A curated list of the top stories of the week concerning data leaks and digital threats.
By Swati Khandelwal, April 19, 2019, The Hacker News
A white-hat hacker found a way to get into the French government’s newly launched, secure encrypted messaging app that otherwise can only be accessed by officials and politicians with email accounts associated with government identities.
By Graham Cluley, April 24, 2019, Hot For Security
Bodybuilding.com, one of the world’s largest and most popular online fitness stores, admitted that it had suffered a security breach that might have exposed customer data. Information which may have been accessed by the hackers include customers’ names, email addresses, and billing and shipping addresses.
By Lisa Vaas, April 23, 2019, Naked Security
Thousands of people who downloaded a popular app called WiFi Finder found that it got handsy with users’ own home Wi-Fi, uploading their network passwords to a database full of 2 million passwords that was found exposed and unprotected online.
By Wei Cheng, April 23, 2019, TechNode
A repository containing a large number of usernames and passwords for Chinese video-streaming site Bilibili was found on open-source software development platform GitHub. The repository contained more than 50 megabytes of source code.
By the Information Security Newspaper team, April 22, 2019, Information Security Newspaper
A cybersecurity investigator reported the finding of at least eight databases without online protection measures, containing about 60 million LinkedIn user records. These databases include information such as usernames, emails, and work history.
By Tara Seals, April 22, 2019, threatpost
Tens of thousands of patients of a rehab clinic in Pennsylvania may find their personal information hijacked and manipulated by identity thieves or extortionists. An ElasticSearch database that was left open to the internet exposed about 4.9 million data points of personally identifiable information.
By Pierluigi Paganini, April 21, 2019, Security Affairs
A security researcher discovered a database belonging to a ride-hailing company operating in Iran that was left exposed online without protection, containing over 6.7 million records of Iranian drivers.
By Manisha Priyadarshini, April 22, 2019, FossBytes
Indian researchers have found that the choices we make in Netflix Bandersnatch interactive videos aren’t exactly private. The team says that Netflix’s encrypted interactive video traffic can be analyzed to find out what users are watching and the choices they make in interactive videos.