Engadget: The IRS says it accidentally exposed confidential information involving 120,000 taxpayers

Engadget: The IRS says it accidentally exposed confidential information involving 120,000 taxpayers. “Around 120,000 taxpayers who filed a Form 990-T will be hearing from the IRS in the coming weeks, telling them that the agency inadvertently exposed their information on its website. Exempted organizations, including charities and religious groups, with unrelated business income are required to file Form 990-T. As The Wall Street Journal notes, though, people with individual retirement accounts invested in assets that generate income, such as real estate, are also required to file the form.”

TechCrunch: A huge Chinese database of faces and vehicle license plates spilled online

TechCrunch: A huge Chinese database of faces and vehicle license plates spilled online. “While its contents might seem unremarkable for China, where facial recognition is routine and state surveillance is ubiquitous, the sheer size of the exposed database is staggering. At its peak the database held over 800 million records, representing one of the biggest known data security lapses of the year by scale, second to a massive data leak of 1 billion records from a Shanghai police database in June. In both cases, the data was likely exposed inadvertently and as a result of human error.”

Bleeping Computer: Misconfigured Meta Pixel exposed healthcare data of 1.3M patients

Bleeping Computer: Misconfigured Meta Pixel exposed healthcare data of 1.3M patients. “U.S. healthcare provider Novant Health has disclosed a data breach impacting 1,362,296 individuals who have had their sensitive information mistakenly collected by the Meta Pixel ad tracking script. Meta Pixel (formerly Facebook Pixel) is a JavaScript tracking script that Facebook advertisers can add to their site to track advertising performance.”

Krebs on Security: A Retrospective on the 2015 Ashley Madison Breach

Krebs on Security: A Retrospective on the 2015 Ashley Madison Breach. “The leak led to the public shaming and extortion of many Ashley Madison users, and to at least two suicides. To date, little is publicly known about the perpetrators or the true motivation for the attack. But a recent review of Ashley Madison mentions across Russian cybercrime forums and far-right websites in the months leading up to the hack revealed some previously unreported details that may deserve further scrutiny.”

EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed (Daily Dot)

Daily Dot: EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed. “After the Daily Dot set up a test account on the platform, GeopJr was able to change the account’s private email address, username, and profile picture. GeopJr was also able to edit a public post made by the Daily Dot and change its wording. Other data such as the site’s backups could be downloaded or deleted. GeopJr was able to give away $15 per month subscriptions to Unjected as well as reply to and delete help center tickets and reported posts.”

SecurityWeek: Scanning Finds Over 3.6 Million Internet-Accessible MySQL Servers

SecurityWeek: Scanning Finds Over 3.6 Million Internet-Accessible MySQL Servers. “The Shadowserver Foundation warns of the security risk associated with more than 3.6 million internet-exposed MySQL servers that accept connections on port 3306/TCP. While scanning the internet for accessible MySQL servers, the organization’s researchers identified a total population of roughly 5.4 million IPv4 and IPv6 instances on port 3306/TCP, but say that only two-thirds of these appear to accept a connection.”

World Trademark Review: USPTO inadvertently makes applicant emails public, responds to community concern

World Trademark Review: USPTO inadvertently makes applicant emails public, responds to community concern. “Trademark practitioners reacted with concern to the discovery that, on 24 May, the USPTO made the private email addresses of up to 21,000 applicants publicly available in its Trademark Status & Document Retrieval (TSDR) system. The USPTO has subsequently confirmed that it is taking measures to address the issue and prevent it from happening again.”

KXAN: Almost 2 million Texans affected by Texas Department of Insurance data breach

KXAN: Almost 2 million Texans affected by Texas Department of Insurance data breach. “The department said the personal information of 1.8 million workers who have filed compensation claims — including Social Security numbers, addresses, dates of birth, phone numbers and information about workers’ injuries — was accessible online to members of the public from March 2019 to January 2022.”

Redis, MongoDB, and Elastic: 2022’s top exposed databases (Bleeping Computer)

Bleeping Computer: Redis, MongoDB, and Elastic: 2022’s top exposed databases. “Security researchers have noticed an increase in the number of databases publicly exposed to the Internet, with 308,000 identified in 2021. The growth continued quarter over quarter, peaking in the first months of this year. In the first quarter of 2022, the amount of exposed databases peaked to 91,200 instances, researchers at threat intelligence and research company Group-IB say in a report shared with BleepingComputer.”

Vox: Companies lose your data and then nothing happens

Vox: Companies lose your data and then nothing happens. “There’s a simple reason companies collect so much of our data — money — but why they get to collect so much, keep it, and monetize it is more complicated. There are some laws around data privacy and security, but they’re scattershot and generally handled state by state, and they could be better. Companies keep screwing up with our data, and there are no good answers on what to do about it.”

SiliconANGLE: Fox News database with 13M records found exposed online

SiliconANGLE: Fox News database with 13M records found exposed online. “Security researcher Jeremiah Flower and the Website Planet research team discovered that the exposed database included about 58 gigabytes of data in just short of 13 million records. The records included Fox News content, storage information, internal Fox emails, usernames, employee ID numbers, affiliate station information and more. One folder is said to have contained 65,000 names of celebrities, cast and production crew members and their internal Fox identification reference numbers.”