Tagged: data breach Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on June 4, 2019 Permalink | Reply
    Tags: data breach, , , , quest diagnostics   

    Giant medical lab bleeds patient information! 

    Medical lab bleeds patient information!

    If you’ve ever had a blood test at your doctor’s office that they had to send to a lab, chances are that they may have sent it to Quest Diagnostics. Quest is one of if not the largest medical testing corporation in the country. Due to the sheer amount of testing and processing that Quest does, they must have their logistics down to a T to be able to handle so many patients. However, recent events have shown that even a well-oiled machine is vulnerable to breakdown.

    Within the past few days, it’s been reported that Quest has had a patient data breach on a massive scale. According to reports, close to 12 million patients have had their personal data exposed due to a billing vendor giving unauthorized access to an unidentified person. This information is said to have included financial information such as credit card numbers, medical information, and personal information. Quest claims that the results of any testing have not been exposed but they have also notified law enforcement of the breach.

    Besides being a PR nightmare for Quest, this could end up being very costly for them as well. Under the Health Insurance Portability and Accountability Act or HIPAA as it’s better known as the government could levy hefty fines against both Quest and their billing vendor for compromising such information. So far the largest HIPAA violation fine has been $5.5 million levied against a hospital that allegedly exposed over 100,000 patients’ information. With Quest and its vendor reportedly exposing the information of 12 million patients we could sadly see a new record being set.

     
  • Geebo 8:00 am on May 2, 2019 Permalink | Reply
    Tags: data breach, ,   

    Data breach exposed most American families 

    Data breach exposed most American families

    This past week, a data breach was discovered that could have put the personal information of 80 million American families at risk. Internet security experts discovered an unprotected database that was hosted in the cloud included names, ages, and genders as well as income levels and marital status. What’s even more concerning is that it’s unknown who the database belongs to. It’s been theorized that it may belong to an insurance or mortgage company.

    Every person in the database is said to be over the age of 40 which could potentially put seniors at risk not only for identity theft but phishing scams as well. There’s no evidence to suggest that cybercriminals accessed the database. However, the information could have been publicly accessible for months. Experts believe that the information provided in the database could also be used to launch ransomware attacks against people listed in the database.

    The server that the database was stored on was a Microsoft cloud server but it’s up to the database’s owner to make sure the database is encrypted. Microsoft has contacted the owner of the database and it has since been removed from public access. With the number of data breaches becoming more frequent every day have we reached a point where we should just expect our data to become exposed?

     
  • Geebo 10:00 am on January 18, 2019 Permalink | Reply
    Tags: Collection #1, data breach,   

    Data breach could potentially expose millions of email accounts 

    Data breach could potentially expose millions of email accounts

    If you’re the type that doesn’t change their online passwords frequently, you may want to change your passwords today. It’s been reported that a massive amount of data known as ‘Collection #1’ has been floating around on the internet for a while and contains 773 million email addresses and 21 million passwords. The list itself is a few years old so if you’ve been using the same password for while you should probably go ahead and start changing your passwords on your online accounts.

    Now you may think that you’ve probably changed your passwords since this data was collected. Well, there’s a reason this data dump has been called Collection #1. THat’s because there is a Collection #2 on the horizon which contains even more recently exposed data from within the past year. Collection #2 is said to have ten times the data that Collection #1 had. While we’re waiting for Collection #2 to hit the internet like a wrecking ball you can check to see if your email account was included in Collection #1 by checking your email address at Have I Been Pwned.

    While you’re changing your passwords there are some good practices that everyone should follow. You should never use the same password for all of your online accounts. If you have trouble remembering all your passwords there are a plethora of secure password managers that will create and remember secure passwords for your accounts. If you are going to manage your own passwords don’t fall into the trap of using the most common passwords. You may think your clever by using ‘password’, ‘qwerty’, and ‘football’ as your passwords but you’re not fooling anyone. Instead, most security experts agree that passwords should contain no dictionary words, contain a mix of uppercase and lowercase letters and numbers and at least one non-alphanumeric symbol.

    If a bad actor were to gain access to your email account they could wreak some fairly damaging havoc to your life since most of your online accounts are probably tied to that email address.

     
  • Geebo 10:12 am on December 17, 2018 Permalink | Reply
    Tags: data breach, , ,   

    Here we go again: Facebook bug exposes millions of accounts 

    Here we go again: Facebook bug exposes millions of accounts

    In what is starting to become an almost weekly event, Facebook announced this past Friday that yet another bug exposed close to 7 million accounts to third-party app developers. The bug was first discovered in September and was active for a few weeks before being corrected. The bug is said to have exposed pictures that users had posted to Facebook but did not give permission for the pictures to be seen by third-parties.

