Author: Zack Whittaker

T-Mobile quietly reveals uptick in government data demands

T-Mobile has revealed an uptick in the number of demands for data it receives from the government. The cellular giant quietly posted its 2017 transparency report on August 14, revealing a 12 percent increase in the number of overall data demands it responded to compared to the previous year. The report said the company responded to 219,377 subpoenas, an 11 percent rise on 2017. These demands were issued by federal agencies and do not require any judicial oversight. The company also responded to 55,372 court orders, a 13 percent rise, and 27,203 warrants, a rise of 19 percent. But...

Read More

Abbyy leaked 203,000 sensitive customer documents in server lapse

Abbyy, a maker of optical character recognition software, has exposed a trove of sensitive customer documents after a database server was left online without a password. The exposed server was found by former Kromtech security researcher Bob Diachenko, who now works independently. In a blog post shared prior to publication, he said one of the company’s MongoDB servers was mistakenly configured for public access. He told TechCrunch that the server contained 203,896 scanned files, including contracts, non-disclosure agreements, memos and other highly sensitive documents dating back to 2012. The data also included corporate usernames and scrambled passwords. The Moscow-based...

Read More

Weak passwords let a hacker access internal Sprint staff portal

It’s not been a great week for cell carriers. EE was hit with two security bugs and T-Mobile admitted a data breach. Now, Sprint is the latest phone giant to admit a security lapse, TechCrunch has learned. Using two sets of weak, easy-to-guess usernames and passwords, a security researcher accessed an internal Sprint staff portal. Because the portal’s log-in page didn’t use two-factor authentication, the researcher — who did not want to be named — navigated to pages that could have allowed access customer account data. Sprint is the fourth largest US cell network with 55 million customers. TechCrunch passed...

Read More

UK phone giant EE hit by another security snafu

For the second time this week, UK phone giant EE has fixed a security lapse, which allowed a security researcher to gain access an internal site. The researcher, who goes by the pseudonym Six, found the company’s internal training site indexed on Google. (We’re not linking to the page as it remains an active site.) Although the site required an employee username and password to log in, the researcher found that an “admin” account existed, which anyone with the answer to the secret question could reset the password of. It turns out that secret question could have been stronger. “What is your eye color,” the researcher told TechCrunch. “I tried loads of colors and they all give an error,” he said. “The answer was simply ‘brown’,” he said. From there, he gained access to the entire internal training site. EE is the largest phone network in the UK with more than 30 million users. TechCrunch reported the security lapse to the company on Wednesday. A spokesperson for EE said a fix was implemented early Thursday, and thanked the researcher. “This account has now been disabled and we have also changed the password and security question for the account,” said a spokesperson. “No customer data is, or has been, at risk as the user account on the training website only gave access to a dummy environment with fake accounts.” But the...

Read More

T-Mobile says hackers stole customer data in data breach

T-Mobile has confirmed hackers breached its systems. The cell giant, currently merging with Sprint, said in a statement that hackers customer stole names, billing zip codes, phone numbers, email addresses, account numbers, and account type — such as if an account was prepaid or postpaid — in what the company described as an “unauthorized capture of data.” No customer financial or billing data was compromised, the company said. It’s not known when the breach occurred but the unauthorized access was detected and shut down on Monday. T-Mobile did not immediately respond to a request for comment, but Motherboard reported that...

Read More

Millions of Texas voter records exposed online

Over 14 million detailed voter records were found on an unprotected server Zack Whittaker 7 hours A massive trove of voter records containing personal information on millions of Texas residents has been found online. The data — a single file containing an estimated 14.8 million records — was left on an unsecured server without a password. Texas has 19.3 million registered voters. It’s the latest exposure of voter data in a long string of security incidents that have cast doubt on political parties’ abilities to keep voter data safe at a time where nation states are actively trying to...

Read More

Attempted DNC voter database hack was a false alarm, security chief says

An apparent hacking attempt on the Democratic National Committee’s voter database was a false alarm, the organization has said. CNN and the Associated Press reported on Wednesday, citing an unnamed party official, that the political organization was warned of an attempt on its systems. DNC officials contacted the FBI after Lookout, a security firm, detected and reported a phishing page that replicated a login page for NGP VAN, a technology provider for Democratic campaigns. But the party’s security chief quickly reversed its position Thursday, confirming that the phishing page was “simulated.” “The test, which mimicked several attributes of actual attacks on...

Read More

Russian hackers slipped up in attempt to hack senator

Hackers that targeted a Democratic senator up for reelection this year may have left behind clues in their attack that further suggest Russian involvement. The office of Claire McCaskill, a Missouri senator, was targeted in an apparent targeted phishing attack from a fake Microsoft domain that the software giant later seized pursuant to a court order. The Daily Beast reported that a then-McCaskill staffer was the target of the attack, which was attributed to hackers linked to Russian intelligence — largely because the effort was similar to the phishing attack on Hillary Clinton’s campaign chair John Podesta, whose account was...

Read More

Right Now in Politics and Business