Search This Blog

Showing posts with label Data Breach. Show all posts

Maze Ransomware Exfiltrated Data of Southwire Firm, Threatens to Publish if Ransom Not Paid


Maze ransomware, a variant of Chacha Ransomware that has been leading the charge of various ransomware attacks lately, now claimed responsibility for yet another cyber attack, this time on North America's most prominent wire and cable manufacturer, Southwire that generates household and industrial cables, utility products, portable and electronic cord products, OEM wire products, engineered products, and metal-clab cables for more than 50% of Northern America. It's a leading wire producing company with over 7,500 employees and has been around for seven decades now.

The attackers surreptitiously infiltrated company data and demanded a ransom of approximately $6 million (859 BTC) for a safe release of the data which reportedly is all set to be published in case the company fails to pay the demanded amount.

Maze Ransomware was originally discovered by Jérôme Segura, a security researcher at Malwarebytes in the month of May, earlier this year. Since then, the malware strain has gained massive popularity and is continuously becoming more and more active. While organizing various malspam campaigns, it has been discovered that its affiliates are essentially more dangerous.

On Monday, around the time when the company's website suffered the ransomware attack, admins located a message posted in Imgur demanding a ransom of 850 BTC from the company. In the wake of which, a topic was started on Reddit where Snooze16, seemingly an employee of the company, while putting the situation in perspective, said, “I went into the offices yesterday afternoon. Everyone was headed home – no computers. It looks like their site is still down. The IT guy that was there told me that the plant called him at 5 am asking how to shut the servers down. Bad time of year not to be shipping.”

In a conversation with the Chronicle, Jason Pollard, vice president of Talent Acquisition and Communications for the wire manufacturer, told, "We immediately self-quarantined by shutting down the entire network,"

"The incident did cause some disruption in our ability to make and ship our products."

"The safety of our employees, the quality of our products and our commitment to our customers are critically important to us. Today, we’re bringing critical systems back online, prioritizing manufacturing and shipping functions that enable us to create and send the product to our customers. We are dedicated to restoring all systems and bringing all of our employees back to work as safely and as quickly as possible." He further added.

British American Tobacco’s Romanian Platform Faces Data Breach; Ransomware Demands Bitcoins

British American Tobacco (BAT)’ s Romanian web platform compromised due to a ransomware attack and data breach.
BAT which is a United Kingdom-based company is one of the most gigantic manufacturers of nicotine and tobacco products.
Reportedly, the data breach was first ascertained on an Irish “unsecured Elastisearch server” with around 352 GB of data. Allegedly, the hackers had breached the data’s location.
The ransom request was waiting for the onlookers on the server in the form of a "readme" file wherein they had demanded a “Bitcoin payment” in exchange for “not deleting their data”.
Per sources, the cyber-researchers had discovered the data breach on a “server connected to the web platform YOUniverse.ro” which is part of the Romania promotional campaign for BAT, pursuing adult smokers.
The compromised data encompasses users’ “Personally Identifiable Information” (PII), like name, gender, email address, phone number, date of birth, source IP and cigarette and tobacco product preference.

Allegedly, tobacco advertising is mostly prohibited by the Romanian law, while exempting certain sorts of promotional campaigns and event sponsorship aiming at existing smokers over 18 years of age.
The platform in question aided Romanians to win tickets to events and parties studded with local and international performing stars.
Regardless of the numerous attempts made by the team to contain the breach, the database had been unprotected for the past two months and was finally contained on November 27, 2019.
According to sources, the research team has been after the company’s local branch, the global company, the server’s host, Romania’s National Authority for Consumer Protection (ANPC) and the Certification Authority (CA) for some clarification.
The CA was the only organization to revert to the team. The Romanian journalists who were contacted along with the authorities are yet to answer.   

Hackers stole half a million profiles from a Russian job search site


The hacker forums got a database of users of the portal jobinmoscow.ru. According to the founder and technical director of Device Lock, Ashot Hovhannisyan, the database has logins and passwords for 500,000 users in addition to the publicly available information.

Media noted that some logins and passwords were relevant, if you enter some of them, you could get to the pages of portal users. After the journalist informed the site representative about this, it became impossible to enter the accounts.

