Data Leaks of the Week – May 3, 2019

News

Avatar CybelAngel • May 3, 2019

A curated list of the top stories of the week concerning data leaks and digital threats.

Unprotected database exposed details of over 80 million U.S. households

By David Bisson, April 30, 2019, TripWire

Security researchers found an unprotected database stored on the cloud that contained 24 GB of information pertaining to 80 million U.S. households–more than half of the total number of American homes. Digital criminals can abuse this information to commit identity theft, stage phishing attacks, infect individuals exposed in the data leak with ransomware, collect data for future attacks, and even burglarize their homes.

Docker Hub hack exposed data of 190,000 users

By Catalin Cimpanu, April 27, 2019, ZDNet

Docker Hub, the official repository for Docker container images, discovered unauthorized access to a single Hub database storing a subset of non-financial user data, exposing 190,000 users.

Hackers steal and ransom financial data related to some of the world’s largest companies

By Joseph Cox,  April 30, 2019, MotherBoard

Hackers have broken into CityComp, a Germany-based internet infrastructure firm that provides services to dozens of the world’s largest and most valuable companies, including Oracle, Volkswagen, and Airbus. The company has been hacked and blackmailed, and the attack is ongoing.

Database exposes medical info, PII data of 137k people in U.S.

By Sergiu Gatlan, May 1, 2019, Bleeping Computer

A publicly accessible Elasticsearch database discovered on March 27 exposed various types of personally identifiable information (names, addresses, dates of birth, etc.) and medical info of more than 100,000 individuals. The leaked data belonged to SkyMed, a company which has provided medical emergency evacuation services for about 30 years.

Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws

By Zeljka Zorz, May 2, 2019, HelpNet Security

Attackers are actively exploiting recently fixed vulnerabilities in Oracle WebLogic and Atlassian Confluence to deliver ransomware, mine cryptocurrency, and make compromised machines participate in DDoS attacks.

Leaks are inevitable. Damage is optional.
Where has your enterprise's data leaked to?

See Your Data Leaks