Meeting and Hotel Booking Provider’s Data Found in Public Amazon S3 Bucket

Leaks of personal and business information from unsecured Amazon S3 buckets are piling up. From a report: The latest belongs to Groupize, a Boston-area business that sells tools to manage small group meetings as well as a booking engine that handles ho…

Leaks of personal and business information from unsecured Amazon S3 buckets are piling up. From a report: The latest belongs to Groupize, a Boston-area business that sells tools to manage small group meetings as well as a booking engine that handles hotel room-block reservations. Researchers at Kromtech Security found a publicly accessible bucket containing business and personal data, including contracts and agreements between hotels, customers and Groupize, Kromtech said. The data included some credit card payment authorization forms that contained full payment card information including expiration data and CVV code. The researchers said the database stored in S3 contained numerous folders, below; one called “documents” held close to 3,000 scanned contracts and agreements, while another called all_leads had more than 3,100 spreadsheets containing critical Groupize business data including earnings. There were 37 other folders in the bucket containing tens of thousands of files, most of them storing much more benign data.

Read more of this story at Slashdot.

Info on 1.8M Chicago Voters Was Publicly Accessible, But Now Removed From Cloud Service

A file containing the names, addresses, dates of birth and other information about Chicago’s 1.8 million registered voters was published online and publicly accessible for an unknown period of time, the Chicago Board of Election Commissioners said this…

A file containing the names, addresses, dates of birth and other information about Chicago’s 1.8 million registered voters was published online and publicly accessible for an unknown period of time, the Chicago Board of Election Commissioners said this week. From a report: The acknowledgment came days after a data security researcher alerted officials to the existence of the unsecured files. The researcher found the files while conducting a search of items uploaded to Amazon Web Services, a cloud system that allows users to rent storage space and share files with certain people or the general public. The files had been uploaded by Election Systems & Software, a contractor that helps maintain Chicago’s electronic poll books. Election Systems said in a statement that the files “did not include any ballot information or vote totals and were not in any way connected to Chicago’s voting or tabulation systems.” The company said it had “promptly secured” the files on Saturday evening and had launched “a full investigation, with the assistance of a third-party firm, to perform thorough forensic analyses of the AWS server.” State and local officials were notified of the existence of the files Saturday by cybersecurity expert Chris Vickery, who works at the Mountain View, Calif. firm UpGuard.

Read more of this story at Slashdot.

Info on 1.8M Chicago Voters Was Publicly Accessible, But Now Removed From Cloud Service

A file containing the names, addresses, dates of birth and other information about Chicago’s 1.8 million registered voters was published online and publicly accessible for an unknown period of time, the Chicago Board of Election Commissioners said this…

A file containing the names, addresses, dates of birth and other information about Chicago’s 1.8 million registered voters was published online and publicly accessible for an unknown period of time, the Chicago Board of Election Commissioners said this week. From a report: The acknowledgment came days after a data security researcher alerted officials to the existence of the unsecured files. The researcher found the files while conducting a search of items uploaded to Amazon Web Services, a cloud system that allows users to rent storage space and share files with certain people or the general public. The files had been uploaded by Election Systems & Software, a contractor that helps maintain Chicago’s electronic poll books. Election Systems said in a statement that the files “did not include any ballot information or vote totals and were not in any way connected to Chicago’s voting or tabulation systems.” The company said it had “promptly secured” the files on Saturday evening and had launched “a full investigation, with the assistance of a third-party firm, to perform thorough forensic analyses of the AWS server.” State and local officials were notified of the existence of the files Saturday by cybersecurity expert Chris Vickery, who works at the Mountain View, Calif. firm UpGuard.

Read more of this story at Slashdot.