However, the company owning the site from which the leak occurred confirmed the information about the data leak.

"A quick analysis of the situation showed that there are no violations of the law on our part. Our experts analyze any possible threats to the technical security of the site and take the necessary steps to prevent unauthorized use of the site," commented on the leak, Forex Consulting CEO Yuri Mozgovenko.

Experts reported that the personal data of customers of the site can be used in the black market of fake employment. Scammers can call applicants and promise a job, but for the final stage of hiring, they will ask to pay a small amount.

In addition, the leak of passwords creates a vulnerability for social networks of users, they can be hacked. Experts also note that the resume contains not only personal information about the applicant but also data about former employers. As a result of such a leak, it becomes possible to replace the resume or vacancies of a particular company to damage its business reputation.

However, experts do not see significant threats in such data leaks.
According to jobinmoscow.ru, more than 566,000 vacancies from 209,000 companies were posted, as well as more than 195,000 resumes.

Chinese Smartphone Maker OnePlus Discloses Data Breach





Chinese smartphone manufacturer, OnePlus has announced a data breach where the order information including names, contact numbers, email addresses and shipping addresses of customers from its online store was exposed. However, customers' payment information, passwords, and accounts haven't been compromised in the incident. OnePlus ensured that the affected customers are being timely notified.

The company told in an FAQ that the breach took place last week and was discovered immediately. According to the officials, it was a certain vulnerability in their website which became the entry point of the attackers. However, no additional details were provided by OnePlus.

"We took immediate steps to stop the intruder and reinforce security, making sure there are no similar vulnerabilities. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident." the company said in the FAQ.

As a security measure to ensure there exists no similar security vulnerability, OnePlus thoroughly examined the
website. Furthermore, the company is making efforts to upgrade its security program which included partnering with a world-renowned security platform next month. The company told that it would be launching a bug bounty program by the end of this year.

In the OnePlus security ecosystem, this came as the second hit to the privacy of its users, the company witnessed a similar one last year in January wherein almost 40,000 were affected and users' credit card information was stolen. OnePlus's breach came after T-Mobile announced a similar data breach that impacted a small number of accounts using the company's prepaid offerings.

"Our Cybersecurity team discovered and shut down malicious unauthorized access to some information related to your T-Mobile prepaid wireless account," the company said. "None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised."

"The data accessed was information associated with your prepaid service account, including name and billing address (if you provided one when you established your account), phone number, account number, rate plan and features, such as whether you added an international calling feature," the company further added.

Open databases leaked 93 Million billing files of patients.



Around 93 Million billing files were exposed containing information of patients from drug and alcohol addiction facilities by a misconfigured AWS s3 storage bucket. These three drug and alcohol addiction facilities were operated by San Juan Capistrano, California-based Sunshine Behavioral Health, LLC namely SBH’s Monarch Shores location in San Juan Capistrano; Chapters Capistrano facility in San Clemente, Calif.; and Willow Springs Recovery center in Bastrop, Texas. Patients from these facilities had their data open and accessible and SBH was repeatedly informed by DataBreaches.net about this leak.



The exposed data consisted of billing details like individual's name, birth date, physical and email addresses, phone numbers, debit and credit details like card numbers with partial expiration dates and a full CVV code and health insurance information, including membership and account numbers and insurance benefits statements. Roughly, 93 Million files were released but comparatively fewer individuals were affected as patients had multiple files to their name. The news was covered by DataBreach.net yesterday, but they have been following the case since August.

An anonymous individual tipped DataBreach.net about the open database in late August and they informed Sunshine Behavioral Health regarding the leak on September 4th but to no avail. They then spoke to SBH's director of compliance, Stephen VanHooser and shortly the data was made private. But, unfortunately in November Databreach.net noticed that “the files were still accessible without any password required if you knew where to look.

And anyone who had downloaded the URLs of the files in the bucket while the bucket was exposed would know where to look.”, stated the post. The data and files were finally secured after they again reached out to SBH on Nov 10 and 12. Adding to that, the three-drug and alcohol addiction facilities haven't made the leak public, There has been nothing on their website, the California Attorney General’s website, or HHS’s public breach tool, even though it is more than 70 days since they were first notified,” the blog states. Maybe the affected parties were informed but not the public.

