Blog

Featured image for YouTube Hack: When 2FA isn’t quite enough

YouTube Hack: When 2FA isn’t quite enough

Hackers targeted a number of high-profile, “influencer” YouTube accounts using a coordinated phishing attack. “Phishing” is where a notification (email, text, etc.) pretends to be the provider, leads the individual to a site that looks very, very much like the real site. Then they get the individual to enter valid credentials, which they steal and...
Read More
Featured image for Open Banking and Cloudentity Walkthrough

Open Banking and Cloudentity Walkthrough

Open Banking is coming to the rest of the world, and Cloudentity's Identity and Authorization for APIs provides the required mix of tools to automate the process of developers connecting to banking APIs while securing access down the the consumer consent of individual kinds of activities. Here's a walkthrough of how some of these features...
Read More
Featured image for Hacking the Provider: 14 Million Hostinger Accounts Exposed

Hacking the Provider: 14 Million Hostinger Accounts Exposed

Web hosting provider, Hostinger, alerted customers to unauthorized activity that gave someone (unknown) access to an API that contained 14 million customer usernames, email addresses, and passwords scrambled with the SHA-1 algorithm (which is more suspectable to a rainbow table attack and has been deprecated for a few years now). Credit is due to Hostinger...
Read More
Featured image for 90,000 German MasterCard Customers Data Posted in Breach

90,000 German MasterCard Customers Data Posted in Breach

GDPR will definitely bite MasterCard on a breach of 90,000 German customer's data including names, addresses and partial credit card numbers. And there are reports of an additional, unidentified list, circulating with full credit card numbers. As with other recent breaches, it appears a third-party vendor was trusted with the data, and then proceeded to...
Read More
Featured image for Cloud Hybrid is the new normal 

Cloud Hybrid is the new normal 

There are many ways to describe the different ways organizations use cloud computing, but “cloud hybrid” is quickly becoming the de facto standard.  In Ofer Schreiber’s article Why leading cyber-executives see massive potential in securing hybrid clouds, he describes cloud-hybrid as “huge sprawl across multiple cloud providers, across multiple cloud accounts that need to be accounted for and properly...
Read More
Featured image for Securing Elections Infrastructure

Securing Elections Infrastructure

It seems there is some sort of data breach or hack every day; sometimes the hack is as simple as finding an open database, sometimes it’s a phishing attack, sometimes it’s getting into a network through an IoT device like a printer or even a thermostat. As we enter the era of electronic voting machines,...
Read More
Featured image for StockX “System Update” Revealed to be a Breach

StockX “System Update” Revealed to be a Breach

First StockX forced a password reset, telling customers it was due to a system update, now it turns out that not only were over 6 million user records exposed, but that data is for sale by hackers. Online shoe reseller, StockX abruptly forced all users to reset their passwords a couple weeks ago saying it...
Read More
Featured image for 2019 CafePress breach exposes 23 million users… What did we learn?

2019 CafePress breach exposes 23 million users… What did we learn?

This post looks back at the CafePress data breach of 2019, the compromised user data, how CafePress handled the breach, the resulting fall-out, and how consumers and companies can protect themselves from future hacks.  About the CafePress data breach  CafePress is a popular custom T-shirt and merchandise online retailer that was hacked, exposing the email...
Read More
Featured image for Poshmark Breach

Poshmark Breach

In today's breach news, Poshmark disclosed "data from some Poshmark users was acquired by an unauthorized third party." Poshmark is a social commerce marketplace where people in the United States can buy and sell new or used clothing, shoes, and accessories. It's unclear exactly According the the official disclosure release on Poshmark's website (see https://blog.poshmark.com/2019/08/01/important-security-notice-from-poshmark/)...
Read More
Featured image for Pearson Exposes Student Data

Pearson Exposes Student Data

Education software company Pearson, exposed data on at least 100,000 students across more than 13,000 schools and universities. The breach itself was in November of 2018, and discovered in March, but only announced in August, underscoring the challenges companies have with identifying, remedying and communicating breaches. First and last names, email addresses, and dates of...
Read More
Featured image for Capital One AWS Breach

Capital One AWS Breach

The story of the hacker who got hold of 100 million Capital One credit applications and accounts keeps getting bigger. First there's the breach itself -- the woman who hacked her way into the AWS S3 buckets openly talked about her exploits on Twitter and Slack with enough details to make it pretty clear what...
Read More