data leak Archives

Leaked Internal Facebook Documents Reveal Disturbing Information

Andrew Orr · November 6, 2019

Today a trove of 4,000 internal Facebook documents reveal how the social media giant profits off user data and battles rivals.

Here are some of the key revelations from the document dump, including from reports published from earlier leaks:

Facebook wielded its control over user data to hobble rivals like YouTube, Twitter, and Amazon.

Facebook executives quietly planned a data-policy “switcharoo.”

Facebook considered charging companies to access user data.

Facebook whitelisted certain companies to allow them more extensive access to user data, even after it locked down its developer platform throughout 2014 and 2015.

Facebook planned to spy on the locations of Android users.

The PDF can be found here but currently it’s taking forever to load. Grab it while it’s hot.

Link

Travel Platform Autoclerk Just Leaked 179GB of Military Data

Andrew Orr · October 23, 2019

Hosted on AWS servers, Autoclerk leaked 179GB of military data containing sensitive personal data of users and hotel guests.

The most surprising victim of this leak wasn’t an individual or company: it was the US government, military, and Department of Homeland Security (DHS). Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future. This represented a massive breach of security for the governmentagencies and departments impacted.

Link

Your X-Ray Images and Medical Data Are Available on the Internet

Andrew Orr · September 17, 2019

A ProPublica investigation revealed that medical images and health data are often stored in insecure servers that are easily accessible to anyone with a bit of computer knowledge.

We identified 187 servers — computers that are used to store and retrieve medical data — in the U.S. that were unprotected by passwords or basic security precautions. The computer systems, from Florida to California, are used in doctors’ offices, medical-imaging centers and mobile X-ray services.

All told, medical data from more than 16 million scans worldwide was available online, including names, birthdates and, in some cases, Social Security numbers.

News

Password-Less Server Leaked Facebook IDs and Phone Numbers

Andrew Orr · September 4, 2019

A server found without a password contained over 419 million database records of Facebook users in the U.S., U.K. and Vietnam.

News

Capital One Hacker Possibly Hacked 30 Other Companies

Andrew Orr · August 15, 2019

Paige Thompson, the Capital One hacker, possibly hacked 30 other companies, new court documents revealed. Victims aren’t yet known.

News

Mobile Bank Monzo Stored Card PINs in Internal Logs

Andrew Orr · August 5, 2019

Calling it a bug, mobile-only bank Monzo logged PINs inside encrypted internal logs under certain conditions, and some employees had access.

Link

That Recent Data Breach Might Not Be Limited to Capital One

Andrew Orr · July 31, 2019

The Capital One data breach might not have bene limited to the bank. Other companies could’ve been affected too, according to Slack messages from the hacker Paige Thompson.

Reports from Forbes and security reporter Brian Krebs indicating that Capital One may not have been the only company affected, pointing to “one of the world’s biggest telecom providers, an Ohio government body, and a major U.S. university,” according to Slack messages sent by the alleged hacker.

Krebs posted a screenshot of a list of files purportedly stolen by the alleged hacker. The stolen data contained filenames including car maker “Ford” and Italian financial services company “Unicredit.”

Quick Tip

Capital One Hack: What We Know and What You Can Do

Andrew Orr · July 30, 2019

A Capital One hack was recently discovered, affecting over 100 million people. Here’s what we know, and what you can do to stay protected.

News

Google Contractor That Leaked Audio Data Investigated

Andrew Orr · July 11, 2019

After a report found a Google contractor accessed and leaked Google Home recordings, the company says it will investigate.

News

MongoDB Database Exposed 188 Million Records

Andrew Orr · July 9, 2019

An exposed MongoDB database was found on June 18, 2019, containing 188 million records with personal information, just laying out in the open.

Link

Over 2 Billion User Records Exposed in Orvibo Data Breach

Andrew Orr · July 2, 2019

Orvibo makes smart home products, and researchers found a leak in its database that exposed over two billion user records. This included usernames, email addresses, passwords, and precise locations.

The data breach affects users from around the world. We found logs for users in China, Japan, Thailand, the US, the UK, Mexico, France, Australia, and Brazil. We expect that there are more users represented in the 2 billion plus logs.

We first contact Orvibo via email on June 16. When we didn’t receive a response after several days, we also tweeted the company to alert them to the breach. They still have not responded, nor has the breach been closed.

Utterly ridiculous. It’s one thing to leak data, and other thing to ignore the problem and not fix it.

Link

Facebook Marketing Agency xSocialMedia Leaks Medical Data

Andrew Orr · June 21, 2019

xSocialMedia, a marketing agency on Facebook that runs campaigns for medical malpractice lawsuits, has leaked medical and other data for about 150,000 people.

vpnMentor notes that xSocialMedia might not be subject to HIPAA compliance because patients are free to disclose their health information to the parties of their choice – in this case, by inputting it into a form on one of the advertising firm’s sites.

vpnMentor says it discovered the leak on 2 June. xSocialMedia responded on 11 June and closed the database up on the same day.

What a nice bit of information to wake up to.