Credit histories of a million Russians were in the public domain


The microfinance company’s database with passport data, phone numbers and residential addresses was made publicly available.

Credit histories of more than 1 million Russians with data of mobile operators obtained from the Bureau of Credit Histories (BKI) were in the public domain since the end of August. Independent cybersecurity researcher Bob Dyachenko first discovered this data on October 10. According to him, he reported a problem to the BKI, after which the database was closed.

However, it is not known whether anyone had time to download the publicly available information. As Dyachenko noted, specialized search engines indexed it on August 28.

According to media reports, the database could belong to GreenMoney microfinance company, which gave the online loans. It contains passport data of borrowers, other documents, addresses of registration and actual place of residence, phone numbers, information about loans.

GreenMoney CEO Andrei Lutsyk said that an audit is being carried out on what happened. According to him, the company complies with all requirements for the storage and processing of personal data provided by law.

Information security expert Vitaliy Vekhov noted that any leak of personal data carries risks for its owners. In this case, he believes, it is important to understand exactly what information appeared on the Internet.

"For example, passport data alone do not carry anything. According to a photocopy of the passport, as you know, nothing can be issued. If we are talking about the data of Bank cards, they can be used only if there is a CVV code, and it is not in the data of credit histories," the expert explained.

According to Vekhov, at the same time attackers can freely use any data with the help of certain resources.

It is interesting to note that the company GreenMoney in mid-September was deleted from the register of the Monetary Financial Institutions (MFIs) for numerous violations.

Yandex.Money to reissue customer cards after hacking


The electronic payment service Yandex.Money will re-issue the cards of its customers, the data of which users stored on one of the hacked servers.

Earlier, one of the Telegram channels reported that the attackers took possession of a full dump of the database network of electronic money exchangers. According to the channel, they are trying to sell a dump containing logins, names, addresses, partially decrypted passwords of user ID-wallets, card numbers and their balance for 50 thousand dollars.

According to Yandex Representatives, all information was taken from a third-party server through which users exchanged funds. As a result of verification, Yandex found out that a private website was hacked.

It’s important to note that scammers will not be able to use payment information, since all transactions require a number of actions confirming the operation.

"All wallet transactions require a payment password, card transactions also require 3Ds confirmation, but in any case, we will reissue all cards whose details have been made public," the company said.

QIWI Technical Director Kirill Ermakov told that the leak does not relate to the compromise of QIWI databases and does not pose a threat to users.

"The data of third-party services that are not related to QIWI were leaked. We take the protection of personal data of our customers very seriously and constantly inform customers that they can not leave their personal data and data to enter your personal account on third-party resources," he said.

Last week, hackers posted information about the sale of data cards of customers of Sberbank. The authors of the announcement stated that their database contains 60 million entries. Initially, the Bank confirmed that the data of 200 customers had leaked, but later Sberbank admitted that the leak affected 5 thousand customers. According to the credit institution, their data is safe. Sberbank found a suspect in the leak, he was an employee of the Bank.

The data of almost 9 million customers of Russian mobile operator Beeline was in the public domain


The database of 8.7 million former and current Beeline mobile customers was in the public domain. The test showed that the data is relevant. This database contains data of customers who connected Beeline home Internet. According to the press service of the mobile operator reported that the data leak was recorded in 2017, and the perpetrators were identified. Beeline assured that now most of the information is outdated data.

According to experts, the information in the database is enough for attacks using social engineering methods, and there are still no ways to deal with fraudsters of this kind.

According to the Beeline press service, the company immediately established an operational headquarters to investigate the situation.

"Part of the information in the distributed archive does contain the data of the subscriber base of customers, however, a significant part of the information is outdated and irrelevant," the company said.

They also noted that Beeline’s customer base at the end of the second quarter of 2019 was 2.5 million subscribers, and not eight million, as attackers say.

The company assured that they are making every effort to ensure that this does not happen again.

"We appealed to all file-sharing resources where information about customers was posted. Many of them immediately agreed to remove it," Beeline said.

It is noted that the criminals are trying to re-publish the data, which indicates their desire to discredit the company.

"Our security service is investigating this incident, we will be grateful for any information that will help this work, both from our customers and from colleagues in the market," the press service said.

