Microsoft data breach – 250 million records exposed
Microsoft has announced a data breach that has exposed 250 million customer records, spanning 14 years, without password protection. An investigation by Comparitech security research team has discovered five Elasticsearch servers containing the same set of 250 million Microsoft customer service records left easily accessible to internet users. While the majority of records were redacted, some of the data exposed included IP addresses, locations, and internal notes that were marked “confidential”, customer email addresses, Microsoft support agent emails, case numbers, resolutions, and remarks. While the issue was quickly locked down by Microsoft, according to them the accidental server exposure was the result of a change in the database’s network security group, which contained misconfigured security rules.
GDPR: $126 Million in Fines and Counting
According to law firm DLA Piper, there have been more than 160,900 data breaches reports recorded by the European data protection authorities since EU’s General Data Protection Regulation went into full effect on May 25, 2018, resulting in EUR114 million in fines. France, Germany and Austria topped the list for total value of GDPR fines with EUR51 million, EUR24.5 million and EUR18 million respectively, while Netherlands, Germany and UK topped the table for total number of breaches notified to regulators with 40,647, 37,636 and 22,181 notifications each.
Jeff Bezos’ iPhone Hacked
Amazon CEO Jeff Bezos found his iPhone hacked in 2018 after receiving a video Whatsapp message from the account of the Saudi Arabia crown prince Mohammed bin Salman. According to forensic analysts, the video file of more than 4.4 megabytes contained a bit of small amount of code which implanted malware and gave attackers access to Mr. Bezos’s entire phone.
Certain GE Healthcare Devices Vulnerable to Cyberattacks
GE healthcare devices revealed six vulnerabilities that would allow hackers to remotely tamper with the machines containing sensitive information such as patients’ physiological status – such as temperature, heartbeat, blood pressure – as well as patient demographic or other nonmedical information. Security research firm CyberMDX discovered these vulnerabilities in a variety of GE Healthcare clinical information central stations and telemetry servers and noted that 5 out of 6 vulnerabilities were rated 10/10 maximum severity.
‘Cable Haunt’ Vulnerability Leaves 200 Million Modems at Risk
The middleware on chips produced by Broadcom have been found to have a serious security vulnerability which has allowed hackers to access modems which use the chip. They called these attacks Cable Haunt. The company pushed a firmware fix to patch the flaw 8 months ago, but they do not know if any of their more than 200 Million modems had been hacked prior to the update.