Data Breach













        Data breach may affect 50,000 Australian university students using 'Get' app. The personal details of an
        estimated 50,000 students involved in university clubs and societies around Australia may have been exposed
        online, in the second breach of its kind for the company holding the data. Get, previously known as Qnect, is
        an app built for university societies and clubs to facilitate payments for events and merchandise. The app
        operates in four countries with 159,000 active student users, and 453 clubs using it. A user on Reddit reported
        over the weekend that after looking up their own club they were able to get access to other users’ data,
        including name, email, date of birth, Facebook ID and phone numbers, through the company’s search function,
        API.
                Source:  https://www.theguardian.com/education/2019/sep/10/data-breach-may-affect-50000-
                australian-university-students-using-get-app



        Vulnerabilities Exposed 2 Million Verizon Customer Contracts. UK-based researcher Daley Bee was analyzing
        Verizon Wireless systems when he came across a subdomain that appeared to be used by the company’s
        employees to access internal point-of-sale tools and view customer information. Further analysis led to the
        discovery of a URL pointing to PDF format contracts for Verizon Wireless customers who used the company’s
        monthly installment program to pay for their devices. While authentication was needed to access the files, the
        expert initially managed to access one contract, linked to a specific phone number and contract number, after
        brute-forcing the URL’s GET parameters. The researcher then realized that modifying the value of one of these
        parameters would display a different contract. This is called an insecure direct object reference (IDOR)
        vulnerability and they are typically easy to exploit. The exposed contracts contained information such as full
        name, address, phone number, model and serial number of the acquired device, and the customer’s signature.

                Source: https://www.securityweek.com/vulnerabilities-exposed-2-million-verizon-customer-contracts



        Secret Service Investigates Breach at U.S. Govt IT Contractor. The U.S. Secret Service is investigating a breach
        at a Virginia-based government technology contractor that saw access to several of its systems put up for sale
        in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being
        auctioned off was to old test systems that do not have direct connections to its government partner networks.
        In mid-August, a member of a popular Russian-language cybercrime forum offered to sell access to the
        internal network of a U.S. government IT contractor that does business with more than 20 federal agencies,
        including several branches of the military. The seller bragged that he had access to email correspondence and
        credentials needed to view databases of the client agencies, and set the opening price at six bitcoins (~USD
        $60,000).

                Source:  https://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-
                contractor/








                                                    www.accumepartners.com
                                                                                                                    15