Data Leaks of the Week – May 10, 2019

News

Avatar CybelAngel • May 10, 2019

A curated list of the top stories of the week concerning data leaks and digital threats.

Burger King’s online store for kids exposes customers’ info

By Sergiu Gatlan, May 7, 2019, Bleeping Computer

An unprotected Elasticsearch cluster found via a Shodan search exposed 37,900 records of Kool King Shop customers, a French online shop specifically tailored to be used by kids who bought Burger King menus. The 37,900 Kool King Shop member records contained personally identifiable information such as emails, passwords, names, phones, date of birth, etc.

Freedom Mobile data breach impacts thousands of customers

By Charlie Osborne, May 8, 2019, ZDNet

Freedom Mobile, a major Canadian telecommunications provider, has revealed a data breach which may have exposed sensitive information belonging to thousands of customers. The database contained the email addresses of customers, phone numbers, home addresses, dates of birth, customer types, and IP addresses linked to payment methods.

Samsung spilled SmartThings app source code and secret keys

By Zack Whittaker, May 8, 2019, TechCrunch

A development lab used by Samsung engineers was leaking highly sensitive source code, credentials, and secret keys for several internal projects — including its SmartThings.

Wyzant online tutoring platform suffers data breach

By Charlie Osborne, May 7, 2019, ZDNet

Wyzant has revealed a data breach which has led to the compromise of user data including names, email addresses, and ZIP codes. The Facebook profile pictures used to sign into Wyzant were also placed at risk, which may be useful in phishing campaigns.

Touchstone medical imaging pays $3M to settle HIPAA breach case

By Nick Paul Taylor, May 7, 2019, MedTech Dive 

Touchstone Medical Imaging is set to pay $3 million, after one of its file transfer protocol web servers exposed public health information of more than 300,000 people in 2014.

 

Unsecured database found leaking data about millions of Indians, gets hijacked by hackers: report

By Gaurav Shukla, May 10, 2019, Gadget 360

A massive MongoDB database containing over 275 million records with personally identifiable information about Indian citizens was allegedly found unprotected and publicly indexed on the internet. The owners of the database have seemingly managed to scrape over 275,265,298 records of personal information about Indian job seekers.

Leaks are inevitable. Damage is optional.
Where has your enterprise's data leaked to?

See Your Data Leaks