A Data Breach From Years Ago Is Still Alive Today
TechCrunch reports that the Irish Council for Civil Liberties published a dossier of evidence detailing how the online ad-targeting industry profiles internet users’ intimate characteristics without their knowledge or consent, piling more pressure on Ireland’s Data Protection Commission, the country’s data watchdog, to take enforcement action over what complainants contend is the “biggest data breach of all time.” Read more about how the two-year-old complaint, which cites unlawful exploitation of personal data via the programmatic advertising Real-Time Bidding (RTB)— including dominant RTB systems devised by Google and the Internet Advertising Bureau, remains unresolved.
But In More Recent News…
After receiving a tip, security researcher Bob Diachenko determined that Town Sports International, the parent company of New York Sports Clubs and Christi’s Fitness gyms, exposed loads of customer data. As reported in TechCrunch, Diachenko found that about a year ago, Town Sports International left a server containing almost a terabyte of spreadsheets representing years of internal company data, including financial records and personal customer records, unprotected for almost a year!
And Right Meow…
Hacker News reported that a back-end server associated with Microsoft Bing exposed sensitive data of the search engine’s mobile application users, including search queries, device details, and GPS coordinates, among others. The data leak, discovered by WizCase on September 12, is a massive 6.5TB cache of log files that was left for anyone to access without any password, potentially allowing cybercriminals to leverage the information for carrying out extortion and phishing scams. According to WizCase, the Elastic server is believed to have been password protected until September 10, after which the authentication seems to have been inadvertently removed. In addition, at least two times since July, the server also came under what’s called a “meow attack,” an automated cyberattack that has wiped data from over 14,000 unsecured database instances with no explanation.
DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges. With automated, real-time remediation, DivvyCloud customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology.