to the public, a security firm discovered in August. Kromtech Security Center announced on Friday that it found two Amazon Web Services S3 bucket repositories containing private information but lacking a password. The buckets are likely connected to BroadSoft, Inc., an IT infrastructure firm active in 80 countries. The company is reportedly exploring a billion-dollar sale and its stock price is soaring. BroadSoft did not respond to a request for comment. The publicly available data spans from Nov. 2010 to July 2017. The trove contains access credentials, access logs, usernames, transaction IDs, MAC addresses, serial numbers, account numbers, billing addresses, phone numbers and more. Due to the “massive amount of sensitive information” in the repository, it would “take weeks to fully sort through all the data,” according to Kromtech’s researchers. “In this […]

The post Charter Communications is assessing damage in ‘massive’ 600gb data leak appeared first on Cyberscoop.

Continue reading Charter Communications is assessing damage in ‘massive’ 600gb data leak

Charter Communications is assessing damage in ‘massive’ 600gb data leak

Approximately 600 gigabytes of data containing 4 million records that held sensitive information on Time Warner Cable customers were mistakenly available to the public, a security firm discovered in August. Kromtech Security Center announced on Friday that it found two Amazon Web Services S3 bucket repositories containing private information but lacking a password. The buckets are likely connected to BroadSoft, Inc., an IT infrastructure firm active in 80 countries. The company is reportedly exploring a billion-dollar sale and its stock price is soaring. BroadSoft did not respond to a request for comment. The publicly available data spans from Nov. 2010 to July 2017. The trove contains access credentials, access logs, usernames, transaction IDs, MAC addresses, serial numbers, account numbers, billing addresses, phone numbers and more. Due to the “massive amount of sensitive information” in the repository, it would “take weeks to fully sort through all the data,” according to Kromtech’s researchers. “In this […]

The post Charter Communications is assessing damage in ‘massive’ 600gb data leak appeared first on Cyberscoop.

Continue reading Charter Communications is assessing damage in ‘massive’ 600gb data leak

Leaky WWE Database Exposes Personal Data of 3M Wrestling Fans

Personal data of 3 million wrestling fans were left exposed on a database owned by World Wide Entertainment. Continue reading Leaky WWE Database Exposes Personal Data of 3M Wrestling Fans