November 10, 2022

Sensitive Data of 65,000+ Entities in 111 Countries Leaked Due to a Single Misconfigured Data Bucket

October 27, 2022

Researchers at SOCRadar have identified what is being deemed as the most significant B2B leak in recent history. A misconfigured Microsoft-maintained Azure blob led to the exposure of 65,000 entities. The blob contained PII, backups, user information, and other business documents totaling 2.4 terabytes of data. Naming the leak "BlueBleed", SOCRadar details the second part of BlueBleed, which includes six other buckets affecting 150,000 companies. Microsoft has now secured the blobs.

Data Security Perspective: Organizations should ensure their services follow security policies to avoid unauthenticated access to data, especially sensitive data. Misconfigurations of cloud services are still leading to large data breaches. Companies using cloud services to host PII should ensure data is appropriately secured. 

Toyota Dev Left Key To Customer Info On Public GitHub Page For Five Years

October 11, 2022

Toyota announced personal customer information may have been exposed on GitHub for almost five years. In an apology, the company detailed how source code containing an access key was mistakenly uploaded to GitHub in 2017 by a third party that managed the source code. The leaked information contained the data of 269,019 customers, including email addresses and customer management numbers; however, Toyota stated that name and payment information was not included. 

Data Security Perspective: Toyota issued a notification and an apology to customers affected. It also advised customers to be aware of phishing attempts or suspicious emails. Developers should ensure they do not post access keys and other developer secrets in public-facing Git repositories

Shein Data Breach Results In $1.9m Fine For Parent Company

October 13, 2022

An investigation into Chinese online retailer Zoetop resulted in a $1.9m fine from a 2018 data breach. Zoetop, the parent company of SHEIN and Romwe, suffered a data breach in 2018 that resulted in the theft of payment information from millions of customer accounts. According to the New York Attorney General, the company failed to have adequate security measures and tried to cover up the data breach. 

Data Security Perspective: Organizations dealing with personal, sensitive, and payment information need to ensure they are protecting the information with proper security measures. In the event of a breach, customers need to be informed to protect their information. The use of a DSPM, such as Open Raven can help organizations be aware of what data they store and where and ensure it is securely configured. 

Optus Confirms 2.1 Million ID Numbers Exposed In Data Breach

October 4, 2022

Australian telecom company Optus confirmed the exposure of 2.1 million customers' government identification numbers in a data breach. Last month the company suffered a cyber attack that exposed the PII of 9.8 million customers, including email addresses, phone numbers, and dates of birth. Of the 9.8 million customers, 2.1 million had government IDs compromised, with 1.2 million being current and valid. The company is now under investigation to determine if the company took precautions in handling customers' PII and could potentially be fined millions of dollars.

Data Security Perspective:  Since the data breach occurred, a partial set of the data has been for sale online, with other customers complaining of scam attempts. Customers should take proper precautions and be aware of fraud attempts that can arise from their IDs being exposed. Companies handling PII need to make data security a top priority to avoid exposures such as this from occurring, in addition to avoiding heavy fines that they will face. 

Rancher Stored Sensitive Values In Plaintext, Exposed Kubernetes Clusters To Takeover

September 28, 2022

Rancher, a popular Kubernetes tool, had been storing sensitive data in plaintext on Kubernetes objects. The information included passwords, API keys, and account tokens and could be available with low privileges to anyone with access to specific Rancher Kubernetes objects. An exploit of this bug could result in an unauthenticated user gaining control of a Kubernetes cluster.

Data Security Perspective: Rancher has been patched, and users should immediately update to the latest version. Rancher are also advising users to check downstream for signs of a breach and to rotate credentials that may have been affected. 

Other News…

2K Games Warns Users Their Stolen Data Is Now Up For Sale Online 
Hackers Stole Data From US Defense Org Using Impacket, CovalentStealer
Former Uber CSO Convicted Of Covering Up Megabreach Back in 2016
More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID
Malicious OAuth Applications Abuse Cloud Email Services to Spread Spam
Hundreds of Microsoft SQL Servers Backdoored with New Malware
Chase UK's App-only Bank Hit with 24-hour Ongoing Outage

Security Bulletins