Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Comcast

A page on Comcast’s Xfinity website exposed customer account information to anyone on that customer’s network. Comcast shut down the API after they were alerted of the leak. To read more: https://www.zdnet.com/article/comcast-fixes-another-xfinity-website-data-leak/

Ticketmaster UK

Ticketmaster UK alerted customers that it had found malicious software on Inbenta, a support-chat tool used to help major websites interact with their customers. Ticketmaster said that a hacker had accessed a small percentage of customers’ data. To read more: https://www.zdnet.com/article/inbenta-blamed-for-ticketmaster-breach-says-other-sites-not-affected/

Gentoo

This Linux distro alerted users that someone had managed to break into the organization’s GitHub account and modified the open-source project’s data. Gentoo does not yet know the extent of the modifications, and is working to regain control of the organization and its repositories. To read more: https://www.theregister.co.uk/2018/06/28/gentoo_linux_github_hacked/

Law-enforcement data

A data breach at an active-shooter training center exposed the personal data of thousands of US law-enforcement officials. To read more: https://www.zdnet.com/article/a-massive-cache-of-law-enforcement-personnel-data-has-leaked/

BetVictor

This popular betting platform left a password list for its back-office systems on its website. The site has since removed the document. To read more: https://www.zdnet.com/article/betting-giant-betvictor-left-a-list-of-internal-passwords-online/

Exactis

This marketing company left two terabytes of sensitive data exposed on the internet. The data included personal information on 230 million consumers and 110 million business contacts. To read more: https://www.tripwire.com/state-of-security/security-data-protection/hitherto-unknown-marketing-firm-exposed-hundreds-of-millions-of-americans-data/

Adidas

Adidas alerted customers who purchased from its website of a data breach. The hackers acquired data including contact information, usernames and encrypted passwords. To read more: https://www.marketwatch.com/story/adidas-warns-about-a-potential-data-breach-2018-06-28

Typeform

This online-survey and form-building service announced a data breach after an attacker downloaded a backup file containing sensitive customer information. To read more: https://www.bleepingcomputer.com/news/security/typeform-announces-breach-after-hacker-grabs-backup-file/

ProtonMail

This secure-email provider faced multiple outages last week due to a wave of DDoS attacks. Researchers tracked the hacking group to Russia. To read more: https://www.bleepingcomputer.com/news/security/protonmail-ddos-attacks-are-a-case-study-of-what-happens-when-you-mock-attackers/

Reported Vulnerabilities

Cisco

Cisco is urging users to install the fix for a recently disclosed denial-of-service flaw affecting many of its security appliances. To read more: https://www.zdnet.com/article/cisco-patch-now-attackers-are-exploiting-asa-dos-flaw-to-take-down-security/

LTE/4G

Researchers published three attacks against the mobile communication standard LTE, a first-generation type of 4G technology. To read more: https://www.bleepingcomputer.com/news/security/security-flaws-disclosed-in-lte-4g-mobile-telephony-standard/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.