It also reported that the company is working closely with the competent authorities and agencies to prevent the disclosure of personal data not only of its customers, but also customers of all Telecom operators.

The company assures that outsiders do not have the opportunity to carry out transactions with the accounts and tariffs of their customers.

SGS Servers Compromised In a Data Leak; Customers in Jeopardy!



Firms including MG Motors, Shell India and Daimler India commercial vehicles got in jeopardy as the servers of SGS Group got compromised.

The private data saved on those servers was up for sale for a mere amount of $10,000 on ‘Dark Web’ or on the private internet forums.

Per sources, the data includes quality reports of the few very prominent oil and gas firms and truck manufacturers.

The firm in question mentioned that the leak’s been plugged, the anomalies have also been corrected and all the possible measures have been taken. Also the clients have been informed.

The firm’s Korean division which contains over 6,000 reports and French division were also under attack outing thousands of user data and test reports of its clients.

SGS servers are probably going to have quite a financial impact for its clients and customers.

“The SGS company servers have laid bare legitimate reports and it’s bound to have serious implications as hackers have all the access to the kind of files on the DarkWeb”, said J Prasanna, CEO, Cyber Security and Privacy Foundation Pte Ltd, Singapore.

According to him the situation clearly points to the actual storage devices being compromised.

The concerned firms were questioned about the damage to which Shell replied that they are strongly focused on ensuring high standards for its customers.

Facebook exposes 400 million user phone numbers


Security researchers have found a trove of more than 400 million Facebook users containing phone numbers on an unprotected server.

TechCrunch found a database on a server without any protection or encryption, meaning anyone could have found and accessed the database of users.

The database include 419 million records included unique Facebook IDs and the phone number listed on the account. Some also included the user's birth date, location and gender.

"This dataset is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," the statement said.

"The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on April 4th 2018 by Facebook's Chief Technology Officer."



Data of almost all employees of Russian Railways were publicly available


The personal data of 703 thousand employees of Russian Railways, from the CEO to the drivers, were publicly available. A few hours later, the site administrator who published the data closed access to it, but this did not prevent their further distribution. The Russian Railways announced the beginning of the inspection.

Note that according to the report for the first half of 2019, the number of employees of Russian Railways amounted to 732 thousand people, thus, in the public domain were full names, addresses, Individual insurance account number (SNILS), phones and even photos of 96% of employees.

However, the representative of Russian Railways assured that the personal data of the passengers were not stolen: "The Ticket Sales System has the protection of personal data of a high degree of reliability.”

The founder and technical director of the company DeviceLock, specializing in the prevention of data leakage from corporate computers, Ashot Hovhannisyan on Tuesday, August 27, reported in his Telegram-channel "Information Leak" and in his blog on the Habr.com that unknown posted in open access personal data of 703 thousand people. At the same time, the attackers added a note to the publication: Thanks to Russian Railways for the information provided by careful handling of personal data of its employees."

The data of Russian Railways employees was published on the website infach[.]me under the title "Slaves of the Railways". At the moment, the website doesn’t work. The infach[.]me domain was registered in February 2018, it allowed users to anonymously publish personal data of other people.

According to the results of the first inspection of the Russian Railways, it became known that the data of the company's employees got into open access after hacking the system. According to one version, cybercriminals hacked servers on which the Personnel Department stored complete information about its employees, including their names, surnames, SNILS, mobile phones, tax identification number. According to another version, attackers hacked the database of the Corporate University of Russian Railways, where almost all employees study. The company said that the incident is an attempt to discredit, but its purpose is still unknown.

It should be noted that the day before also became known about the leakage of data of hundreds of Russians, presumably through the Russian System for Operative Investigative Activities (SORM), with which the security services can read the correspondence of citizens.

Instagram Users Fall Victim To yet another Phishing Campaign



Instagram user's become victims of a new phishing campaign that utilizes login attempt warnings combined with what resembles the two-factor authentication (2FA) codes to trick potential victims into surrendering over their sensitive data by means of fake sites.

It is believed that they use the 2FA to make the scam increasingly 'believable' and  alongside this they resort to phishing with the assistance of a wide scope of social engineering techniques, just as messages intended to seem as though they're sent by somebody they know or an authentic association.