News

Flipboard Suffers Data Breach, Emails All 145M Users

Andrew Orr · May 29, 2019

Flipboard revealed that an “unauthorized party” accessed its database between June 2, 2018 and March 23, 2019, as well as between April 21-22, 2019.

Link

Chtrbox Exposes Instagram Influencer Database

Andrew Orr · May 20, 2019

Chtrbox, a social media marketing firm based in Mumbai, India, exposed an Instagram influencer database online.

Each record in the database contained a record that calculated the worth of each account, based off the number of followers, engagement, reach, likes and shares they had. This was used as a metric to determine how much the company could pay an Instagram celebrity or influencer to post an ad.

At the time of the writing there were 49 million database records, but was increasing by the hour. The database has since been pulled offline.

News

Stack Overflow Breach Exposes Some User Data (Update)

Andrew Orr · May 17, 2019

Stack Overflow confirmed Thursday that it suffered a data breach last week and said that a “very small number” of users had some data exposed.

News

Exposed Database on Microsoft Cloud Contains Info on 80 Million U.S. Households

Andrew Orr · April 29, 2019

A research team has uncovered an exposed database hosted on a Microsoft cloud server containing 24GBs of data on over 80 million U.S. households.

News

Millions of Facebook Data Records Stored on Amazon Cloud Servers and Leaked

Andrew Orr · April 3, 2019

Over 100,000 open databases were found on Amazon Cloud and contained the personal information of millions of Facebook users.

News

Meditab Health Tech Company Data Leak

Andrew Orr · March 18, 2019

California company Meditab, which makes medical records software for hospitals, doctor’s offices, and pharmacies, exposed data on a server without a password (via TechCrunch). [Apple Health Records Gets Positive Feedback From Patients] Meditab Leak Besides medical records software, Meditab also processes faxes for healthcare providers, and it was a fax server that wasn’t secured. Dubai…

Link

Companies Affected by Box Enterprise Oopsie

Andrew Orr · March 11, 2019

Dozens of companies—including Apple—have been affected by a Box enterprise leak. Data stored in Box enterprise accounts are private by default. But people can share files and folders, which makes the data publicly accessible.

The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed…Using a script to scan for and enumerate Box accounts with lists of company names and wildcard searches, Adversis found more than 90 companies with publicly accessible folders.

Link

Verifications.io Leaked 809 Million Records

Andrew Orr · March 8, 2019

An email marketing company called Verifications.io—which has been taken offline—exposed 809 million records in a database.

In general, the 809 million total records in the Verifications.io trove include standard information like names, email addresses, phone numbers, and physical addresses. But many also include things like gender, date of birth, personal mortgage amount, interest rate, Facebook, LinkedIn, and Instagram accounts associated with email addresses, and characterizations of people’s credit scores (like average, above average, and so on).

As always, use the tool HaveIBeenPwned.com to see if your email was included in a data breach.

Link

This Data Breach is Equal to 469,000 War and Peace Books

Andrew Orr · February 8, 2019

Last month we heard of the Collection #1 data breach, which contained 773 million email addresses and 21 million passwords. Now, Collections #2-#5 are here.

Despite its unthinkable size, which was first reported by the German news site Heise.de, most of the stolen data appears to come from previous thefts, like the breaches of Yahoo, LinkedIn, and Dropbox. WIRED examined a sample of the data and confirmed that the credentials are indeed valid, but mostly represent passwords from years-old leaks.

As with any data breach you can find out if your details have been leaked by visiting HaveIBeenPwned.com. My eBook copy of War and Peace is 1.8MB. The total size of the new breaches is 845GB, which equals 469,000 of those books.

Link

Collection 1 is a Massive New Data Breach

Andrew Orr · January 17, 2019

Troy Hunt, creator of the Have I Been Pwned? tool, wrote a blog post about the latest data breach called Collection 1.

Let’s start with the raw numbers because that’s the headline, then I’ll drill down into where it’s from and what it’s composed of. Collection #1 is a set of email addresses and passwords totaling 2,692,818,238 rows.It’s made up of many different individual data breaches from literally thousands of different sources.

To find out if your account credentials were leaked, visit haveibeenpwned.com.

News

Voipo Database Exposed SMS Messages

Andrew Orr · January 15, 2019

Voipo CEO Timothy Dick said the company found no evidence in logs or on its network that a data breach happened.

Cool Stuff Found

Find Out If Your Data Was Leaked With This Data Breach Tool

Andrew Orr · December 5, 2018

A data breach tool called have i been pwned? is an app and website that helps you find out if your information was included in data breaches. It’s easy to use, just enter your email address. Have I been pwned? allows you to search across multiple data breaches to see if your personal data was compromised by any of the big hacks on record. The app includes no or automatic collecting of private data, searching among published databases and so-called pastes, getting real-time updated by receiving push notifications when new breaches happen, and information behind certain hacks, provided with relevant links to more information. The app has also been provided as open source software, found at GitHub. App Store: Free

WIN an iPhone 16 Pro!