The Register: Indonesian authorities probe million-record leak from national COVID app

The Register: Indonesian authorities probe million-record leak from national COVID app. “Indonesia’s Ministry of Communications and Informatics is investigating a leak of over a million records from the nation’s COVID-19 quarantine management app. News of the leak was revealed on August 30th by security review site vpnMentor, which wrote that its research team discovered exposed databases generated by eHAC, an app that is mandatory for use by travellers moving into and out of Indonesia, or within its borders.”

Wired: 38M Records Were Exposed Online—Including Contact-Tracing Info

Wired: 38M Records Were Exposed Online—Including Contact-Tracing Info. “MORE THAN A thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases. The data included a range of sensitive information, from people’s phone numbers and home addresses to social security numbers and Covid-19 vaccination status.”

Business Insider: T-Mobile customers file class action lawsuits as investigation finds 53 million affected by data breach

Business Insider: T-Mobile customers file class action lawsuits as investigation finds 53 million affected by data breach. “The number of users whose personal information might have been compromised in a recent cyber attack of T-Mobile has climbed to 53 million, as the telecommunication company is hit by a pair of class-action lawsuits. T-Mobile announced Friday it had discovered that another 5.3 million current customers and 667,000 former customers also had their information stolen.”

Bleeping Computer: Ford bug exposed customer and employee records from internal systems

Bleeping Computer: Ford bug exposed customer and employee records from internal systems. “A bug on Ford Motor Company’s website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets, etc. The data exposure stemmed from a misconfigured instance of Pega Infinity customer engagement system running on Ford’s servers.”

Infosecurity Magazine: Over 60 Million Americans Exposed Through Misconfigured Database

Infosecurity Magazine: Over 60 Million Americans Exposed Through Misconfigured Database. “Security researchers have discovered an online database completely unsecured and exposed to the public internet, containing the personal details of at least 63 million Americans. A team at vpnMentor led by Ran Locar and Noam Rotem found the Elasticsearch database wide open during a ‘routine research project.’”

TechCrunch: An internal code repo used by New York State’s IT office was exposed online

TechCrunch: An internal code repo used by New York State’s IT office was exposed online. “A code repository used by the New York state government’s IT department was left exposed on the internet, allowing anyone to access the projects inside, some of which contained secret keys and passwords associated with state government systems. The exposed GitLab server was discovered on Saturday by Dubai-based SpiderSilk, a cybersecurity company credited with discovering data spills at Samsung, Clearview AI and MoviePass.”

Exclusive: Hacker reveals smart meters are spilling secrets about the Texas snowstorm (Daily Dot)

Daily Dot: Exclusive: Hacker reveals smart meters are spilling secrets about the Texas snowstorm. “Power companies across Texas have refused to disclose which areas of the state were exempt from controlled blackouts after a devastating snowstorm crippled the power grid in February—but one hacker has found that smart meters, the electrical devices on the sides of homes and businesses that monitor energy consumption, are quietly broadcasting data that could be used to determine what infrastructure may have been protected.”

ZDNet: Over a billion records belonging to CVS Health exposed online

ZDNet: Over a billion records belonging to CVS Health exposed online. “On Thursday, WebsitePlanet, together with researcher Jeremiah Fowler, revealed the discovery of an online database belonging to CVS Health. The database was not password-protected and had no form of authentication in place to prevent unauthorized entry. Upon examination of the database, the team found over one billion records that were connected to the US healthcare and pharmaceutical giant, which owns brands including CVS Pharmacy and Aetna.”

WICZ: Wegmans Notifies Customers Of Database Security Breach

WICZ: Wegmans Notifies Customers Of Database Security Breach. “Wegmans says they were notified of the issue by a third-party security researcher in mid-April. The company says the database contains customer phone numbers, addresses, email addresses, Shopper’s Club Card numbers, and passwords to Wegmans.com. However, Wegmans says all passwords were encrypted, so the actual characters for the passwords were not involved.”

Business Insider: 533 million Facebook users’ phone numbers and personal data have been leaked online

Business Insider: 533 million Facebook users’ phone numbers and personal data have been leaked online. “A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”