Here are the top stories of recent weeks:
- Over 6.5 Million Israeli Voters Exposed in Online Voter Registry
- Phishing Scam Costs Puerto Rican Government Over $2.6 Million
- Nedbank, South Africa’s Predominant Bank is the Latest Victim of a Breach Affecting 1.7 Million Customers
- Popular Photo Printing Mobile Application Exposed in Breach Affecting 10,000 Users
- A Mismanaged S3 Bucket Results in a Breach Affecting 49 Million Individuals
A software flaw linked to a government sponsored mobile application was the cause of one of the nation's largest data breaches, exposing over 6.5 millions Israeli registrants. The corresponding website enabled threat actors to retrieve personal voter information, such as, names, addresses, and identity card numbers. Essentially, through the website anyone could gain access to the government voter registry containing the sensitive information. At this moment it is unclear how many people downloaded the database, and the Israeli government has stated that it will look into the matter.
According to Ruben Rivera, the finance director of Puerto Rico’s Industrial Development Company, the government organization accidentally sent over $2.6 million to fraudulent accounts. At this time it is unclear whether the sender was negligent or simply failed to follow protocol. Government officials claim that they are attempting to retrieve the funds but this will be a difficult feat to accomplish. Due to financial setbacks stemming from the decade old recession, the island’s government has had to cut back on certain services. However, it appears that cutting back on data protection might be more costly.
The data pertaining to 1.7 million banking customers (past and present) has been affected in a breach caused by it’s own marketing contractors. One of the biggest banks in the South African region, Nedbank, stated that it decided to use a third party for its marketing efforts, to send out promotional campaigns to its users. The third party supposedly had a copy of the bank's customer data, including their names, ID numbers, home addresses, phone numbers, and email addresses. Moreover, the contractor did not have access to Nedbank’s network, therefore, one can assume that it was his own network that was compromised.
The U.S. based company has been gaining a lot of traction in the last couple of years, due to its simplistic but customizable approach to printing pictures on wooden tablets. According to Google Play, PhotoSquared, has over 100,000 happy customers but that might change as it just became the latest victim to a data breach. All of its customers data was compiled on an AWS storage bucket, however, it was not password protected. This enabled threat vectors to access all of its users personal data, such as, high-resolution photos and shipping addresses. Within the bucket, there were at least 10,000 unique shipping labels with corresponding high-resolution images.
A marketing firm based in Israel exposed millions of citizens because it failed to properly configure it’s authentication credentials. The Elasticsearch database contained over 140GB of data, such as, names, phone numbers and postal addresses – and although it was password protected, it’s credentials were not properly stored. According to the self-proclaimed security specialist, om3n, it was exposed in plaintext on the web server. Since then the marketing firm has taken the necessary steps to secure it’s AWS instance and there have been no signs of anomalous activity, as of now.
To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, malware, and more, download the Top CASB Use Cases below.