A misconfiguration in an S3 bucket that was hosting a Twilio Javascript library caused a bad threat actor to inject code that made Twilio users load an extraneous URL on their browsers that has been associated with the Magecart group of attacks. In a company blog, Twilio said this solely affected v1.20
Tag: exposes
Banking trojan attack exposes dangers of not securing MDM solutions
A global conglomerate had 75 percent of its mobile devices infected by a variant of the Cerberus Android banking trojan after an attack compromised the company’s mobile device management (MDM) server and used it to spread the malware. In a company blog post report, Check Point Software Technologies identifies MDM as
Microsoft database misconfiguration exposes 250M customer support records
Microsoft last December misconfigured five Elasticsearch servers – each one containing the same data set of 250 million customer support records – leaving their information publicly exposed on the internet, according to researchers. The data leak was detailed today in a blog post by pro-consumer website Comparitech and separately disclosed in
Wyze Labs data breach exposes 2.4 million, includes PHI
Security camera and smart device maker Wyze Labs has confirmed a data breach that left exposed a database containing information on reportedly 2.4 million of its users. Wyze Co-founder Dongsheng Song confirmed the data breach on December 27 and said the exposed database contained a large amount of personal, product and some medical information. Username and email of
Open dark web database exposes info on 267 million Facebook
An unsecured database on the dark web left the personal information of more than 267 million Facebook users, mostly in the U.S., exposed. Although the database, discovered by security researcher Bob Diachenko and Comparitech and traced to Vietnam, is now inaccessible, it laid bare names, phone numbers, timestamps and Facebook IDs and that information also appears
Open database exposes 26,000 Honda Motors customers
A Honda Motor Company Elasticsearch cluster containing 976 million records affecting about 26,000 customers and containing information on Honda vehicle owners was found exposed. Independent security researcher Bob Diachenko posted that the database appeared to be part of the company’s North American operation did not require any passwords or other authentication to access the
Unsecured storage bucket exposes applications for birth certificate copies
A leaky Amazon Web Services storage bucket has exposed more than 752,000 applications requesting copies of birth certificates. A report yesterday by TechCrunch said the unsecured data set dates back to late 2017, but was just recently discovered by U.K.-based penetration testing company Fidus Information Security. The data is managed by
Mixcloud data breach exposes over 20 million user records
Unsecured server exposes 4 billion records, 1.2 billion people
Two security researchers have uncovered four billion records on 1.2 billion people on an unsecured Elasticsearch server impacting what is estimated to be hundreds of millions of people. The data itself comes from the data aggregator and enrichment companies People Data Labs (PDL) and OxyData.Io and contains basic personal information, such as names, home and mobile phone
Leaky Gekko Group database exposes info on hotel brands, travelers
European hotel booking platform provider Gekko Group mistakenly stored over 1 terabyte of information on a publicly configured server, exposing troves of data related to its hotel B2B clients, as well as travel agents and their customers. The majority of the exposed data was collected by Gekko brands Teldar Travel, which