Disney Sued For Allegedly Spying On Children Through 42 Gaming Apps

schwit1 shares a report from The Washington Post (Warning: may be paywalled; alternative source): The Walt Disney Co. secretly collects personal information on some of their youngest customers and shares that data illegally with advertisers without par…

schwit1 shares a report from The Washington Post (Warning: may be paywalled; alternative source): The Walt Disney Co. secretly collects personal information on some of their youngest customers and shares that data illegally with advertisers without parental consent, according to a federal lawsuit filed late last week in California. The class-action suit targets Disney and three other software companies — Upsight, Unity and Kochava — alleging that the mobile apps they built together violate the law by gathering insights about app users across the Internet, including those under the age of 13, in ways that facilitate “commercial exploitation.”

The plaintiffs argue that Disney and its partners violated COPPA, the Children’s Online Privacy Protection Act, a federal law designed to protect the privacy of children on the Web. The lawsuit, filed in U.S. District Court for the District of Northern California, seeks an injunction barring the companies from collecting and disclosing the data without parental consent, as well as punitive damages and legal fees. The lawsuit alleges that Disney allowed the software companies to embed trackers in apps such as “Disney Princess Palace Pets” and “Where’s My Water? 2.” Once installed, tracking software can then “exfiltrate that information off the smart device for advertising and other commercial purposes,” according to the suit. Disney should not be using those software development companies, said Jeffrey Chester, the executive director of the Center for Digital Democracy. “These are heavy-duty technologies, industrial-strength data and analytic companies whose role is to track and monetize individuals,” Chester said. “These should not be in little children’s apps.” Disney responded to the lawsuit, saying: “Disney has a robust COPPA compliance program, and we maintain strict data collection and use policies for Disney apps created for children and families. The complaint is based on a fundamental misunderstanding of COPPA principles, and we look forward to defending this action in court.”

Read more of this story at Slashdot.

Prison Time For Manager Who Hacked Ex-Employer’s FTP Server, Email Account

Catalin Cimpanu, writing for BleepingComputer: Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company’s FTP server and the email account of one of his…

Catalin Cimpanu, writing for BleepingComputer: Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company’s FTP server and the email account of one of his former colleagues. Needham did all the hacking after he left his former employer, Allen & Hoshall (A&H), a design and engineering firm for which he worked until 2013. Needham left to create his own company named HNA Engineering together with a business partner. HNA is also a design and engineering firm. According to court documents obtained by Bleeping Computer, between May 2014 and March 2016, Needham hacked into the email account of one of his former co-workers. From this account, the FBI says Needham took sensitive business information, company fee structures, marketing plans, project proposals, and lists of credentials for A&H’s FTP server. A&H rotated its FTP credentials every six months, but Needham acquired new logins from his former colleague’s email account.

Read more of this story at Slashdot.

In Less Than Five Years, 44 Trillion Cameras Will Be Watching Us

An anonymous reader writes: It was a big deal for many when Apple added a second camera to the back of the iPhone 7 Plus last year. In five years, that will be considered quaint. By then, smartphones could sport 13 cameras, allowing them to capture 360…

An anonymous reader writes: It was a big deal for many when Apple added a second camera to the back of the iPhone 7 Plus last year. In five years, that will be considered quaint. By then, smartphones could sport 13 cameras, allowing them to capture 360-degree, 3D video; create complex augmented reality images onscreen; and mimic with digital processing the optical zoom and aperture effects of an SLR. That’s one of the far-out, but near-term, predictions in a new study by LDV Capital, a VC firm that invests in visual technologies such as computer vision. It polled experts at its own portfolio companies and beyond to predict that by 2022, the total number of cameras in the world will reach about 44 trillion. Jaw-dropping as that figure is, it doesn’t seem so crazy when you realize that today there are already about 14 trillion cameras in the world, according to data from research firms such as Gartner. Next to phones, other camera-hungry products will include robots (including autonomous cars), security cameras, and smart home products like the new Amazon Echo Show, according to LDV.

Read more of this story at Slashdot.

