Data Breach












              We've, um, changed our password policy, says CafePress amid reports of 23m pwned accounts -
              Twee T-shirts 'n' merch purveyor CafePress had 23 million user records swiped – reportedly back in
              February – and this morning triggered a mass password reset, calling it a change in internal policy.
              Details of the security breach emerged when infosec researcher Troy Hunt's Have I Been Pwned
              service – which lists websites known to have been hacked, allowing people to check if their
              information has been stolen – began firing out emails to affected people in the small hours of this
              morning.

                     Source: https://www.theregister.co.uk/2019/08/05/cafebreach_breach_23m_user_records/



              StockX was hacked, exposing millions of customers’ data - It wasn’t “system updates” as it
              claimed. StockX was mopping up after a data breach, TechCrunch can confirm. The fashion and
              sneaker trading platform pushed out a password reset email to its users on Thursday citing “system
              updates,” but left users confused and scrambling for answers. StockX told users that the email was
              legitimate and not a phishing email as some had suspected, but did not say what caused the
              alleged system update or why there was no prior warning.
                     Source: https://techcrunch.com/2019/08/03/stockx-hacked-millions-records/



              State Farm customer accounts breached in credential stuffing attack - Attackers used a list of
              usernames and passwords obtained via credential stuffing attack to access State Farm customers’
              online accounts. The investigation revealed that attackers were able to confirm valid usernames
              and passwords for some online accounts, however, no personal information was accessed.
                     Source: https://cyware.com/news/state-farm-customer-accounts-breached-in-credential-
                     stuffing-attack-24285887



              SQL Injection Vulnerability Exposed Starbucks Financial Records -        A critical SQL injection
              vulnerability exposed nearly one million financial records stored in a Starbucks enterprise database,
              a researcher revealed this week. Eugene Lim, aka spaceraccoon, earned $4,000 after reporting the
              flaw to Starbucks via the company’s bug bounty program on HackerOne. The security hole was
              identified on April 8 and it was patched within two days. The vulnerability report he submitted to
              HackerOne was made public on August 6.

                     Source:  https://www.securityweek.com/sql-injection-vulnerability-exposed-starbucks-
                     financial-records










                                                    www.accumepartners.com
                                                                                                                    16