Security News Round-Up: 19+ Million Records Leaked by Makeup Giant
3 Million Users’ Personal Information Exposed by Mobile Banking App
Dave, a mobile banking app, has experienced a data breach that impacted more than 3 million accounts. According to Bank Info Security, however, no account numbers, transaction records, social security numbers, or credit card numbers were included in the exposure. The data stolen by the hackers were names, birth dates, phone numbers, emails, addresses. So far, there has been no discovery of fraudulent transactions taking place as a result of the incident. The company’s app for mobile only banking has a grand total of 7 million users, the article notes.
19+ Million Records Leaked by Makeup Giant
Major cosmetic brand Avon has become the latest to leak data—this time, over 19 million records. The culprit was yet another unsecured and unencrypted Elasticsearch database, says Info Security Magazine, which allowed for anyone with the IP address to access. The exposure went on for nine days before its discovery on July 12th, the article notes. The database contained a total of 7GB of data including full names, phone numbers, birth dates, addresses, emails, and GPS coordinates all belonging to the brand’s customers and likely employees. Account settings and server technical details were involved as well, Info Security says.
Promo.com Becomes Data Breach Victim
Promo.com, a platform for video creation created by Slidely, has been hit with a data breach caused by a third-party vulnerability. The breach was found on July 21st, says Security Week, and did not involve any financial details. Data affected by the incident includes names (first and last), IP addresses, emails, genders, approximate location, and passwords that were salted, hashed, and encrypted for use on Slidely and Promo.com, the article states. The third-party service has since been removed by the company. In response, the company has hired a cyber-security firm to strengthen security protocols as well as notified users, urging password resets.
Major German Company Infected With Ransomware
Facilities management company Dussmann Group discovered a ransomware infection after attackers began sharing more than 16,000 of the company’s files on the dark web, according to Info Security Magazine. Personal data belonging to Dussmann Group executives was included in the post. Attackers specifically targeted the company’s subsidiary that specifies in refrigeration. So far, the article states, the company has shutdown servers, filed charges, and alerted the data protection authorities as well as the Office of Criminal Investigation. The attack used the Nefilim strain of ransomware and the company’s operational processes in the subsidiary are secured, the article notes.