Here, particularly the attackers utilize fake Instagram login alerts stating that somebody tried to sign in to the target's account, and thusly requesting that they affirm their identity by means of a sign-in page linked within the message.

In order to abstain from raising any suspicions these messages are intended to look as close as conceivable to what official messages might appear coming from Instagram.

Once on the target is redirected to the phisher's landing page, they see a perfectly cloned Instagram login page verified with a legitimate HTTPS certificate and displaying a green padlock to ease any questions regarding whether it's the genuine one or not.


To avoid from falling for an Instagram phishing trick like this one, the users are prescribed to never enter their sign-in certifications if the page requesting that they sign in does not belong to the instagram.com site.

Anyway in the event that the user has had their Instagram credentials stolen in such an attack or had their account hacked but in some way or another can still access it, at that point they should initially check if their right email address and phone number are still associated with the account.

Following this they it is advised that they change the account's password by adhering to specific guidelines given by Instagram.

Be that as it may, assuming unfortunately, that the user has lost access to their account after it being hacked, they can utilize these guidelines or instructions to report the incident to Instagram's security, which will then accordingly re-establish it subsequent to confirming the user's identity through a picture or the email address or phone number you signed up with and the type of device you used at the time of sign up."

A Web Privacy Research Group Discovers Data Breaches In Two Indian Fintech Startups




Data breaches in two Indian fintech start-ups — Credit Fair and Chqbook were recently discovered by a web privacy research group called vpnMentor. While the former start-up has all to deal with online shopping credit to customers the latter is a finance marketplace which associates customers to credit cards, and personal loans providers.

The research group's team found that "both Credit Fair and Chqbook’s entire databases were unprotected and unencrypted. Credit Fair uses a Mongo Database, while Chqbook uses Elastic Search, neither of which were protected with any password or firewall.”

With regards to Chqbook, the research group 'claimed' to have accessed 67 GB of user information including sensitive data, like the user's telephone number, address , email, Credit card number, expiry date, transaction history, plain text passwords, gender, income and employment profile among other fields.

However, Vipul Sharma the founder of Chqbook denied the research group's claim that 67 GB of user data was comprised, rather he said that 'Chqbook does not have that much volume of data.'

In the case of Credit Fair, the research group said it was able to extract 44K user records containing fields, like phone number, detailed information of their loan applications, PAN number, IP address, session tokens, Aadhaar number, and more.

The 'lending company' as of now has still not fixed the issue as per the research group's post of July 31.

This is however not the first case of data breach in Indian start-ups, numerous well-known start-ups across various sectors have experienced at least one situation of data breach. Some recent ones include: Truecaller, Justdial, EarlySalary, Ixigo, FreshMenu, and Zomato.

Hence keeping in mind the ever expanding number of data breaches in the nation, the Indian government has begun observing the situation with a much serious eye that too at a policy level and in July, an high-level panel headed by Justice B.N Srikrishna submitted its recommendations and the draft Personal Data Protection Bill 2018 to IT minister Ravi Shankar Prasad.

Hopefully the Government's stance on requiring every single sensitive information of Indian users to be put away or stored locally to guarantee that the information is easily auditable will be viable this time.

Capital One Data Breach, Hacker gets Access to 100 Million Accounts


A massive data breach to Capital One servers compromised the personal details of an estimated 106 million bank customers and applicants across Canada and the US.

The suspected hacker, Paige Thompson, 33, has been arrested by FBI on Monday. She has shared details about the data breach on a GitHub page earlier in April, according to the criminal complaints.

Thompson broke into a Capital One server and illegally acquired access to customers' names, addresses, credit limit, contact numbers, balances, credit score, and other related data.

According to the documents, the 33-year-old, Seattle resident gained access to 80,000 bank account numbers, 1 million Canadian Social Insurance numbers, and 140,000 Social Security numbers.

Thompson who had previously worked with Amazon Web Services as a software engineer was able to access the data by exploiting a misconfigured web application firewall in company's infrastructure, as per a court filing.

Despite the magnitude of the breach, "no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised," the company told.

Expressing concern over the matter, Chairman Richard Fairbank, said, "While I am grateful that he perpetrator has been aught, I am deeply sorry for what has happened.

"I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right," he assured.

