Fresh Technology Insights

Tag: Data Breach

A Dutch forum for sex workers and 250,000 of their clients has been hacked

This could get embarrassing for some folks.

Gareth Corfield, writing in The Register »

The forum, named Hookers.nl in an endearingly Dutch way, currently has its user data for sale for just €300 on a cybercriminals’ forum, according to local broadcaster NOS.

“In addition to email addresses, this includes usernames, IP addresses and passwords. The passwords are protected and cannot be cracked just like that, but the email addresses of users are legible,” said the broadcaster, which viewed some of the data itself to verify the data blab.

Although users of the forum tended to sign up with pseudonymous usernames, apparently the email addresses registered to some accounts include real names – for example, johnsmith@gmail.com.

Read more at The Register »

DoorDash data breach compromised 5 million people

Users who joined DoorDash before April 5, 2018 had their name, email, delivery addresses, order history, phone numbers, banking, and credit card details stolen. The breach happened May 4, but the company didn’t reveal why it took them 5 months to discover the breach.

DoorDash would have you believe they are the victim, and blamed an unnamed subcontractor, but shoddy security practices yet again appear to be the root cause, leaving the door wide open for enterprising cybercriminals.

DoorDash, a food delivery company, operates in 4,000 cities, including 92 markets scattered across every Canadian province.

Zack Whittaker at TechCrunch writes »

The news comes almost exactly a year after DoorDash customers complained that their accounts had been hacked. The company at the time denied a data breach and claimed attackers were running credential stuffing attacks, in which hackers take lists of stolen usernames and passwords and try them on other sites that use the same passwords. But many of the customers we spoke to said their passwords were unique to DoorDash, ruling out such an attack.

There’s an important difference with this hack that Cory Doctorow at Boing Boing notes »

Doordash, by its nature, includes the home addresses of people who otherwise avoid disclosing where they live.

People at risk from doxing, swatting, stalking, and other forms of privacy invasion take great pains to keep their home addresses secret, such as renting private mailboxes and having all correspondence and deliveries sent to those addresses.

More » DoorDash, Ars Technica, The Next Web, Android Police, Security Affairs, Security Week, Business Insider, CBC

So far this year, US telecom companies have successfully stopped 70 state bills that would have prevented them from selling your personal data

Motherboard:

Rewind back to March 2017: Congress voted to overturn a yet-to-take-effect Obama-era FCC regulation requiring ISPs to get permission from customers before collecting their data and selling it to advertisers. It was a victory for corporate giants like Comcast and Verizon, who nevertheless assured everyone that they had no intention of selling their customers’ internet histories.

In the wake of that repeal, about half of the country’s states chose not to take the ISPs at their word, and began crafting their own legislation to restore the FCC’s rules within their borders. Washington, DC is the latest example, and the National Conference of State Legislatures shows close to 70 similar bills on state dockets this year. So far, not a single one has passed.

© 2020 Tech Letter

Theme by Anders NorenUp ↑