    In the grand scheme of things, this bug is not that big of a security risk as other Facebook data leaks have been in the past year. The pictures that were exposed were only those that were started to be uploaded but for some reason were never posted to the user’s timeline. Or they were photos that were posted to Facebook Marketplace. However, it further shows Facebook’s long-standing disregard not just for user privacy but for Facebook’s own security.

    This was a bug that was discovered back in September after being active for weeks. Why did it take Facebook upwards of three months before informing the public? According to the New York Times, Facebook didn’t notify government officials about the bug until November because they needed to “create a notification page” first. Again, this shows that Facebook is really more concerned about covering their own tails from regulators rather than protecting user privacy.

     
  • Geebo 10:00 am on December 11, 2018 Permalink | Reply
    Tags: data breach, , ,   

    Google+ shutting even earlier due to more massive breach 

    Google+ shutting even earlier due to more massive breach

    If you’ll recall, back in October, Google announced that it would be shuttering its underused social network Google+ in August of 2019 due to a security breach that left 500,000 user accounts vulnerable. This was after the Wall Street Journal discovered a flaw in the comically underused platform. In a world where Facebook is continually exposing millions of accounts to third parties in an almost regular basis, 500,000 users seemed like a thimble of water in the ocean in comparison. Now, a new breach has put Google in very similar company with Facebook.

    During internal testing by Google, it was recently discovered that Google+ had another bug in it that left 100 times the amount of accounts exposed than the last breach. Over 52 million accounts could have been potentially exposed with such information as a user’s name, email address, occupation, and age to third-party developers. Google has stated that there’s no evidence that any of the exposed information was used by bad actors but this latest breach has caused Google to move up the timetable for the demise Google+. Now Google has scheduled the shutdown for April of 2019.

    Besides being in amazement that Google+ actually had that many users at one point, this bug could not have come at a worse time. Maybe Google will be able to weather this storm since Google+ was nowhere near as popular as its competitors but when you add it to the multitudes of other security breaches in similar spaces this could invite even more governmental eyes looking to regulate companies like Google and Facebook. And as we’ve mentioned before, in today’s highly partisan climate it might not be the best time for any kind of sweeping legislative change.

     
  • Geebo 9:22 am on November 2, 2018 Permalink | Reply
    Tags: data breach, ,   

    Your Facebook account and messages could be sold for just ten cents 

    Your Facebook account and messages could be sold for just ten cents

    Ever since the major security breaches happened at Facebook, the social media titan has been trying to assure us that no sensitive user information has fallen into the hands of bad actors. However, it may be just now that we’re starting to see the veracity of those claims. When the accounts of hundreds of millions of users have been exposed, you have to expect at least some fallout from the exposure. Let’s revisit Facebook’s most recent hack that exposed somewhere between 30 and 50 million users.

    Now, the BBC is reporting that the private messages from over 80,000 Facebook accounts are being sold on the open market. While the majority of the accounts belong to users in the Ukraine and Russia, there are US and UK accounts listed among them. The bad actors in possession of this information were trying to sell each account for ten cents a piece. The BBC claims to have verified with some of the exposed users that the messages are in fact genuine. The hackers also claim that the 81,000 accounts are just a small sample of a larger cache that contains 120 million accounts.

    Not surprisingly, Facebook is trying to deflect blame from themselves, instead blaming the compromised accounts on malicious third-party browser extensions. That may be all well and good but when you put the words Facebook and hacked together it’s still Facebook who is going to take a lion’s share of the blame no matter how you look at it. Considering they’ve allowed close to 350 million accounts to be exposed in the past year is laying blame at their feet really that much of a stretch?

     
  • Geebo 9:00 am on October 18, 2018 Permalink | Reply
    Tags: data breach, ,   

    Latest Facebook hack was not politically motivated. The real explanation is worse. 

    Latest Facebook hack was not politically motivated. The real explanation is worse.

    It was back in late September, which was not all that long ago, when it was announced that Facebook was hacked to the tune of 50 million accounts. The hack not only exposed user information but allowed the hackers access to what’s been referred to as ‘access tokens’, which theoretically would allow the hackers to gain access to other platforms which use Facebook as a login. While Facebook is now claiming the number of accounts hacked was closer to 30 million, it was believed the attack was carried out by state-sponsored agents. Now, Facebook is walking back on that claim and the new claim isn’t much better.

    According to yesterday’s report from the Wall Street Journal, brought here via Business Insider, an anonymous Facebook insider has said that the hack was conducted by your run of the mill spam hackers. These hackers are the type who are in it for the money rather than any political ideal. Among some of the information that was taken from Facebook were birthdates, phone numbers, search history of Facebook users.

