Reading Time: ~ 2 min.
Estée Lauder Leaves Massive Database Unprotected
Earlier this week researchers discovered an unsecured database containing over 440 million records belonging to Estee Lauder, a major make-up manufacturer. Though the company has confirmed that no customer data was stored in that database, they are still unsure on how long it was left exposed for and it did contain sensitive company information. Estée Lauder was able to properly secure the database on the same day the initial researcher contacted them.
SoundCloud Account Vulnerabilities Fixed
Researchers have contacted SoundCloud
about vulnerabilities in their platform API that could allow attackers to
illicitly access user accounts. While officials quickly resolved the security
flaws, two additional API flaws had the potential to initiate DDoS attacks or
create fraudulent song statistics by exploiting a specific set of track IDs.
Attackers would have been able to exploit the user ID authentication to test
previously leaked username/password combinations in hopes some victims were
using the same credentials on multiple sites.
Danish Data Leak Exposes 1.3 Million Citizens
Over a period of five years from 2015 to 2020, a bug in the
country’s tax systems has leaked sensitive ID numbers for nearly 1.3 million Danish
citizens. The bug itself displayed the user’s ID number in the URL after
the user made changes in their tax portal, which were then analyzed by both
Google and Adobe. Fortunately, no additional tax or other personal information
was divulged in the leak, which the government was quick to resolve.
Study Reveals Top Brands Used in Phishing Campaigns
After gathering data from nearly 600 million email boxes
over the last year, researchers once again determined that PayPal
was the most impersonated company for phishing attacks in 2019. The data also
revealed that phishing campaigns disguised as PayPal were using an average of
124 unique URLs daily to propagate the malicious content. Many other top
companies used in phishing campaigns in 2019 were financial institutions, as
they are easy troves of consumer information.
Australia Debates Retention Period for Consumer Data
government has just begun debating changes to their current data retention
period, which is currently two years (or significantly longer than any
comparable nation’s policy). Storing data for that length of time can be
extremely dangerous, especially given the rise in data breaches in recent
years. While Australia believes it’s two-year limit to be a good balance, there
is currently no management of who actually has access to the data and several
amendments are introduced to improve the privacy of Australian citizens.