September 27, 2022

Shiba Inu Cloud Credentials Leaked In A Major Security Breach

September 8, 2022

Researchers at Pingsafe found leaked AWS credentials belonging to cryptocurrency Shiba Inu. The leaked AWS keys were posted in a commit to Shiba’s public Github repo by one of Shiba’s developers and were valid for two days. Having leaked AWS credentials opens the user to a large range of issues, as if they are abused the AWS account can be fully accessed.

Data Security Perspective: Leaked developer secrets can open an organization to a host of issues, including abuse by threat actors. Users should ensure credentials are not committed to public repositories or hard coded into applications. 

TikTok Denies Security Breach After Hackers Leak User Data, Source Code

September 5, 2022

Social media company TikTok denies that the company has suffered a large breach. Hacking group “AgainstTheWest” posted on a hacking forum claims of TikTok and WeChat being breached using  screenshots of databases as evidence. The database includes over 2 billion records, including 790GB of user data, source code, authentication tokens, and server information. TikTok claims the data does not belong to TikTok however, some researchers have analyzed the data and believe it is legitimate.

Data Security Perspective: Organizations need to ensure they have secure practices in place, especially when dealing with user and customer information. 

Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information

September 1, 2022

In a report by Symantec’s Threat Intelligence team, the group identified that over three-quarters of the applications they analyzed contained AWS keys. Out of 1,859 analyzed apps which included Android and iOS, 77% contained valid AWS access tokens to private AWS cloud services, with 98% of the apps containing AWS tokens being iOS applications. The exposure of keys is mainly coming from vulnerable libraries that provide full access to the cloud account, as opposed to for singular files. 

Data Security Perspective: Exposed credentials are an ever-growing concern for applications, either from developers accidentally exposing credentials or, as this story highlights, the problem of third parties leaking credentials. Users need to ensure credentials are not hardcoded into applications, especially if the keys have full access permissions. 

Manx Care Faces £170k Fine Over Patient Data Breach

August 18, 2022

Manx Care, the healthcare provider of the Isle of Man is facing a £170k fine if they don’t implement measures to protect patient data. The penalty is the result of a breach that occurred last year when Manx Care sent an email containing a patient’s confidential data to 1,870 recipients. The fine will go into place if security measures are not taken out by the end of the year. 

Data Security Perspective: Organizations dealing with sensitive information, especially health data, need to make sure to have practices in place to prevent any kind of breach or exposure of that data. This story highlights how high the fines can be for health data exposure, even if it is the data of one person. 

DoorDash Discloses New Data Breach Tied To Twilio Hackers

August 26, 2022

https://www.bleepingcomputer.com/news/security/doordash-discloses-new-data-breach-tied-to-twilio-hackers/

Food delivery service DoorDash has disclosed a data breach that exposed customer and employee data. The company announced that a threat actor used stolen credentials from a third-party to gain access to their systems. The third party appears to be Twilio, who recently suffered a large data breach. The data includes email addresses, delivery addresses, names, and phone numbers with some affected customers having order and partial credit card information exposed. 

Data Security Perspective: This story highlights the issue of third-party data breaches, with one data breach leading to many other follow-on data breaches. Affected customers should be vigilant against phishing attacks that may try to use their personal information. 

Other News…

Customers' Data Of This Cloud Platform Is Exposed

Security Breaks: TeamTNT’s DockerHub Credentials Leak

U-Haul Discloses Data Breach Exposing Customer Driver Licenses

LastPass Discloses Data Breach

49ers Data Breach May Have Exposed More Than 20,000 People to ID Theft, Documents Say

Samsung Confirms Data Breach, Personal Customer Data Stolen

Data Breach Takes Down IHG Hotel Group Booking System, Impacting Holiday Inn, Kimpton And More

DaVita Inc. Confirms Recent Data Breach Leaked SSNs and Health Information

Indonesia Investigating Alleged Data Breaches at State-owned Firms

Cloud Security Bulletins

AWS