Page 15 - Threat Intelligence 12-9-2019
P. 15

Data Breach













        New Zealand’s gun buyback scheme impacted by data breach, SAP to blame. New Zealand's firearms
        buyback scheme has been central to a data breach caused by human error at SAP. The buyback scheme, which
        ends on December 20, allows gun holders to trade in full weapons, as well as parts, accessories, and
        magazines. On Monday, New Zealand's Deputy Commissioner Mike Clement said that a website used by
        firearms owners to register and relinquish their weapons was subject to a security lapse, in which an arms
        dealer notified the police that they were able to access other account information without permission.
                Source:   https://www.zdnet.com/article/new-zealands-gun-buyback-scheme-suffers-data-breach-sap-
                to-blame/



        SMS and personal data of millions of Americans leaked online. The IT security researchers at vpnMentor
        have discovered a trove of insecure data hosting on a company based in the United States. Named TrueDialog,
        the firm provides a range of texting solutions to businesses in the USA and as such had a database containing
        confidential data of its customers. The data was identified to be belonging to the firm as their host ID which is
        “api.truedialog.com” was found on several occasions while observing the data. Hosted on Microsoft Azure &
        running on Oracle Marketing Cloud; it included millions of text messages, account usernames & passwords,
        phone numbers of both recipients & users, status indicators of messages sent like “read” and certain other
        account details.
                Source: https://www.hackread.com/millions-of-americans-personal-data-sms-leaked/




        Data from 21M Mixcloud Users Compromised in Breach. Music streaming service Mixcloud has disclosed a
        security incident in which unauthorized users gained access to some of its systems, resulting in the sale of
        customer data on the Dark Web. Mixcloud published a notice regarding the incident late last week, confirming
        it received reports that intruders breached its systems. At the time, it reported the attack involved email
        addresses, IP addresses, and encrypted passwords for a minority of Mixcloud users. Most people sign up for
        the service via Facebook authentication; their passwords are not stored.
                Source:             https://www.darkreading.com/threat-intelligence/data-from-21m-mixcloud-users-
                compromised-in-breach/d/d-id/1336491





















                                                    www.accumepartners.com
                                                                                                                    15
   10   11   12   13   14   15   16   17   18   19   20