Canadian college breach targets thousands
Last Friday, Algonquin College officials announced that an earlier data breachpotentially affected thousands of current and former students, as well as employees. While it is still unclear exactly what systems were affected, the officials have been working to contact all potential victims and inform them of the situation. What’s more interesting is Algonquin’s CISO’s comment in the article. You’d think that after the university’s first attack in 2014, they would have been better prepared this time around. At the very least, they could address the measures you’ve taken and plan on taking moving forward to prevent breaches.
Tinder implements major security upgrades
Tinder recently introduced fixes for two security vulnerabilitiesrelating to pictures insecurely stored on their servers and the ability to encrypt swipe responses. Those are pretty big vulnerabilities, considering Tinder has more than 50 million active users. The first fix involved Tinder securing their storage servers to keep hackers from accessing them through an unsecured WiFi network. The second fix revolved around making all swipe data the same size, as that was the differentiating factor between “likes” and “dislikes.”
Exactis data leak exposes info on 340 million users
A Florida-based marketing firm is currently under fire after the data for over 340 million customers was found on a publicly accessible server. It has not yet been determined for how long the information was publically accessible. The article title reads “Worse than Equifax.” I’d say. That’s all of America. Fortunately, Exactis was quick to lock down the server once they were alerted to the exposure. It has been confirmed that the data includes everything from names and addresses to types of pets and specific religious affiliations.
Adidas website falls victim to hackers
Adidas’ US website was breached this week, with sensitive data for millions of customers being stolen by unknown hackers. The company has since confirmed that no payment card information was included in the leak, only site usernames and passwords, which Adidas did properly store with strong levels of encryption. The company is still suggesting anyone who has ever made purchases from their website to change their password, regardless of whether it has been used for other sites or not. Take this as an opportunity to update all of your passwords—especially passwords on sites that you use as the same for your Adidas account.
Ticketmaster waits months to reveal data breach
Ticketmaster United Kingdom has finally released a breach statementmonths after Monzo bank, a UK-based mobile bank, informed the tickets sales giant of dozens of fraudulent charges. Even after being informed, the company wasn’t able to properly identify any data breach for over 2 months. I guess the bright side is that Ticketmaster has begun offering identity monitoring services to affected customers.