    In my opinion, it’s worse that Facebook was hacked by a group of spam hackers rather than a foreign power. To me, this means that Facebook’s security is lacking in a basic way since they can’t keep out the hackers who sell your information to email spammers and phone scammers. An attack from a world power can almost be understood against a platform that is as massive as Facebook. However, Facebook’s security should be above nickel and dime attacks like this that are more akin to the stereotypical hacker who lives in their parents’ basement.

    A saying that’s been going around in tech circles lately is that the only safe Facebook account is a deleted Facebook account.

     
  • Geebo 9:00 am on October 9, 2018 Permalink | Reply
    Tags: data breach, , ,   

    Security breach claims Google+ 

    Security breach claims Google+

    Stop me if you’ve heard this one. A major social network run by a major tech corporation exposes a good size chunk of its user data which the company chooses not to disclose until it’s investigated by the media. Normally, you probably wouldn’t be wrong if you thought that this was another story about Facebook but for once you’d be mistaken. This time it’s Google’s failed attempt at a social network known as Google Plus or Google+ as the search engine behemoth has branded it.

    The Wall Street Journal recently uncovered that a flaw in Google+ allowed user data to be exposed for 500,000 users. While this would be a drop in the bucket for Facebook, this is a massive breach for Google+ users. After the Journal report was released, Google almost immediately announced it was shuttering Google+ within the next ten months. So by August of 2019, Google+ will be no more. In a very Facebook-like move. Google reportedly knew of the breach back in Spring of this year but remained silent on it in order to avoid the controversy that Facebook was undergoing after the Cambridge Analytica scandal.

    Now, we can all joke about how barely anyone we know used Google+ but its impending demise shows a greater problem among the tech giants whose services we all use. Whether it’s Facebook, Google, Twitter or whomever, we use their services in exchange for a certain amount of trust that our personal information will be handled with a modicum of responsibility. Many of these companies have betrayed that trust especially in 2018. If these data breaches continue then these companies are just begging for governmental regulation and considering how divisive and partisan the current governmental scene is, it would make it the worst time for any kind of sweeping legislative change.

     
  • Geebo 10:15 am on October 1, 2018 Permalink | Reply
    Tags: data breach, ,   

    Another day, another Facebook leak. 50m users this time. 

    Another day, another Facebook leak. 50m users this time.

    It must be a day ending in Y because once again, a security breach in Facebook has exposed the user information of some 50 million accounts. It was reported this past Friday, that there was a flaw in Facebook security that potentially could have led hackers to have access to these millions of accounts. What makes matters worse with this latest Facebook security breach is that the information could have led to the hijacking of other accounts outside of Facebook.

    The information exposed is called an access token. Access tokens allow you to login to other services using your Facebook account. Facebook is so entrenched in our lives that our Facebook accounts now act as our logins to a multitude of other platforms including those not owned by Facebook. So potentially, not only could your Facebook account have been taken over but most of your online life could have been assumed if you’re that reliant on your Facebook login.

    Facebook has said they have fixed the problem but once again this is Facebook closing the barn door after the horses have already gotten out. The data breaches are becoming so prevalent that we’ve just accepted them as inevitable. Is this really the platform we want to be trusting with our personal information? We share so much on Facebook that even without access bad actors could determine so much about us that they could use to our advantage. With Facebook leaking our information on top of that it shows that we’ve clearly given up on security for convenience.

     
  • Geebo 9:00 am on July 23, 2018 Permalink | Reply
    Tags: Crimson Hexagon, data breach, , ,   

    Facebook is facing yet another privacy problem 

    Facebook is facing yet another privacy problem

    Once again Facebook finds itself embroiled in controversy over the possible abuse of user data. If you’ll recall, Facebook was admonished by both the US and UK governments when it was discovered that analytics firm Cambridge Analytica had improperly obtained the personal data of 87 million Facebook users. Now, Facebook has suspended a research firm from accessing its data over surveillance concerns.

    Over the weekend, Facebook suspended its contract with research and marketing firm Crimson Hexagon. This was in response to a Wall Street Journal article that claims Crimson Hexagon has contracts with entities that have ties to US and Russian government agencies. Facebook has suspended Crimson Hexagon’s access to user data over fears that the data is being used to conduct government surveillance on Facebook users. Crimson Hexagon denies this claim and says they only get their information from public Facebook posts. However, it is a bit disconcerting that Crimson Hexagon has over 1 trillion of these posts in their databases.

    Besides the fact that this may be another case of Facebook being unable to keep track of who has its data, there’s another concern here. Facebook is only reacting to these potential breaches only after its brought to their attention by the media. By the time Facebook becomes aware of the problem, the data is already in questionable hands. Is Facebook not properly vetting these data collectors, or does Facebook just not really care about our privacy as long as they’re being paid for our information? Then again, the Cambridge Analytica scandal didn’t seem to hurt Facebook so it’s unlikely this latest kerfuffle will either. What will it really take before the American public realizes that Facebook’s only interest is in itself?

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel