Dec 142018
 

Zack Whittaker reports:

Popular animated avatar creator app Boomoji, with more than five million users across the world, exposed the personal data of its entire user base after it failed to put passwords on two of its internet-facing databases.


The China-based app developer left the ElasticSearch databases online without passwords — a U.S.-based database for its international customers and a Hong Kong-based database containing mostly Chinese users’ data in an effort to comply with China’s data security laws, which requires Chinese citizens’ data to be located on servers inside the country.


Anyone who knew where to look could access, edit or delete the database using their web browser. And, because the database was listed on Shodan, a search engine for exposed devices and databases, they were easily found with a few keywords.

Read more on TechCrunch.  Reportedly, Boomoji did not provide an accurate answer or explanation when TechCrunch reached out to them, leading TechCrunch to practice skills U.S. journalists are getting a lot of practice at — the art of calling someone a liar.

After TechCrunch reached out, Boomoji pulled the two databases offline. “These two accounts were made by us for testing purposes,” said an unnamed Boomoji spokesperson in an email.

But that isn’t true.

Read the rest of Zack’s report to find out how they proved that Boomoji’s assertion wasn’t accurate. 

Dec 142018
 

Jasper Lindell reports:

ActewAGL has confirmed 400 electricity, gas and water customers have received bundles of bills addressed to other utility customers in a massive privacy breach affecting 6000 customers in the ACT and NSW.


ActewAGL notified the Privacy Commissioner of the breach after it became aware of the mistake on Wednesday and had set up a taskforce by Friday afternoon to respond to affected customers.

Read more on Canberra Times.

Dec 142018
 

Hilary Bird reports:

An N.W.T man says he found hundreds of confidential medical records at the Fort Simpson dump.


The documents contain detailed information about patients’ mental health and history of drug use, including applications to addictions treatment facilities, progress reports from those facilities, and detailed notes from one-on-one counselling sessions.


The documents, many of which were on N.W.T. government letterhead, also included social insurance, treaty and health card numbers.

Read more on CBC.ca.

Dec 132018
 

Sergiu Gatlan reports:

According to the Ministry’s public statement, the hackers managed to get their hands on the names, phone numbers, and email addresses of all people who had an account on the French Ariane emergency contact database. 

The platform is used by the French Ministry of Europe and Foreign Affairs to allow citizens traveling abroad to received security updates in case of emergency. 

“Personal data recorded during registration on the Ariane platform have been stolen,” says the Ministry’s statement

Read more on Softpedia.

Dec 132018
 

YLE reports:

The head of the Finnish Transport Safety Agency Mia Nykopp has resigned after a privacy breach that allowed details about every driver in the country to be easily accessible online

[…]

Since July it has been possible to view details of every driver’s license online, and to check if they have a valid license. Trafi shut down the service on Sunday.

Read more on YLE.