Database Security Digest – March 2018
We present you a quick digest of security news in March 2018.
Orbitz Hack May Have Left 880,000 Credit Card Information Exposed
Expedia Orbitz is one of the largest online travel companies in the world. Recently it has declared that information on almost 880,000 credit card numbers used to book travels have fallen prey to unknown hackers. The hackers might have also stolen names, dates of birth, phone numbers, email addresses of customers who were using the services of the company in 2016-2017. Since this information is in hands of cybercriminals customers are strongly advised to be very careful about any notifications they get regarding their credit cards and immediately report to their issuing banks in case of any suspicious activity.
Data Breach Left Millions of Israeli Kid’s Pictures Exposed to Hacking
Remini is an application that helps preschool teachers to stay in touch with parents. Using the app they can share pictures, videos and personal information about children in their care. However, the app developers forgot about the security of the shared information and, in the result, this information is easily accessible virtually to everyone interested. The Remini database includes about 6 million pictures which are not protected in any way. Also, it contains personal information on more than 100,000 parents. The database was an unsecured Amazon database defined as public.
My FitnessPal, 150 million accounts exposed
MyFitnessPall, a virtual health and wellness assistant boasts of 150 million free accounts. However, hackers have been able to make off with usernames, e-mail addresses and passwords. Details of this, presumably, the largest data breach since the beginning of the year are still to be discovered and investigated. The company is saying that the first intrusion happened in February 2018, but the company hasn’t been aware of it until March 25. Fortunately, hackers were not able to get hold of SSN or payment card data, but that’s only because the company isn’t collecting this information. However, the obtained information can be used for phishing attacks on users and that’s where the real danger lies.
Now MyFitnessPal users need to change their passwords if they’re willing to stay MyFitnessPal’s users, of course.
Databases’ security updatesDB2