Security News

A technical SNAFU shut down the UK's Royal Mail Click and Drop website on Tuesday after a security "Issue" allowed some customers to see others' order information. The data leak started around 13:00 GMT, and according to an alert posted on Click and Drop's status page, Royal Mail shut down the website about an hour later.

"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.

Microsoft has confirmed a data leak linked to a misconfigured server for a cloud storage service but is disputing the extent of the problem.In a revelation this week, Microsoft's Security Response Center said the cloud provider was notified by threat intelligence firm SOCRadar on September 24 about the misconfigured endpoint that exposed business transaction data related to interactions between Microsoft and customers.

Identities of secret agents working for the Australian Federal Police have been exposed after hackers leaked documents stolen from the Colombian government. The leak comes from a hacktivist group called Guacamaya and includes more than five terabytes of classified data, including emails, documents, and methods AFP agents were using to stop drug cartels from running their business in Australia.

Toyota Motor Corporation is warning that customers' personal information may have been exposed after an access key was publicly available on GitHub for almost five years. Toyota discovered recently that a portion of the T-Connect site source code was mistakenly published on GitHub and contained an access key to the data server that stored customer email addresses and management numbers.

Hotel chain Shangri-La Group has admitted to its systems being attacked, and personal data describing guests accessed by unknown parties, over a timeframe that includes the dates on which a high-level international defence conference was staged at one of its Singapore properties. "Shangri-La Group recently discovered unauthorized activities on our IT network," states a notice from the chain that goes on to reveal that "Between May and July 2022, a sophisticated threat actor managed to bypass Shangri-La's IT security monitoring systems undetected, and illegally accessed. guest databases".

On Friday, the IRS disclosed that in addition to sharing Form 990-T data for charities, they also accidentally included data for taxpayers' IRAs that was not meant to be public. "The IRS recently discovered that some machine-readable Form 990-T data made available for bulk download section on the Tax Exempt Organization Search should not have been made public," the IRS disclosed on Friday.

The popularity of stolen data bazaar BreachForums surged after it was used to sell a giant database of stolen information describing Chinese citizens, threat intelligence firm Cybersixgill said on Thursday. The number of leaks posted on BreachForums increased - from an average of 14 a month to 52 per month - following the posting of the infamous billion-record Shanghai National Police database in early July, reported Cybersixgill.

An Indian flight booking website majority-owned by US retail colossus Walmart has experienced a data breach, but is saying very little about what happened or the risks to customers. Cleartrip would you mind telling us when the breach happened? pic.

Senior execs from Alibaba Cloud were summoned to discuss the data leak that saw information pertaining to a billion Chinese citizens sold on the dark web, according to Nikkei and The Wall Street Journal. The Shanghai Police leak is believed to be the biggest data breach ever.