USA Today: ‘Hundreds of millions of people’ may have had their text messages exposed online, researchers say. “A database housing millions of private SMS text messages was left open online for an extended period of time, a team of researchers at the online privacy company vpnMentor said Sunday. The Texas-based text messaging firm TrueDialog is thought to be responsible for the leak, the cybersecurity experts said.”
Wired: 1.2 Billion Records Found Exposed Online in a Single Server. “For well over a decade, identity thieves, phishers, and other online scammers have created a black market of stolen and aggregated consumer data that they used to break into people’s accounts, steal their money, or impersonate them. In October, dark web researcher Vinny Troia found one such trove sitting exposed and easily accessible on an unsecured server, comprising 4 terabytes of personal information—about 1.2 billion records in all.”
BuzzFeed News: Political Operatives Are Faking Voter Outrage With Millions Of Made-Up Comments To Benefit The Rich And Powerful. “A BuzzFeed News investigation — based on an analysis of millions of comments, along with court records, business filings, and interviews with dozens of people — offers a window into how a crucial democratic process was skewed by one of the most prolific uses of political impersonation in US history. In a key part of the puzzle, two little-known firms, Media Bridge and LCX Digital, working on behalf of industry group Broadband for America, misappropriated names and personal information as part of a bid to submit more than 1.5 million statements favorable to their cause.”
The Guardian: Major breach found in biometrics system used by banks, UK police and defence firms. “The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.”
CBS News: CBS News investigation finds fraudulent court orders used to change Google search results. “A Google search can reveal negative information about anyone or any company. Since it’s difficult to change those results, many small businesses are paying thousands to so-called reputation management companies to make negative web pages disappear. Much of the work is legitimate, but a CBS News investigation into online reputation management found some companies hired to clean up Google searches appear to be engaging in criminal activity.”
USA Today: Equifax data breach settlement: How to file a claim for $125 or free credit reporting. “If you were affected by the 2017 Equifax data breach, you can now file a claim for a piece of the settlement. The credit-reporting company has agreed to pay between $575 million and $700 million to settle state and federal investigations related to a massive security incident that exposed the personal information of more than 147 million Americans two years ago.” The site includes a form where you can enter your last name and the last six digits of your social to see if you are entitled to claim. I looked myself up and GUESS WHAT….
Krebs on Security: First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records. “The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.”