xSocialMedia, a marketing agency on Facebook that runs campaigns for medical malpractice lawsuits, has leaked medical and other data for about 150,000 people.
vpnMentor notes that xSocialMedia might not be subject to HIPAA compliance because patients are free to disclose their health information to the parties of their choice – in this case, by inputting it into a form on one of the advertising firm’s sites.
vpnMentor says it discovered the leak on 2 June. xSocialMedia responded on 11 June and closed the database up on the same day.
What a nice bit of information to wake up to.
Flipboard revealed that an “unauthorized party” accessed its database between June 2, 2018 and March 23, 2019, as well as between April 21-22, 2019.
Chtrbox, a social media marketing firm based in Mumbai, India, exposed an Instagram influencer database online.
Each record in the database contained a record that calculated the worth of each account, based off the number of followers, engagement, reach, likes and shares they had. This was used as a metric to determine how much the company could pay an Instagram celebrity or influencer to post an ad.
At the time of the writing there were 49 million database records, but was increasing by the hour. The database has since been pulled offline.
Stack Overflow confirmed Thursday that it suffered a data breach last week and said that a “very small number” of users had some data exposed.
A research team has uncovered an exposed database hosted on a Microsoft cloud server containing 24GBs of data on over 80 million U.S. households.
Over 100,000 open databases were found on Amazon Cloud and contained the personal information of millions of Facebook users.
California company Meditab, which makes medical records software for hospitals, doctor’s offices, and pharmacies, exposed data on a server without a password (via TechCrunch). [Apple Health Records Gets Positive Feedback From Patients] Meditab Leak Besides medical records software, Meditab also processes faxes for healthcare providers, and it was a fax server that wasn’t secured. Dubai…
Dozens of companies—including Apple—have been affected by a Box enterprise leak. Data stored in Box enterprise accounts are private by default. But people can share files and folders, which makes the data publicly accessible.
The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed…Using a script to scan for and enumerate Box accounts with lists of company names and wildcard searches, Adversis found more than 90 companies with publicly accessible folders.
An email marketing company called Verifications.io—which has been taken offline—exposed 809 million records in a database.
In general, the 809 million total records in the Verifications.io trove include standard information like names, email addresses, phone numbers, and physical addresses. But many also include things like gender, date of birth, personal mortgage amount, interest rate, Facebook, LinkedIn, and Instagram accounts associated with email addresses, and characterizations of people’s credit scores (like average, above average, and so on).
As always, use the tool HaveIBeenPwned.com to see if your email was included in a data breach.
Last month we heard of the Collection #1 data breach, which contained 773 million email addresses and 21 million passwords. Now, Collections #2-#5 are here.
Despite its unthinkable size, which was first reported by the German news site Heise.de, most of the stolen data appears to come from previous thefts, like the breaches of Yahoo, LinkedIn, and Dropbox. WIRED examined a sample of the data and confirmed that the credentials are indeed valid, but mostly represent passwords from years-old leaks.
As with any data breach you can find out if your details have been leaked by visiting HaveIBeenPwned.com. My eBook copy of War and Peace is 1.8MB. The total size of the new breaches is 845GB, which equals 469,000 of those books.
Troy Hunt, creator of the Have I Been Pwned? tool, wrote a blog post about the latest data breach called Collection 1.
Let’s start with the raw numbers because that’s the headline, then I’ll drill down into where it’s from and what it’s composed of. Collection #1 is a set of email addresses and passwords totaling 2,692,818,238 rows.It’s made up of many different individual data breaches from literally thousands of different sources.
To find out if your account credentials were leaked, visit haveibeenpwned.com.
Voipo CEO Timothy Dick said the company found no evidence in logs or on its network that a data breach happened.
A data breach tool called have i been pwned? is an app and website that helps you find out if your information was included in data breaches. It’s easy to use, just enter your email address. Have I been pwned? allows you to search across multiple data breaches to see if your personal data was compromised by any of the big hacks on record. The app includes no or automatic collecting of private data, searching among published databases and so-called pastes, getting real-time updated by receiving push notifications when new breaches happen, and information behind certain hacks, provided with relevant links to more information. The app has also been provided as open source software, found at GitHub. App Store: Free
We’ve seen data breaches happening left and right lately, and someone should tell Silicon Valley that getting hacked isn’t a competition.
In a blog post the company announced that it discovered the breach on Friday. Here is the information that was compromised.
The United Nations data breach leaked passwords and other sensitive data to the entire internet via productivity app called Trello.
mSpy is an iPhone spyware company that makes software used by parents and others to snoop on iPhone usage, and it suffered a data breach.
Kromtech said the user data was exposed—rather than hacked—most likely by misconfiguration of a MongoDB database.