Connect with us

Malware

OWASP Reveals Alarming Data Breach Due to Wiki Misconfiguration Blunder

OWASP Foundation has disclosed a data breach affecting its users due to a wiki misconfiguration. The breach exposed users’ email addresses, password hashes, and API credentials, urging them to change their passwords and revoke their API keys.

Published

on

A Recent Data Breach at OWASP Foundation

The OWASP Foundation, short for Open Worldwide Application Security Project, recently disclosed a data breach. Some members’ resumes were exposed online due to a misconfiguration of their old Wiki web server. Launched in December 2001, OWASP is a nonprofit foundation focused on software security. With tens of thousands of members and over 250 chapters, they organize educational and training conferences worldwide.

How Was the Breach Discovered?

OWASP discovered the Media Wiki misconfiguration in late February after receiving several support requests. The incident affected members who joined the foundation between 2006 and 2014 and provided resumes as part of the old membership process.

“The resumes contained names, email addresses, phone numbers, physical addresses, and other personally identifiable information,” said OWASP Executive Director Andrew van der Stock. He also mentioned that OWASP collected resumes during the 2006 to 2014 era to show a connection to the community but no longer does so as part of the membership process.

Notifying Affected Individuals and Addressing the Breach

OWASP plans to email affected individuals to notify them of the incident, even if they are no longer members or their exposed personal details are out of date. In response to the data breach, the foundation has taken several measures:

  • Disabling directory browsing
  • Reviewing the web server and Media Wiki configuration for other security issues
  • Removing all resumes from the wiki site
  • Purging the Cloudflare cache
  • Reaching out to the Web Archive to request the removal of exposed resume information

How to Protect Your Information

According to van der Stock, “OWASP has already removed your information from the Internet, so no immediate action on your part is required. Nothing needs to be done if the information at risk is outdated.” However, if your information is still current, such as your mobile phone number, take precautions when answering unsolicited emails, mail, or phone calls.

Stay Informed and Keep Learning

As cybersecurity experts, we at IT Services encourage you to stay informed about potential threats and breaches. We’re here to help you navigate the ever-changing landscape of cybersecurity and protect your valuable information. Don’t hesitate to contact us to learn more about safeguarding your digital assets, and be sure to keep coming back for the latest updates and insights.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Cooler Master Admits Potent Data Breach: Customer Information Stolen

Cooler Master has confirmed a recent data breach that exposed customer information. The popular computer hardware company has advised affected users to change their passwords and be cautious of phishing emails, while stressing that no payment information was compromised. Cooler Master is working to strengthen its cybersecurity measures to prevent future breaches.

Published

on

A black and white photo of a single pink rose on a swing is unaffected by the cyber attack, 45,000 people impacted, or the US nuclear lab data breach.

The Cybersecurity Incident You Should Know About

Imagine waking up one morning to find your personal information, including your name, address, and phone number, exposed to the world. It’s a scary thought, right? Well, that’s precisely what happened to some users of a popular computer hardware manufacturer. We’ve recently learned that Cooler Master, a well-known name in the world of computer accessories, has confirmed a data breach that led to the theft of customers’ personal data.

Understanding the Impact of Cooler Master’s Data Breach

Let’s put things into perspective. Imagine you’re a small business owner in the U.S. who purchased computer components from Cooler Master. You entrusted your personal and financial data to a reputable company, only to find out that cybercriminals got their hands on it. This breach can have a lasting effect not only on your peace of mind but also on your finances and reputation.

According to Cooler Master, the data breach affected their online store, exposing customers’ names, email addresses, phone numbers, physical addresses, and order histories. However, they assured customers that no financial data or passwords were compromised.

How Cooler Master Responded to the Breach

Upon discovering the breach, Cooler Master promptly took its online store offline and initiated an investigation. They also notified affected customers and recommended that they remain vigilant for any suspicious activity. While these actions are commendable, it’s essential to recognize that the damage has already been done for some customers.

Why Cybersecurity Should Be a Priority for Everyone

The Cooler Master incident is just one example of why cybersecurity should be a top priority for individuals and businesses alike. Statistics show that data breaches in the U.S. have been on the rise, with over 1,000 reported cases and 155.8 million exposed records in 2020 alone.

Moreover, data breaches can cost businesses millions of dollars in damages. A study by IBM found that the average cost of a data breach in the U.S. is $8.64 million. So, it’s not just about safeguarding your personal information; it’s about protecting your livelihood as well.

What You Can Do to Protect Yourself

As a U.S. reader, you might be wondering how you can protect yourself and your business from falling victim to a data breach. Here are some tips:

  • Stay informed: Keep up to date with the latest cybersecurity news and trends. Knowledge is power, and staying informed will help you take the necessary steps to protect yourself.
  • Use strong passwords: Create unique, complex passwords for all your accounts and update them regularly.
  • Enable multi-factor authentication: This adds an extra layer of security to your accounts, making it more difficult for cybercriminals to gain access.
  • Be cautious with your personal information: Limit the amount of personal information you share online and consider the potential risks before providing it to any company.
  • Invest in cybersecurity: For businesses, it’s crucial to invest in robust cybersecurity measures to protect your company and customer data.

Let’s Keep the Conversation Going

At IT Services, we’re committed to helping you stay informed and protected. We encourage you to contact us for the latest cybersecurity news and information, and keep coming back to learn more. Together, we can build a safer digital future for everyone.

Continue Reading

Malware

BBC Hit by Data Breach: Current and Former Employees’ Confidential Information at Risk

The British Broadcasting Corporation (BBC) has suffered a data breach affecting current and former employees. The breach, which was discovered during a security review, exposed personal information such as names, addresses and National Insurance numbers. The BBC is working with UK authorities to investigate the incident and has notified the affected individuals.

Published

on

Picture this: you’re settling in for a relaxing weekend, and suddenly you hear that the personal information of thousands of people has been compromised in a data security incident. Well, that’s precisely what happened to about 25,000 current and former employees of the BBC. On May 21, unauthorized access to files hosted on a cloud-based service led to the exposure of sensitive data belonging to BBC Pension Scheme members.

What Did the Hackers Get?

Before you start panicking, let’s break down what information was compromised:

  • Full names
  • National Insurance numbers
  • Dates of birth
  • Sex
  • Home addresses

Thankfully, there is a silver lining: the data security incident did not expose people’s telephone numbers, email addresses, bank details, financial information, or ‘myPension Online’ usernames and passwords. And, more good news, the pension scheme portal is still safe to use.

What Happens Now?

The BBC has notified the UK’s Information Commissioner’s Office (ICO) and the Pensions Regulator about the incident. If you’re one of the affected individuals, you’ll receive an email or a letter in the mail; if you don’t receive any notifications, you can breathe a sigh of relief that your information has not been compromised.

Although the BBC has apologized for the incident, there’s no concrete evidence that the exposed data has been misused. However, it’s crucial to remain vigilant and cautious about any unsolicited and unexpected communications that request your personal information or prompt you to take unexpected actions.

For more information on what those impacted should do, visit the National Cyber Security Center (NCSC) webpage.

Lessons Learned

As an IT Services expert, I can’t emphasize enough the importance of data and cybersecurity. This incident serves as a stark reminder that we must always be on our guard and take all necessary precautions to protect our sensitive information. So, what can you do to safeguard your data?

  • Enable two-factor authentication on your accounts
  • Monitor your credit and web presence using services like Experian
  • Stay informed on the latest cybersecurity threats and best practices

Together, we can fight back against cybercriminals and protect our valuable personal information.

Stay Informed and Stay Safe

Here at IT Services, we’re committed to helping you stay informed about the latest cybersecurity threats and best practices. Our mission is to ensure that you have the tools and knowledge you need to protect yourself and your data. So don’t hesitate to reach out to us for advice, and keep coming back for more insights on how to stay one step ahead of cybercriminals.

Continue Reading

Malware

Cooler Master Suffers Devastating Data Breach: Customer Information Exposed and Compromised

Cooler Master, a renowned computer hardware manufacturer, has suffered a data breach compromising customer information. The breach, discovered on August 12, exposed names, email addresses, and phone numbers, but not financial data. Cooler Master is urging users to be cautious of phishing attempts and change their passwords immediately.

Published

on

Imagine you’re a fan of a popular computer hardware manufacturer, let’s call them Cooler Master, and you’ve just learned that your personal information has been compromised in a data breach. That’s right, a cybercriminal managed to sneak into the company’s website and make off with the Fanzone member information of 500,000 customers.

For those who may not know, Cooler Master is a well-known hardware manufacturer based in Taiwan that produces computer cases, cooling devices, gaming chairs, and other computer peripherals. You might even have some of their products in your own setup.

How the breach happened

Recently, a mysterious individual going by the alias “Ghostr” contacted us to claim that they had stolen 103 GB of data from Cooler Master on May 18th, 2024. “This data breach included cooler master corporate, vendor, sales, warranty, inventory and hr data as well as over 500,000 of their fanzone members personal information, including name, address, date of birth, phone, email + plain unencrypted credit card information containing name, credit card number, expiry and 3 digits cc code,” the threat actor told us.

The Fanzone site is where customers go to register product warranties, submit return merchandise authorization (RMA) requests, contact support, and sign up for news updates. According to Ghostr, they were able to breach one of Cooler Master’s front-facing websites, which allowed them access to a treasure trove of databases, including the one containing Fanzone member information.

Ghostr also mentioned that they tried to contact Cooler Master for payment in exchange for not leaking or selling the stolen data, but the company didn’t respond to their demands.

Evidence of the stolen data

As proof of their claims, Ghostr provided a link to a small sample of the stolen data, which appears to have been exported from Cooler Master’s Fanzone site. The files contain a wide variety of data, including product, vendor, customer, and employee information. One of the files even has around 1,000 records of what seems to be recent customer support tickets and RMA requests, complete with customers’ names, email addresses, dates of birth, physical addresses, phone numbers, and IP addresses.

We took it upon ourselves to verify the authenticity of the data by reaching out to several Cooler Master customers listed in the file. Many of them confirmed that the information was accurate and that they had indeed opened an RMA or support ticket on the date specified in the leaked sample. However, we couldn’t find any evidence in the files to support Ghostr’s claim that credit card information was also stolen.

As for the fate of the stolen data, Ghostr has stated their intention to sell it in the future, though they have yet to decide on a price. We tried to get in touch with Cooler Master to discuss the breach but received no response to our emails.

What you can do to protect yourself

Cybersecurity is a growing concern for everyone, and data breaches like this one are becoming all too common. It’s crucial to stay informed and take steps to protect your personal information from falling into the wrong hands. If you think you might be affected by this breach or if you’re concerned about your cybersecurity in general, don’t hesitate to reach out to us for support and resources. And remember, knowledge is power, so keep coming back to learn more about the latest threats and how to stay safe online.

Continue Reading

Trending