As many as 250 million Microsoft customer records have been exposed, being wide open to anyone with a web browser, and not requiring a password.
Tag: breach
People Data Lab (PDL), a data “enrichment” company, boasts that they have data on 1.5 billion people, almost certainly including you. That data, stored on an Elasticsearch server, was all breached in November.
Sometime in the past few weeks a hacker calling himself Gnosticplayers hacked into Zynga’s Words with Friends database; the Words with Friends hack breached the personal data of more than 218 million Words with Friends players.
Last summer Animoto was the target of a data breach, in their posted-but-not-emailed announcement of the breach Animoto assured users that any compromised passwords had been “hashed and salted”. And yet, blackmail spammers now have full Animoto passwords.
The telephone numbers of as many as 419 million Facebook users have been exposed, it was discovered earlier this week and made public yesterday (September 4, 2019).
If you have a Canva account, you can be forgiven for not knowing that it was breached, as not all, if any, Canva users got a notification from Canva about the breach, even though more than 136million users had their private information compromised. So you may be wondering how to cancel, deactivate, and delete your Canva account.
Microsoft has disclosed, over the weekend, that hackers have hacked into and accessed Microsoft users’ Outlook email, Hotmail email, and MSN email, over the course of several months, ending just last month (March of 2019).
Last year (in fact almost a year ago exactly) we told you about the U.S. Post Office’s new ‘Informed Delivery’ service. For those of you not familiar with the USPS Informed Delivery service, well, count your blessings. Because the postal service has experienced a serious breach, making the personal information of all 60 million plus Informed Delivery vulnerable.
Countless Amazon customers woke up this morning to an email from Amazon telling them that “our website inadvertently disclosed your name and email address due to a technical error.” And, in fact, that’s just about all the email said, other than “the issue has been fixed” and that there is no need for the customer to take any action.
If you were required to re-enter your password in order to log in to Facebook today (28 September 2018), there’s a good reason: Facebook this morning revealed that it had suffered a massive breach, compromising as many as 50 million user accounts.
Reddit experienced a “security incident” in June, which they announced by email this month (August, 2018). While an email to Reddit users says that the hack affected “account credentials from 2007”, the full story paints a substantially broader picture.
Oh, the irony! Identity theft protection service LifeLock has exposed millions of their customers’ email addresses. And according to Krebs on Security, the exploitable vulnerability was so basic that it seems “that whoever put it together lacked a basic understanding of Web site authentication and security”!
In a hack that the New York Times is calling “one of the largest known breaches of a retailer”, Saks 5th Avenue and Lord and Taylor have had the credit card and debit card information of millions of customers compromised by an ongoing hack that lasted for months before it was terminated a few weeks ago.
Last week we started hearing about the Equifax data breach, although Equifax had actually known about the data breach at least a month earlier. (The full text of the Equifax statement about the cybersecurity data breach is reprinted below.) The most stunning thing about this breach is the breadth of it: the Personally Identifiable Information (PII), including names, social security numbers, and driver’s license numbers of 143 million U.S. citizens were exposed in this breach. Here is what you need to do, right now, to protect yourself.
Yahoo today released a statement indicating that a data breach that occurred in 2014 may be the most massive breach yet. Moreover, Yahoo is claiming that they believe that the 2014 breach was “state-sponsored”.