Data Breaches

api fortress

Twitter Exposes the Phone Numbers of 17 Million Accounts

How State-sponsored Actors May Have Exploited Twitter’s Public Endpoint In our continued push to help companies with APIs realize that 95% of API vulnerabilities are due to human error and not “hacks,” this week, we dive into an issue that Twitter found last December, but is only now reporting. The Twitter API vulnerability is particularly interesting because it didn’t involve a breach.


Wawa Breach: 30 Million Credit Card Details for Sale Online

Hackers are selling the payment card details of more than 30 million Americans and over 1 million foreigners on Joker's Stash, the internets largest payment card forum. This card dump which occurred on Monday was advertised as "BIGBADABOOM-III", but Gemini Advisory found that the card details traced back to Wawa, an East Coast convenience store chain.


Regus Sales Staff Data Leaked via Third Party

Detailed information about the job performance of more than 900 Regus employees was accidentally published online after the co-working space provider conducted a review of its sales staff. Regus owner IWG commissioned the mystery shopping business, Applause, to audit its sales staff through covert filming using "spy pens" fitted with miniature cameras.


Breach Update: Equifax Settles Class-Action Lawsuit for $380.5 Million

A Georgia court granted final approval for a settlement involving Equifax in a class-action lawsuit following the massive 2017 data breach. This week an Atlanta federal judge ruled this week that Equifax will pay $380.5 million to settle lawsuits relating to the 2017 data breach.


Minnesota-Based Hospital Suffers Data Breach

Alomere Health, a Minnesota-based hospital operator, has begun notifying patients of a data breach that impacts more than 49,351 patients. On October 31, 2019, a malicious attacker gained unauthorized access to an employee email account, then hijacked a second account days later on November 6. The details were recently published on the health providers' website.


Waco water bill attack just the latest in a wave of Click2Gov breaches

The City of Waco has warned residents that their online payments for water services may have been intercepted by hackers who stole credit card details. The heart of the problem lies in the third-party online payment software that Waco and several other cities and municipalities use to let residents pay their bills, pay parking fines, as well as make other financial transactions.


Five Reasons Why "Never" Being Breached May Not Be A Good sign

While countless companies have found themselves in the headlines after being breached over the last decade, there are also many companies we never hear about. Why is that? What makes them so unique that they were never successfully breached before? Is it that they have top of the line security technology? Is it that they don't have assets that attackers care about? Or is it that they've just gotten lucky thus far? None of those common misconceptions are likely the true reason.


Facebook and Twitter warn some users' private data was accessed via third-party app SDK

Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts. According to a report by CNBC, users of Android apps that made use of a software development kit (SDK) named oneAudience may have unwittingly shared information such as their email addresses, usernames and recent tweets.