![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
We need more data breech news!
Nov. 15th, 2020 12:30 pmLive in Texas? Have a driver's license? Think the information is held securely?
BWAHAHAHAHA!
A contractor for the state motor vehicle department, Vertafore, said "the data was exposed between March and August and affected licenses issued before February 2019.
Exposed data included driver’s license numbers, addresses, dates of birth and vehicle registration history, according to the company. The group said that no Social Security numbers or financial account information were compromised.
The breach happened after three files were accessed by an unauthorized user after the files were “inadvertently stored in an unsecured external storage service,” Vertafore said in its statement."
"An unsecured external storage device" means they probably put it in an Amazon Cloud or something similar and didn't secure it properly. Because security is hard!
THEN DON'T PUT IT SOMEWHERE THAT YOU DON'T KNOW HOW TO EFFING SECURE PROPERLY!
Oh, but they're going to pay for data monitoring and "identity restoration services", whatever the heck that is. Thoughts and prayers, people, thoughts and prayers.
https://thehill.com/policy/cybersecurity/525923-data-breach-of-software-vendor-exposes-almost-28-million-texas-drivers
https://news.slashdot.org/story/20/11/15/0638241/data-breach-exposes-27-million-texas-drivers-license-records
This next one is a doozy, and definitely involves a misconfigured Amazon storage bucket. Now, Amazon is not to blame: they're selling you a service, YOU are responsible for securing it. It's like people not changing the combination on their brief case or luggage.
Anyway, there's this company that works with major, MAJOR, online hotel/travel reservation systems, like Expedia. Specifically Expedia and others. And 10 MILLION FILES were exposed. Not records of people or reservations. FILES. As in collections of records. So we don't know how many people are affected. August 2020 - by itself! - contained 180,000 records. During the COVID slower travel period!
The company in question, Prestige, is in a whole heap o' trouble, because credit card data was leaked, but also because they fall under the European GDPR regulations. It's quite possible that they're going to be fined out of existence. And because they did not secure their credit card information, they could be stripped of their ability to process credit cards, which would nullify their cashflow. Once they were notified about this exposure, they contacted Amazon and the naked storage bucket was immediately secured.
Here's what was exposed: "The records contain a raft of information, Website Planet said, including full names, email addresses, national ID numbers and phone numbers of hotel guests; card numbers, cardholder names, CVVs and expiration dates; and reservation details, such as the total cost of hotel reservations, reservation number, dates of a stay, special requests made by guests, number of people, guest names and more.
The exposure affects a wide number of platforms, with data related to reservations made through Amadeus, Booking.com, Expedia, Hotels.com, Hotelbeds, Omnibees, Sabre and more."
Have you made an online booking since 2013? Your data may have been in there. I know I'm a likely unwilling participant.
Here's some ways that the information could be used against us: "Hotel guests affected could be the targets of a wide range of attacks, from identity theft and phishing to someone hijacking their vacations, researchers said. For instance, they pointed out that cybercriminals could use details of hotel stays to create convincing scams and target wealthy individuals who have stayed at expensive hotels. And if any hotel stays revealed embarrassing or compromising info about a person’s life, it could be used to blackmail and extort them."
https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/
https://it.slashdot.org/story/20/11/15/0422207/credit-card-numbers-for-millions-of-hotel-guests-exposed-by-misconfigured-cloud-database
BWAHAHAHAHA!
A contractor for the state motor vehicle department, Vertafore, said "the data was exposed between March and August and affected licenses issued before February 2019.
Exposed data included driver’s license numbers, addresses, dates of birth and vehicle registration history, according to the company. The group said that no Social Security numbers or financial account information were compromised.
The breach happened after three files were accessed by an unauthorized user after the files were “inadvertently stored in an unsecured external storage service,” Vertafore said in its statement."
"An unsecured external storage device" means they probably put it in an Amazon Cloud or something similar and didn't secure it properly. Because security is hard!
THEN DON'T PUT IT SOMEWHERE THAT YOU DON'T KNOW HOW TO EFFING SECURE PROPERLY!
Oh, but they're going to pay for data monitoring and "identity restoration services", whatever the heck that is. Thoughts and prayers, people, thoughts and prayers.
https://thehill.com/policy/cybersecurity/525923-data-breach-of-software-vendor-exposes-almost-28-million-texas-drivers
https://news.slashdot.org/story/20/11/15/0638241/data-breach-exposes-27-million-texas-drivers-license-records
This next one is a doozy, and definitely involves a misconfigured Amazon storage bucket. Now, Amazon is not to blame: they're selling you a service, YOU are responsible for securing it. It's like people not changing the combination on their brief case or luggage.
Anyway, there's this company that works with major, MAJOR, online hotel/travel reservation systems, like Expedia. Specifically Expedia and others. And 10 MILLION FILES were exposed. Not records of people or reservations. FILES. As in collections of records. So we don't know how many people are affected. August 2020 - by itself! - contained 180,000 records. During the COVID slower travel period!
The company in question, Prestige, is in a whole heap o' trouble, because credit card data was leaked, but also because they fall under the European GDPR regulations. It's quite possible that they're going to be fined out of existence. And because they did not secure their credit card information, they could be stripped of their ability to process credit cards, which would nullify their cashflow. Once they were notified about this exposure, they contacted Amazon and the naked storage bucket was immediately secured.
Here's what was exposed: "The records contain a raft of information, Website Planet said, including full names, email addresses, national ID numbers and phone numbers of hotel guests; card numbers, cardholder names, CVVs and expiration dates; and reservation details, such as the total cost of hotel reservations, reservation number, dates of a stay, special requests made by guests, number of people, guest names and more.
The exposure affects a wide number of platforms, with data related to reservations made through Amadeus, Booking.com, Expedia, Hotels.com, Hotelbeds, Omnibees, Sabre and more."
Have you made an online booking since 2013? Your data may have been in there. I know I'm a likely unwilling participant.
Here's some ways that the information could be used against us: "Hotel guests affected could be the targets of a wide range of attacks, from identity theft and phishing to someone hijacking their vacations, researchers said. For instance, they pointed out that cybercriminals could use details of hotel stays to create convincing scams and target wealthy individuals who have stayed at expensive hotels. And if any hotel stays revealed embarrassing or compromising info about a person’s life, it could be used to blackmail and extort them."
https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/
https://it.slashdot.org/story/20/11/15/0422207/credit-card-numbers-for-millions-of-hotel-guests-exposed-by-misconfigured-cloud-database