Meanwhile, the company is notifying the victims and aiding them with identity protection and free credit monitoring.



Researchers found Third-Party costs the Healthcare Industry $23.7 Billion a Year






The average cost of a data breach has increased to 12% over the past five years to US$3.92 million, according to a report sponsored by tech giant IBM.

The report released by Censinet and the Ponemon Institute which was funded by IBM, conducted research on more than 500 companies around the world that suffered a breach over the past year.

According to the report, 72 percent of respondents believe that the increasing dependence on third party medical devices to the network is most risky, while 68 percent say connecting medical devices to the internet increases the risk of cyberattack. 

“This research confirms that healthcare providers require a better, more cost-effective approach to third-party risk management,” said Ed Gaudet, CEO, and founder of Censinet. “The adoption of technology in healthcare is more rapid and complicated than ever before. As an industry, we must help providers safely enable cloud applications and medical devices optimized to deliver the quality of care hospitals and their patients expect.”

In India, on an average, 35,636 records were compromised in a data breach, and cost ₹12.8 crore to organizations from July 2018 and April 2019,


“It’s clear that healthcare providers are in a tough spot. The number of vendors they rely on is increasing at the same time the threats those vendors pose are escalating in frequency and severity, so it’s easy to see how managing these risks has become an overwhelming problem,” said Dr. Ponemon, chairman and founder of the Ponemon Institute. “But it’s not all bad news – we can very clearly see an opportunity with automation for healthcare providers to monitor, measure, and mitigate the scourge of third-party breaches that continues to plague their industry.”

Equifax Paying Settlement around $700 Million after Massive Data Breach


Almost two years ago, Equifax suffered a massive data breach which exposed a significant amount of sensitive data of over 143 million Americans, the compromised information included that of driving licenses, social security numbers, and addresses of the victims. 

It has been uncovered by The Wall Street Journal and The New York Times that the consumer credit reporting agency is closing in on a settlement with FTC, state attorneys general, Consumer Financial Protection Bureau along with state and federal agencies. Equifax could settle up with $650 to $700 million, out of which it has put aside $690 million for the purpose of penalty. 

As per the media findings, the amount is expected to differ on the basis of the number of people filing claims and the details of the same will be released on Monday.

Notably, the settlement entails terms to devise a separate fund for the purpose of settlement, however, the amount victim's could expect in compensation is still a matter of question.

Commenting on the matter, Equifax CEO, Richard Smith, said, “At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” as he decided to retire in the wake of the cyberattack. 



Logins and passwords of users of the Russian online store Ozon leaked to the Internet


The database including more than 450 thousand e-mail addresses and user passwords from accounts of the Russian online store Ozon was found on one of the sites that collect data leaks.

According to journalists, the leak occurred six months ago, but the company did not declare it. The found database combines two other bases, the originals of which were found on one of the hacker forums in November 2018.

As it turned out, a massive data leak could occur in three cases: data theft by an Ozon employee, an attack by a hacker who got inside the organization, or an incorrectly configured external server that opened unauthorized access to the database to anyone.

It is interesting to note that in 450 thousand of published logins and passwords, the number of data belonging to users of the company does not exceed a few percents.

"At the same time, most of the discovered accounts are inactive, that is, they have not been used for a long time," the company said.

Ozon explained that after the leak became known, compromised passwords were reset, and users were notified of the incident.

The official representative of Roskomnadzor (The Federal Service for Supervision of Communications, Information Technology and Mass Media) Vadim Ampelonsky said that Roskomnadzor intends to obtain explanations from the online store Ozon due to the leakage of user data.

Ampelonsky noted that Roskomnadzor is concerned about the actions of Ozon under the circumstances, as the online store did not notify in a timely manner about this situation, which threatened the safety of customers.

According to the official representative of Roskomnadzor, the e-mail address and password not only allows access to the user's account, but also allows to collect personal information and to act on his behalf.

The press Secretary of Roskomnadzor said that at the moment Russian laws do not oblige to notify the Supervisory authority about leaks, but now the relevant regulatory documents are being developed.