In Less Than Five Years, 44 Trillion Cameras Will Be Watching Us

An anonymous reader writes: It was a big deal for many when Apple added a second camera to the back of the iPhone 7 Plus last year. In five years, that will be considered quaint. By then, smartphones could sport 13 cameras, allowing them to capture 360…

An anonymous reader writes: It was a big deal for many when Apple added a second camera to the back of the iPhone 7 Plus last year. In five years, that will be considered quaint. By then, smartphones could sport 13 cameras, allowing them to capture 360-degree, 3D video; create complex augmented reality images onscreen; and mimic with digital processing the optical zoom and aperture effects of an SLR. That’s one of the far-out, but near-term, predictions in a new study by LDV Capital, a VC firm that invests in visual technologies such as computer vision. It polled experts at its own portfolio companies and beyond to predict that by 2022, the total number of cameras in the world will reach about 44 trillion. Jaw-dropping as that figure is, it doesn’t seem so crazy when you realize that today there are already about 14 trillion cameras in the world, according to data from research firms such as Gartner. Next to phones, other camera-hungry products will include robots (including autonomous cars), security cameras, and smart home products like the new Amazon Echo Show, according to LDV.

Read more of this story at Slashdot.

Game of Thrones Hackers Demand Ransom

An anonymous reader shares a report: Hackers who have leaked Game of Thrones scripts and other data from entertainment company HBO have released a note demanding a ransom payment. In a new dump, they also published a script for the as yet unbroadcast f…

An anonymous reader shares a report: Hackers who have leaked Game of Thrones scripts and other data from entertainment company HBO have released a note demanding a ransom payment. In a new dump, they also published a script for the as yet unbroadcast fifth episode of the current series. Company documents and video episodes of other HBO shows were also shared. The hackers claim to have 1.5TB of data in total, but HBO has said it does not believe its email system has been compromised. Documents in the latest leak were marked “HBO is falling,” according to the Wired news site, and included legal information, employment agreements and other company files. The Associated Press reports that some documents appeared to contain personal contact information for Game of Thrones actors.

Read more of this story at Slashdot.

NSA Unlawfully Surveilled Kim Dotcom In New Zealand, Says Report

According to new documents from New Zealand’s Government Communications Security Bureau (GCSB), the NSA illegally used technology to spy on Megaupload founder Kim Dotcom. “The New Zealand Herald first reported that the GCSB told the nation’s high court…

According to new documents from New Zealand’s Government Communications Security Bureau (GCSB), the NSA illegally used technology to spy on Megaupload founder Kim Dotcom. “The New Zealand Herald first reported that the GCSB told the nation’s high court that it ceased all surveillance of Dotcom in early 2012, but that ‘limited’ amounts of communications from Dotcom were later intercepted by its technology without the bureau’s knowledge,” reports The Hill. From the report: Dotcom was surveilled by the NSA and the GCSB in a joint intelligence operation named Operation Debut. According to the Herald, that surveillance was scheduled to end in January 2012, but the United States continued to use New Zealand’s technology. According to court documents obtained by the Herald, “Limited interception of some communications continued beyond the detasking date without the knowledge of GCSB staff.” The court papers don’t explain how the NSA was able to use the GCSB’s spying technology without the bureau’s knowledge. According to the Herald, “The GCSB documents do contain an admission of NSA involvement, although it was not made outright.” Dotcom is facing charges of copyright infringement and money laundering related to Megaupload, a file-sharing website shut down in 2012. He is currently fighting U.S. attempts to extradite him from New Zealand.

Read more of this story at Slashdot.

Hackers Break Into HBO’s Networks, May Have Leaked ‘Game of Thrones’ Script

An anonymous reader shares a report: Hackers have broken into the networks of HBO and reportedly leaked unreleased episodes of a number of shows, as well as the script for next week’s “Game of Thrones” episode. Altogether, they have reportedly obtained…

An anonymous reader shares a report: Hackers have broken into the networks of HBO and reportedly leaked unreleased episodes of a number of shows, as well as the script for next week’s “Game of Thrones” episode. Altogether, they have reportedly obtained a total of 1.5 terabyte of data. HBO confirmed the intrusion in a statement sent to Variety: “HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information. We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms. Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.”

Read more of this story at Slashdot.