fbpx

Download free GDPR compliance checklist!

Tag Archives for " data breach "

Facebook Had Years to Fix the Flaw That Leaked 500M Users’ Data

The profile names, email addresses, and phone numbers of over 500 million Facebook users have been circulating publicly online for nearly a week. It took days for Facebook to finally acknowledge the root cause, an issue the company says it fixed in 2019. But now researchers are saying Facebook knew about similar vulnerabilities for years before that, and it could have made a far greater effort to prevent the mass scraping in the first place.

At issue is Facebook’s “content importer,” a feature that combs a user’s address book to find people they know who also use Facebook. Many social networks and communication apps offer some version of this as a sort of social lubricant. But Facebook’s contact import tool in particular has had a number of known problems, and supposed fixes, over the years.

Source: Facebook Had Years to Fix the Flaw That Leaked 500M Users’ Data | WIRED

Facebook faces ‘mass action’ lawsuit in Europe over 2019 breach

Facebook is to be sued in Europe over the major leak of user data that dates back to 2019 but which only came to light recently after information on more than 533 million accounts was found posted for free download on a hacker forum.

Today Digital Rights Ireland (DRI) announced it’s commencing a “mass action” to sue Facebook, citing the right to monetary compensation for breaches of personal data that’s set out in the European Union’s General Data Protection Regulation (GDPR).

Source: Facebook faces ‘mass action’ lawsuit in Europe over 2019 breach | TechCrunch

Irish DPC probes whether Facebook data leak falls under GDPR time frame

The Irish Data Protection Commission (DPC) is probing whether any of the data records of 533 million Facebook users published over the weekend were leaked after the implementation of the General Data Protection Regulation (GDPR).

A dataset, appearing to be sourced from Facebook, appeared on a hacking website containing records of 533 million individuals, including phone numbers and email addresses. The DPC said a significant number of users were European Union residents and much of the data appears to have been scraped from Facebook profiles.

These leaks were before the implementation of GDPR in May 2018 and therefore Facebook did not notify the DPC. However, the DPC is saying that there also “additional records” in the newly published dataset “which may be from a later period” and therefore under the scope of GDPR.

Source: Irish DPC probes whether Facebook data leak falls under GDPR time frame | News | GRC World Forums

Data on 533 million Facebook users leaked on hacking forum

A threat actor has published the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum.

The leaked data includes information that users posted on their profiles. Information leaked today includes Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and anything else users might have entered in their profiles.

Furthermore, the database also contains phone numbers for all users, information that is not always public for most profiles.

Source: Phone numbers for 533 million Facebook users leaked on hacking forum | The Record by Recorded Future

Software vendors would have to disclose breaches to U.S. government users under new order

A planned Biden administration executive order will require many software vendors to notify their federal government customers when the companies have a cybersecurity breach, according to a draft seen by Reuters.

A National Security Council spokeswoman said no decision has been made on the final content of the executive order. The order could be released as early as next week.

The proposed order would adopt measures long sought by security experts, including requiring multi-factor authentication and encryption of data inside federal agencies.

Source: Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft | Reuters

Dutch privacy watchdog fines Booking.com €475K

Hotel booking site Booking.com got hit with a €475,000 fine for being late to report a data breach, the company’s lead EU privacy regulator announced Wednesday.

The fine, imposed by the Dutch data protection authority because the company is legally established in Amsterdam, came after criminals stole the personal data of more than 4,000 Booking.com customers — obtaining the credit card details of nearly 300 victims.

The website received the penalty for missing a 72-hour deadline to report the breach to the regulator, which it did on February 4, 2019 — almost a month after it suffered the breach.

Source: Dutch privacy watchdog fines Booking.com €475K – POLITICO

Credit Card Hacking Forum Gets Hacked, Exposing 300,000 Hackers’ Accounts

Carding Mafia, a forum for stealing and trading credit cards has been hacked, exposing almost 300,000 user accounts, according to data breach notification service Have I Been Pwned.

The data breach allegedly exposed the email addresses, IP addresses, usernames, and hashed passwords of 297,744 users. Have I Been Pwned announced the data breach on Tuesday, saying the breach happened last week.

Source: Credit Card Hacking Forum Gets Hacked, Exposing 300,000 Hackers’ Accounts

Another Court Dismisses Data Breach Class Action Lawsuit for Lack of Standing

Another federal district court has dismissed a data breach case for lack of standing. Former guests of Marriott hotels, sued Marriott in connection with a data breach affecting over 5 million guests.

The Court dismissed plaintiff’s claims for lack of standing, holding that plaintiffs failed to plausibly allege that their alleged injuries were fairly traceable to Marriott’s conduct—an essential element of standing.

Source: Another Court Dismisses Data Breach Class Action Lawsuit for Lack of Standing | Alston & Bird Privacy, Cyber & Data Strategy Blog

Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals

A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.

Companies whose footage was exposed include carmaker Tesla Inc. and software provider Cloudflare Inc. In addition, hackers were able to view video from inside women’s health clinics, psychiatric hospitals and the offices of Verkada itself. Some of the cameras, including in hospitals, use facial-recognition technology to identify and categorize people captured on the footage. The hackers say they also have access to the full video archive of all Verkada customers.

Source: Tesla (TSLA), Cloudfare (NET) Breached in Verkada Security Camera Hack – Bloomberg

Microsoft email server flaws exploited to hack at least 30,000 US organizations

The Chinese state-sponsored group dubbed Hafnium ramped up and automated its campaign after the patch was released. In the US, the group infiltrated at least 30,000 organizations using Exchange to process email, including police departments, hospitals, local governments, banks, credit unions, non—profits and telecommunications providers.

Worldwide, the number of victims is reportedly in the hundreds of thousands. A former national security official Wired talked to said thousands of servers are getting compromised per hour around the world.

When Microsoft announced its emergency patch, it credited security firm Volexity for notifying it about Hafnium’s activities. Volexity president Steven Adair now said that even organizations that patched their servers on the day Microsoft’s security update was released may have still been compromised.

Source: Microsoft email server flaws exploited to hack at least 30,000 US organizations | Engadget

1 2 3 46
>