Cloudentity Blog | Identity Management and Authorization

YouTube Hack: When 2FA isn’t quite enough

Published September 23, 2019

Breaches

Hackers targeted a number of high-profile, “influencer” YouTube accounts using a coordinated phishing attack. “Phishing” is where a notification (email, text, etc.) pretends to be the provider, leads the individual to a site that looks very, very much like the real site. Then they get the individual to enter valid credentials, which they steal and...

Open Banking and Cloudentity Walkthrough

Published September 16, 2019

General

Open Banking is coming to the rest of the world, and Cloudentity's Identity and Authorization for APIs provides the required mix of tools to automate the process of developers connecting to banking APIs while securing access down the the consumer consent of individual kinds of activities. Here's a walkthrough of how some of these features...

Hacking the Provider: 14 Million Hostinger Accounts Exposed

Published August 26, 2019

Breaches

Web hosting provider, Hostinger, alerted customers to unauthorized activity that gave someone (unknown) access to an API that contained 14 million customer usernames, email addresses, and passwords scrambled with the SHA-1 algorithm (which is more suspectable to a rainbow table attack and has been deprecated for a few years now). Credit is due to Hostinger...

90,000 German MasterCard Customers Data Posted in Breach

Published August 22, 2019

Breaches

GDPR will definitely bite MasterCard on a breach of 90,000 German customer's data including names, addresses and partial credit card numbers. And there are reports of an additional, unidentified list, circulating with full credit card numbers. As with other recent breaches, it appears a third-party vendor was trusted with the data, and then proceeded to...

Cloud Hybrid is the new normal

Published August 22, 2019

General

There are many ways to describe the different ways organizations use cloud computing, but “cloud hybrid” is quickly becoming the de facto standard. In Ofer Schreiber’s article Why leading cyber-executives see massive potential in securing hybrid clouds, he describes cloud-hybrid as “huge sprawl across multiple cloud providers, across multiple cloud accounts that need to be accounted for and properly...

Securing Elections Infrastructure

Published August 20, 2019

API Security

It seems there is some sort of data breach or hack every day; sometimes the hack is as simple as finding an open database, sometimes it’s a phishing attack, sometimes it’s getting into a network through an IoT device like a printer or even a thermostat. As we enter the era of electronic voting machines,...

StockX “System Update” Revealed to be a Breach

Published August 12, 2019

Breaches

First StockX forced a password reset, telling customers it was due to a system update, now it turns out that not only were over 6 million user records exposed, but that data is for sale by hackers. Online shoe reseller, StockX abruptly forced all users to reset their passwords a couple weeks ago saying it...

2019 CafePress breach exposes 23 million users… What did we learn?

Published August 7, 2019

Breaches

This post looks back at the CafePress data breach of 2019, the compromised user data, how CafePress handled the breach, the resulting fall-out, and how consumers and companies can protect themselves from future hacks. About the CafePress data breach CafePress is a popular custom T-shirt and merchandise online retailer that was hacked, exposing the email...

Breach: 1 Million South Korean Credit Cards on the Dark Web

Published August 6, 2019

Breaches

Gemini Advisory Group reported today that there has been a sharp uptick in the number of South Korean for sale on the dark web; they have seen a 2,019% increase in July based on baseline data with over 1 million compromised South Korea-issued CP records posted for sale in the dark web since May 29,...

Poshmark Breach

Published August 2, 2019

Breaches

In today's breach news, Poshmark disclosed "data from some Poshmark users was acquired by an unauthorized third party." Poshmark is a social commerce marketplace where people in the United States can buy and sell new or used clothing, shoes, and accessories. It's unclear exactly According the the official disclosure release on Poshmark's website (see https://blog.poshmark.com/2019/08/01/important-security-notice-from-poshmark/)...

Pearson Exposes Student Data

Published August 1, 2019

Breaches

Education software company Pearson, exposed data on at least 100,000 students across more than 13,000 schools and universities. The breach itself was in November of 2018, and discovered in March, but only announced in August, underscoring the challenges companies have with identifying, remedying and communicating breaches. First and last names, email addresses, and dates of...

Capital One AWS Breach

Published July 30, 2019

Breaches

The story of the hacker who got hold of 100 million Capital One credit applications and accounts keeps getting bigger. First there's the breach itself -- the woman who hacked her way into the AWS S3 buckets openly talked about her exploits on Twitter and Slack with enough details to make it pretty clear what...

Blog

YouTube Hack: When 2FA isn’t quite enough

Open Banking and Cloudentity Walkthrough

Hacking the Provider: 14 Million Hostinger Accounts Exposed

90,000 German MasterCard Customers Data Posted in Breach

Cloud Hybrid is the new normal

Securing Elections Infrastructure

StockX “System Update” Revealed to be a Breach

2019 CafePress breach exposes 23 million users… What did we learn?

Breach: 1 Million South Korean Credit Cards on the Dark Web

Poshmark Breach

Pearson Exposes Student Data

Capital One AWS Breach

Enterprises Reveal the State of their API Security & Governance

Find out how we can help you with your identity and authorization journey