May 222019
 

Kate Fazzini reports:

Moody’s has just slashed its rating outlook on Equifax, the first time cybersecurity issues have been cited as the reason for a downgrade.

Moody’s lowered Equifax’s outlook from stable to negative on Wednesday, as the credit monitoring company continues to suffer from the massive 2017 breach of consumer data.

“We are treating this with more significance because it is the first time that cyber has been a named factor in an outlook change,” Joe Mielenhausen, a spokesperson for Moody’s, told CNBC. “This is the first time the fallout from a breach has moved the needle enough to contribute to the change.”

Read more on CNBC.

I had uploaded this previously, but if you missed it, here is the United States Senate – PERMANENT SUBCOMMITTEE ON INVESTIGATIONS – Committee on Homeland Security and Governmental Affairs report on the 2017 breach.

May 222019
 

Times Now reports:

The special task force of the Uttar Pradesh police has arrested four persons for allegedly stealing the credit card data of 50,000 users. The victims include both police and army officers some of whom were duped. The accused have been identified as Sanjit alias Sandeep, Baldev, Tapeshwar and and Gajendra, all of whom are residents of Ghaziabad.

The arrests were made by Noida branch of the STF from Diamond Flyover in Ghaziabad on Monday. The accused bought the data from two employees of a private financial services company that handles data of various public sector and private banks.

Read more on TimesNow.

May 222019
 

Catalin Cimpanu reports:

Google today revealed that a bug in an old G Suite tool has resulted in the company storing customer passwords in an unhashed — but encrypted — form for nearly 14 years, between 2005 and 2019.

The company said that only G Suite enterprise customers were impacted, but not regular Gmail accounts.

Read more on ZDNet.

May 212019
 

UpGuard reports:

In the course of performing data leaks investigation on behalf of an UpGuard client, a member of the UpGuard Data Breach Research team discovered publicly accessible information belonging to technology services provider HCL. The public data included personal information and plaintext passwords for new hires, reports on installations of customer infrastructure, and web applications for managing personnel. After notifying HCL, the pages with the sensitive information were made inaccessible, securing the known data exposures.

Read more on  UpGuard.

May 212019
 

Zack Whittaker reports:

A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online.

The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by the hour.

[…]

Security researcher Anurag Sen discovered the database and alerted TechCrunch in an effort to find the owner and get the database secured. We traced the database back to Mumbai-based social media marketing firm Chtrbox, which pays influencers to post sponsored content on their accounts.

Read more on TechCrunch.