Security News

Hackers have slurped biz comms customers' data from a database run by one of O2's largest UK partners. In an email sent to its customers, the partner, Aerial Direct, said that an unauthorised third party had been able to access customer data on 26 February through an external backup database, which included personal information on both current and expired subscribers from the last six years.

IDERA, a provider of powerful database productivity tools, announced an expanded portfolio of cloud-based database and workload management solutions for SQL Server. SQL Inventory Manager to automatically discover, track, and manage SQL Server inventory and perform health checks, including SQL Server in the cloud.

Whisper, a mobile app for sharing those thoughts you'd rather not make public, turns out to be better at sharing secrets than keeping them, spilling a whopping 90 metadata fields associated with users in an exposed database. In a phone interview with The Register, Dan Ehrlich, security consultant with Twelve Security, said colleague Matt Porter had spotted the unprotected Whisper ElasticSearch database.

A former acting inspector general of U.S. Department of Homeland Security and another government official have been indicted for allegedly stealing DHS proprietary software and databases and then attempting to resell the technology back to the government, according to the Justice Department. In their indictment, federal prosecutors allege that between October 2014 and April 2017, Edwards, Venkata and other unnamed co-conspirators began attempting to steal proprietary software used by the DHS Office of Inspector General as well as a database that contained the personally identifiable information of DHS and U.S. Postal Service employees.

UK ISP and telecom provider Virgin Media has confirmed on Thursday that one of its unsecured marketing databases had been accessed by on at least one occasion without permission. Comparitech revealed that, in January, its security research team discovered a similarly unsecured and exposed database with 200 million records containing a wide range of property-related data on US residents.

The UK's Information Commissioner's Office said on Wednesday that it's fined Cathay Pacific Airways £500,000 for failing to secure passengers' personal details, leading to malware being installed on its server that harvested millions of people's names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information. Once it found that its database had been rifled through in 2018, Cathay Pacific hired a cybersecurity firm and subsequently reported the incident to the ICO. Investigations found that the airline lacked appropriate security to secure customers' data from October 2014 to May 2018.

Virgin Media, one of the UK's biggest ISPs, on Thursday admitted it accidentally spilled 900,000 of its subscribers' personal information onto the internet via a poorly secured database. In a separate email to subscribers, shared with El Reg by dozens of readers, the telco expanded: "The database was used to manage information about our existing and potential customers in relation to some of our marketing activities. This included: contact details, technical and product information, including any requests you may have made to us using forms on our website. In a very small number of cases, it included date of birth."

Virgin Media, one of the UK's biggest ISPs, on Thursday admitted it accidentally spilled 900,000 of its subscribers' personal information onto the internet via a poorly secured database. In a separate email to subscribers, shared with El Reg by dozens of readers, the telco expanded: "The database was used to manage information about our existing and potential customers in relation to some of our marketing activities. This included: contact details, technical and product information, including any requests you may have made to us using forms on our website. In a very small number of cases, it included date of birth."

More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. According to security firm Comparitech, the database, which was hosted on Google Cloud, is said to have been first indexed by search engine BinaryEdge on 26th January and discovered a day later by cybersecurity researcher Bob Diachenko.

More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. According to security firm Comparitech, the database, which was hosted on Google Cloud, is said to have been first indexed by search engine BinaryEdge on 26th January and discovered a day later by cybersecurity researcher Bob Diachenko.