API Security

Featured image for Identity and Authorization At Cloud Scale

Identity and Authorization At Cloud Scale

Published December 6, 2021
API Security Breaches Cloud Identity Management Cloud Security Customer Experience DevOps Security General IAM Legislation News Videos
The future has a lot to answer for. For decades we’ve been promised super-cool inventions that we still haven’t received - flying cars, jetpacks and IAM platforms that provide security, scale and manageability- all with wrapped up with 21st century automation. George Jetson’s job had two settings ("Start" & "Stop") and the computer did the...
Read More
Featured image for When your modern IAM platform isn't modern: the case for authorization and identity microservices.

When your modern IAM platform isn't modern: the case for authorization and identity microservices.

Published August 12, 2021
API Security Breaches
By Nathanael Coffing, CSO and co-founder of Cloudentity A couple of weeks ago, a leading identity provider suffered a zero-day vulnerability that was immediately used maliciously to compromise financial, retail and healthcare customers.   The big question is— why was this "modern" IAM platform so appealing to security researchers and hackers alike, and how can we,...
Read More
Featured image for The Experian Credit Score Breach: What Happened and How to Prevent Future API Data Breaches

The Experian Credit Score Breach: What Happened and How to Prevent Future API Data Breaches

Published May 3, 2021
API Security Breaches
Last week, the public was notified about a pretty serious Experian API-related incident leading to the potential public exposure of credit scores for millions of Americans. What Went Wrong? Experian’s credit score API drew the attention of a security researcher Bill Demirkapi. It started innocently with him looking around for student loan options. He bumped...
Read More
Featured image for DoorDash Breach: 4.9 Million Customers and Merchants

DoorDash Breach: 4.9 Million Customers and Merchants

Published September 30, 2019
Breaches
DoorDash, the folks who bring you your Big Macs and local fresh mex, disclosed that the personal data of 4.9 million customers, workers and merchants was compromised including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords (it wasn't made clear what kind of algorithm they use to hash...
Read More
Featured image for YouTube Hack: When 2FA isn’t quite enough

YouTube Hack: When 2FA isn’t quite enough

Published September 23, 2019
Breaches
Hackers targeted a number of high-profile, “influencer” YouTube accounts using a coordinated phishing attack. “Phishing” is where a notification (email, text, etc.) pretends to be the provider, leads the individual to a site that looks very, very much like the real site. Then they get the individual to enter valid credentials, which they steal and...
Read More
Featured image for Hacking the Provider: 14 Million Hostinger Accounts Exposed

Hacking the Provider: 14 Million Hostinger Accounts Exposed

Published August 26, 2019
Breaches
Web hosting provider, Hostinger, alerted customers to unauthorized activity that gave someone (unknown) access to an API that contained 14 million customer usernames, email addresses, and passwords scrambled with the SHA-1 algorithm (which is more suspectable to a rainbow table attack and has been deprecated for a few years now). Credit is due to Hostinger...
Read More
Featured image for 90,000 German MasterCard Customers Data Posted in Breach

90,000 German MasterCard Customers Data Posted in Breach

Published August 22, 2019
Breaches
GDPR will definitely bite MasterCard on a breach of 90,000 German customer's data including names, addresses and partial credit card numbers. And there are reports of an additional, unidentified list, circulating with full credit card numbers. As with other recent breaches, it appears a third-party vendor was trusted with the data, and then proceeded to...
Read More
Featured image for StockX “System Update” Revealed to be a Breach

StockX “System Update” Revealed to be a Breach

Published August 12, 2019
Breaches
First StockX forced a password reset, telling customers it was due to a system update, now it turns out that not only were over 6 million user records exposed, but that data is for sale by hackers. Online shoe reseller, StockX abruptly forced all users to reset their passwords a couple weeks ago saying it...
Read More
Featured image for 2019 CafePress breach exposes 23 million users… What did we learn?

2019 CafePress breach exposes 23 million users… What did we learn?

Published August 7, 2019
Breaches
This post looks back at the CafePress data breach of 2019, the compromised user data, how CafePress handled the breach, the resulting fall-out, and how consumers and companies can protect themselves from future hacks.  About the CafePress data breach  CafePress is a popular custom T-shirt and merchandise online retailer that was hacked, exposing the email...
Read More
Featured image for Poshmark Breach

Poshmark Breach

Published August 2, 2019
Breaches
In today's breach news, Poshmark disclosed "data from some Poshmark users was acquired by an unauthorized third party." Poshmark is a social commerce marketplace where people in the United States can buy and sell new or used clothing, shoes, and accessories. It's unclear exactly According the the official disclosure release on Poshmark's website (see https://blog.poshmark.com/2019/08/01/important-security-notice-from-poshmark/)...
Read More
Featured image for Pearson Exposes Student Data

Pearson Exposes Student Data

Published August 1, 2019
Breaches
Education software company Pearson, exposed data on at least 100,000 students across more than 13,000 schools and universities. The breach itself was in November of 2018, and discovered in March, but only announced in August, underscoring the challenges companies have with identifying, remedying and communicating breaches. First and last names, email addresses, and dates of...
Read More

Categories

API Security

(28)

Breaches

(15)

CIAM

(1)

Cloud Identity Management

(11)

Cloud Security

(12)

Customer Experience

(7)

DevOps Security

(9)

General

(19)

IAM

(7)

Legislation

(5)

News

(9)

Open Banking

(10)

Videos

(3)

Connect with us

Featured Post

Featured image for Symcor launches Open Banking suite of services, supported by Cloudentity

Symcor launches Open Banking suite of services, supported by Cloudentity

Published December 16, 2022
Open Banking
Cloudentity is excited to announce its involvement with Symcor, a leading Canadian business solutions provider that enables secure data exchanges. Symcor has launched COR.CONNECT, a new suite of Open Banking services which enables Canadian financial institutions, credit unions, aggregators and fintechs to exchange data safely and efficiently. Cloudentity provides an extremely flexible and scalable authorization...
Read More

Recent Posts

New Zealand Open Banking and CDR
February 24, 2023
A New Zealand Open Banking framework is expected to be established by the country's government… Read More
Why Small Banks and Credit Unions Should Embrace Open Banking
February 14, 2023
  As CEO of a small security software startup, I am acutely aware of the… Read More
Cloudentity adds Brazil Open Insurance (OPIN) to its list of certified OIDF FAPI profiles
February 10, 2023
  Brazil has fast-tracked innovation in the insurance industry by operationalizing and standardizing the sharing… Read More
Cloudentity Helps EQL Deliver Hype Sales at Massive Scale
February 9, 2023
  Sales of highly sought-after products have taken off for many high-demand consumer items, including… Read More