ZDNet: T-Mobile bug let anyone see any customer’s account details

ZDNet: T-Mobile bug let anyone see any customer’s account details. “A bug in T-Mobile’s website let anyone access the personal account details of any customer with just their cell phone number. The flaw, since fixed, could have been exploited by anyone who knew where to look — a little-known T-Mobile subdomain that staff use as a customer care portal to access the company’s internal tools. The subdomain — promotool.t-mobile.com, which can be easily found on search engines — contained a hidden API that would return T-Mobile customer data simply by adding the customer’s cell phone number to the end of the web address.”

Ubergizmo: Teen Monitoring App Accidentally Leaks Account Info Of Its Users

Ubergizmo: Teen Monitoring App Accidentally Leaks Account Info Of Its Users. “The app also bills itself as being a ‘secure’ monitoring app, although that seems rather ironic now because according to a report from ZDNet, the app has accidentally leaked thousands of its users’ account information, which includes Apple ID email addresses, the names of the device of its users (which in some cases were the names of the teens), its unique identifier, and even passwords which were stored in plaintext format.”

New Scientist: Huge new Facebook data leak exposed intimate details of 3m users

New Scientist: Huge new Facebook data leak exposed intimate details of 3m users. “Data from millions of Facebook users who used a popular personality app, including their answers to intimate questionnaires, was left exposed online for anyone to access, a New Scientist investigation has found. Academics at the University of Cambridge distributed the data from the personality quiz app myPersonality to hundreds of researchers via a website with insufficient security provisions, which led to it being left vulnerable to access for four years. Gaining access illicitly was relatively easy.”

BuzzFeed: Australia’s Largest Bank Lost The Personal Financial Histories Of 12 Million Customers

BuzzFeed: Australia’s Largest Bank Lost The Personal Financial Histories Of 12 Million Customers. “The Commonwealth Bank lost the personal financial histories of 12 million customers, and chose not to reveal the breach to consumers, in one of the largest financial services privacy breaches ever to occur in Australia. BuzzFeed News can reveal that the nation’s largest bank lost the banking statements for customers from 2004 to 2014 after a subcontractor lost several tape drives containing the financial information in 2016.”

NDTV: Database Safe But There’s A New Leak. 1.3 Lakh Aadhaar, Bank Details Out

NDTV: Database Safe But There’s A New Leak. 1.3 Lakh Aadhaar, Bank Details Out. “The UIDAI, the body that governs Aadhaar, has told the Supreme Court that its database cannot be breached or used to profile citizens. A new data leak suggests that there may be no need for hackers to go that far. Government departments are already using the unique identification number to aggregate data from different departments, complete with the individual’s religion, caste, bank account numbers and their exact location. Still worse, some of them have placed this private information on its websites for anyone to see.”

Gizmodo: John McAfee-Backed Cryptocurrency’s Thousands of Investors Exposed in Data Breach

Gizmodo: John McAfee-Backed Cryptocurrency’s Thousands of Investors Exposed in Data Breach. “A leaky database discovered online contains a wealth of sensitive data belonging to thousands of investors in Bezop cryptocurrency, including photocopies their driver’s licenses and passports, according to a report from Kromtech Security.”

The Register: Oh, baby! Newborn-care website leaves database of medics wide open

The Register: Oh, baby! Newborn-care website leaves database of medics wide open. “A US healthcare company seemingly exposed on the public internet contact information for roughly 10,000 medical professionals. IT pro Brian Wethern said he warned Health Stream nine days ago that one of its now-removed websites had left a database of users out in the open, allowing anyone to slurp the first and last names of medics, and their email addresses and ID numbers. These professionals appear to be connected to Health Stream’s Neonatal Resuscitation Program.”