BetaNews: 10 billion exposed credentials and where to find them

BetaNews: 10 billion exposed credentials and where to find them. “Researchers at password manager NordPass have identified a total of 9,517 unsecured databases containing 10,463,315,645 entries with such data as emails, passwords, and phone numbers. The databases are found across 20 different countries, with China being at the top of the list — the country has nearly 4,000 exposed databases. This means that potentially more than 2.6 billion users could have had their accounts breached.”

Mashable: Booze delivery app Drizly hit by massive data breach affecting 2.5 million accounts

Mashable: Booze delivery app Drizly hit by massive data breach affecting 2.5 million accounts. “Alcohol delivery app Drizly has been hit with a huge data breach, revealing customers’ email addresses, birthdays, encrypted passwords, and even delivery addresses. You’d hope hackers would at least have the decency to leave our liquor alone amidst this incredibly trying pandemic, but apparently nothing is sacred.”

Bleeping Computer: Dave data breach affects 7.5 million users, leaked on hacker forum

Bleeping Computer: Dave data breach affects 7.5 million users, leaked on hacker forum. “Overdraft protection and cash advance service Dave has suffered a data breach after a database containing 7.5 million user records was sold in an auction and then released later for free on hacker forums. Dave is a fintech company that allows users to link their bank accounts and receive cash advances for upcoming bills to avoid overdraft fees. Subscribers who need extra money to pay a bill can get a payday loan up to $100, but cannot receive another loan until it is repaid. A threat actor released a database containing 7,516,691 users records for free on a hacker forum on Friday.”

New York Times: Major Security Flaws Found in South Korea Quarantine App

New York Times: Major Security Flaws Found in South Korea Quarantine App. “South Korea has been praised for making effective use of digital tools to contain the coronavirus, from emergency phone alerts to aggressive contact tracing based on a variety of data. But one pillar of that strategy, a mobile app that helps enforce quarantines, had serious security flaws that made private information vulnerable to hackers, a software engineer has found.”

BuzzFeed News: Data Collection And State Surveillance Put LGBTQ People At Risk Online And Off

BuzzFeed News: Data Collection And State Surveillance Put LGBTQ People At Risk Online And Off . “A new report outlines the minefield of online threats LGBTQ people have to navigate online, from overt state surveillance to tracking via facial recognition to dating app information that gets shared with data brokers and advertisers. Recorded Future, a cybersecurity company, released a detailed look at what queer communities outside North America have to grapple with. The idea, senior director Maggie McDaniel said, was to better understand where deeper security research is needed.”

European Gaming: Popular Gambling App Exposed Millions of Users in Massive Data Leak

European Gaming: Popular Gambling App Exposed Millions of Users in Massive Data Leak. “Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion. The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world. Aside from leaking activity on the app, the breached database also exposed private user information.”

InfoSecurity: Global Dating App Users Exposed in Multiple Security Snafus

InfoSecurity: Global Dating App Users Exposed in Multiple Security Snafus. “Security researchers have discovered five dating apps in the US and East Asia which are leaking millions of customer records thanks to misconfigured cloud databases. A team from WizCase led by Avishai Efrat explained that the Elasticsearch servers, MongoDB databases and AWS buckets they found were left publicly accessible with no password.”

BetaNews: Facebook admits to yet another shocking example of leaking user data

BetaNews: Facebook admits to yet another shocking example of leaking user data. “Facebook has sneakily used a blog post purportedly about ‘protecting people’s data’ to reveal that it has failed to do precisely that. In a post in its almost ironically titled Privacy Matters series, Facebook admits that it shared private user data with thousands of app developers when it should not have. Two years ago, Facebook implemented a privacy policy that stopped apps that had not been used for 90 days from sharing data with developers, but it turns out that data was in fact still shared.”

Reuters: Google stymies media companies from chipping away at its data dominance

Reuters: Google stymies media companies from chipping away at its data dominance. “Publishers had expected to use data privacy measures going into effect Aug. 15 to bar Google from storing insights about readers, sapping the data advantage that has enabled it to dominate a market filled with advertisers hungry for information to target potential customers. But Google said it will cut off publishers from a lucrative flow of ads if they follow through with curbing its data collection. Negotiations continue, but Google holds greater leverage because it dominates in both advertising tools and access to advertisers within the $100 billion annual global banner ads market.”

InfoSecurity: Online Learning Platform Exposes Data on One Million Students

InfoSecurity: Online Learning Platform Exposes Data on One Million Students. “Researchers from the firm claimed that the Elasticsearch database belonging to provider OneClass was left completely unsecured. The trove contained over 27GB of data, amounting to 8.9 million records, including many students’ full names, email addresses, schools/universities, phone numbers, account details and school enrollment details.”

BuzzFeed News: Almost 17,000 Protesters Had No Idea A Tech Company Was Tracing Their Location

BuzzFeed News: Almost 17,000 Protesters Had No Idea A Tech Company Was Tracing Their Location. “On the weekend of May 29, thousands of people marched, sang, grieved, and chanted, demanding an end to police brutality and the defunding of police departments in the aftermath of the police killings of George Floyd and Breonna Taylor. They marched en masse in cities like Minneapolis, New York, Los Angeles, and Atlanta, empowered by their number and the assumed anonymity of the crowd. And they did so completely unaware that a tech company was using location data harvested from their cellphones to predict their race, age, and gender and where they lived.”

UC Davis: Article 26 Backpack Humanitarian Tool Now Includes Expanded Languages, New Features

UC Davis: Article 26 Backpack Humanitarian Tool Now Includes Expanded Languages, New Features. “UC Davis recently released an updated version of Article 26 Backpack, a digital tool and ecosystem for refugees and other displaced peoples to safely and securely curate, store, and share critical academic and career development documents with universities, possible employers, and agencies.”

ZDNet: Privacy Bee scrubs your personal data from companies to reduce your risk of identity theft

ZDNet: Privacy Bee scrubs your personal data from companies to reduce your risk of identity theft. “Atlanta-based privacy management platform Privacy Bee has released a new service, which can remove users’ data en masse from thousands of databases across the Internet. The service scrubs consumers’ personal information from companies’ databases so it can not be sold or hacked. By limiting the number of places where your personal data is stored, individuals reduce their exposure to data breaches.”

CNET: Facebook sues developer over alleged data scraping abuse

CNET: Facebook sues developer over alleged data scraping abuse. “The social network announced on Thursday that it was filing a lawsuit against Mohammad Zaghar and his website, Massroot8, claiming that the service was grabbing Facebook users’ data without permission. The lawsuit filed in the northern district of California alleged that Zaghar’s website offered its customers the ability to scrape data from their Facebook friends — including their phone numbers, gender, date of birth and email addresses.”

CNN: I tried to delete myself from the internet. Here’s what I learned

CNN: I tried to delete myself from the internet. Here’s what I learned. “As I would learn through my brief, manic campaign in December to scrub as much of my personal data as possible and start the new year with a clean digital slate, it’s hard not to feel like you’re just scratching the surface of an impossibly large data industrial complex. By the end of my experiment, I felt even worse off about my ability to wrestle back control of my data than when I started.”