One Plus found leaking user data

Chinese smartphone brand OnePlus has been reportedly leaking data of OnePlus phone users for years. According to a report by 9to5 Google, OnePlus has been ‘unknowingly’ leaking crucial personal information of its users publicly for quite a considerable amount of time and it is only when the major security flaw was pointed out to the company recently that it has started to investigate. Here is everything you must know about this breach in privacy.
According to the report, OnePlus has been leaking names and email addresses of hundreds of its users, through the ‘Shot on OnePlus’ application that allegedly carries a security flaw. The app offers you a place to upload photos taken by your OnePlus device to be featured as wallpapers by OnePlus users globally.
As the name suggests, ‘Shot on OnePlus’ allows users to upload their photos from the phone or from a website (for which they need to be logged in to the OnePlus account) and set user-submitted photos as their wallpaper. Users can also adjust their profile, including their name, country, and email address from the app and the website. OnePlus chooses one photo every day to feature in the app and on the website. According to 9to5Google, the API OnePlus used to make a link between their server and the app was “fairly easy to access” despite carrying private information about users. It said anyone with an access token could “do most actions” with the API. An API, or Application Programming Interface, is a software intermediary that allows two applications to talk to each other.

9to5Google said it discovered the “somewhat major” vulnerability in the API OnePlus uses for the app a couple of months ago, and that the company had already fixed it. It said it was unclear for how long users’ data had been leaking in this way, but believed it had been happening since the launch of the ‘Shot on OnePlus’ app many years ago.

The leak was reported taking place because of a flaw which was communicated to the company in early May but hasn’t been completely patched despite a fix being rolled out.

Data Leakage in the Federal portal of public services exposes the personal data of millions of Russians

Details of passport, social security number and employment data of 2.24 million Russian citizens were publicly available. Ivan Begtin, the Chairman of the Data Markets Association was discovered this leak. He analyzed the information of the largest Russian electronic trading platforms, where commercial purchases and public procurement are placed, and where important data was publicly available.

Begtin checked 562 thousand records of ZakazRF, 550 thousand records of RTS-tender, as well as records of Sberbank AST and other major Russian electronic trading platforms. Confidential information was in the public domain on each of the websites.

According to the Chairman of the Data Markets Association, the error occurred due to the illiteracy of developers and inaccuracies in the legislation. In his opinion, decisions on approval of major transactions should be published in the public domain by law. These documents often contain personal data. Second, the electronic signature that customers and suppliers use contains data about the name, e-mail and social security number.

Konstantin Bochkarev, the legal advisor of CMS, said that the disclosure of passport data may result in criminal liability for violation of privacy. According to him, there were examples when the phone number was recognized as a personal or family secret in practice of the Moscow city court.

Experts believe that the developers have violated the law "On personal data". The data can be removed by Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor) on the request of an individual or media reports.

At the moment, Roskomnadzor has already sent to the electronic trading platforms requests for the disclosure of personal data of more than 2 million bidders.

It is interesting to note that Google said in December that the data of 52.5 million people started to be publicly available due to an error in the Google+ service. Applications independently requested data on age, name and e-mail. The company assured that the card data and other personal data were not available to the application.

Data breach at University Of Alaska exposes personal information of students online



A Data breach incident at the University of Alaska  has compromised the personal information of students and other individuals. The university allegedly faced online data breach to its database which exposed several sensitive informations including personal information of teachers and other officials. The news came out in public after university disclosed the incident notice on their website.

In February 2018, some of the users of University’s website reported change of passwords and unauthorised access to their accounts, the University of Alaska started the investigation and later found out that their have been several incidences of data breach, exposing various personal informations of users.

According to an university investigating official “On or around March 28, 2018, the investigation determined that an unauthorized user also may have accessed certain email accounts between January 31, 2018, and February 15, 2018.”, he further added, “It may include an individual’s name, government issued identification number, date of birth, digital signature, driver’s license number, usernames and/or passwords, financial account numbers, health and/or health insurance information, passport number, and UA student identification number. For certain individuals, Social Security number may also have been present in the affected email accounts.”

After discovering the data breach incident, the University took action to prevent further damage, they took external experts to handle the investigation and are determined to find out the extent of the damage, They don’t have specific number of users affected by the incident.

There has been similar data breach incident earlier this month at Georgia Institute of Technology. Allegedly in the incident millions of records containing information of students and staff were exposed online.