TechCrunch: MoviePass exposed thousands of unencrypted customer card numbers. “Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk, found an exposed database on one of the company’s many subdomains. The database was massive, containing 161 million records at the time of writing and growing in real time. Many of the records were normal computer-generated logging messages used to ensure the running of the service — but many also included sensitive user information, such as MoviePass customer card numbers.”
security
Neowin: Mozilla and Google stop Kazakh government from intercepting traffic
Neowin: Mozilla and Google stop Kazakh government from intercepting traffic. “Mozilla has announced that it, and Google, have deployed technical solutions within Firefox and Chrome to stop the Kazakh government from intercepting internet traffic inside the country. According to Censored Planet, the government in Kazakhstan began using a fake root CA certificate to intercept HTTPS connections.”
New York Times: Facebook’s New Tool Lets You See Which Apps and Websites Tracked You
New York Times: Facebook’s New Tool Lets You See Which Apps and Websites Tracked You. “The company introduced a new tool that lets people better see and control the information that Facebook has gathered about their browsing habits outside the social network. The tool, Off-Facebook Activity, allows users to view the hundreds of sites and apps that share data and customer information with Facebook. They can then erase the data it they want.” Not available in the US yet, unfortunately, but if you’re in Ireland, South Korea, or Spain, you’re in luck.
CNET: Instagram will pay researchers to uncover abuse of users’ personal data
CNET: Instagram will pay researchers to uncover abuse of users’ personal data. “Instagram will pay a bounty to security researchers who find evidence that third-party apps are misusing your personal data. The program aims to encourage experts outside of Instagram and its parent company Facebook to tackle a major problem the social network faces: apps that scrape user data or try to trick you into sharing passwords and other sensitive information.”
Billions of records exposed: 2019 on track to be worst year ever for data breaches (USA Today)
USA Today: Billions of records exposed: 2019 on track to be worst year ever for data breaches . “The number of data breaches resulting in exposed records is up by 54% year over year in the first half of 2019, and the number of records exposed in those breaches is up by 52%. More than 3,800 data breaches were reported in the first six months of this year, and just eight of those exposed more than 3.2 billion records, nearly 80% of all records exposed so far in 2019.”
TechCrunch: An anonymous hentai porn site exposed over a million users’ emails
TechCrunch: An anonymous hentai porn site exposed over a million users’ emails. “A popular hentai porn site that promises anonymity to its 1.1 million users left a user database exposed without a password, allowing anyone to identify users by their email addresses. You might not have heard of Luscious.net unless you’re into hentai and manga porn but it’s one of the most popular websites in the U.S., ranking in the top 5,000 sites in traffic, per Alexa data.”
Motherboard: Hacker Releases First Public Jailbreak for Up-to-Date iPhones in Years
Motherboard: Hacker Releases First Public Jailbreak for Up-to-Date iPhones in Years. “Apple has mistakenly made it a bit easier to hack iPhone users who are on the latest version of its mobile operating system iOS by unpatching a vulnerability it had already fixed. Hackers quickly jumped on this over the weekend, and publicly released a jailbreak for current, up-to-date iPhones—the first free public jailbreak for a fully updated iPhone that’s been released in years.”
