Database Security Digest – August 2018
Please take a look at the biggest database security incidents in August 2018.
Largest Hotel Chain Hacked in China
The August of 2018 has seen a massive data breach of customer personal information from a chain of 13 hotels operated by Huanzhu Hotels Group. This incident is believed to be largest in China in five years. A post selling the stolen data appeared on a Chinese dark web forum. According to reports about 130 million hotel guests may have had their personal data hacked. The stolen information contains phone numbers, e-mails, bank account numbers and booking details.
Huanzhu Hotels Group management released an official statement saying that the investigation is under way to understand how all this had happened. The company is operating more than 3,000 hotels in China and is the 12th largest hotel group in the world.
T-Mobile Experienced Data Breach
In August this year the international company T-Mobile released a statement saying that it had experienced a data leak in the result of which hackers managed to get to some personal information. At the moment the number of affected customers is about 2 million. The company claims that no financial data such as SSNs or credit card number has been leaked. The passwords are said to be safe too. However, the hackers were able to get access to such information as names, billing zip code, phone numbers, email addresses, account numbers and account types. The attack came through an API, but no corporate information was hacked. The T-Mobile security team said that the attack came from outside the USA.
Databases’ security updates
Oracle
https://nvd.nist.gov/vuln/detail/CVE-2018-11776https://nvd.nist.gov/vuln/detail/CVE-2017-17305
https://nvd.nist.gov/vuln/detail/CVE-2018-8753
https://nvd.nist.gov/vuln/detail/CVE-2018-3110
https://nvd.nist.gov/vuln/detail/CVE-2018-14526
https://nvd.nist.gov/vuln/detail/CVE-2018-3109
https://nvd.nist.gov/vuln/detail/CVE-2018-3108
https://nvd.nist.gov/vuln/detail/CVE-2018-2933
MS SQL Server
https://nvd.nist.gov/vuln/detail/CVE-2018-8273PostgreSQL
https://nvd.nist.gov/vuln/detail/CVE-2016-8640https://nvd.nist.gov/vuln/detail/CVE-2018-10915
https://nvd.nist.gov/vuln/detail/CVE-2018-10925
https://nvd.nist.gov/vuln/detail/CVE-2016-7048