fbpx
W47-2020-newsletter

Here’s your weekly data breach news roundup:

  • Glofox- Irish gym management software company
  • Pray.com – popular Christian faith app
  • Liquid – Japanese cryptocurrency exchange
  • Cloud Clusters – web hosting provider

CLOUD CLUSTERS

cloud-clusters

Web hosting provider exposes details of millions of clients in serious security lapse.

Cloud Clusters breach exposed data relating to 63 million individuals

Security researchers have discovered a huge data breach involving a web hosting firm, which may have threatened the privacy of some 63 million individuals. Security researcher Jeremiah Fowler, in collaboration with Secure Thoughts, discovered that an unsecured database hosted by US firm Cloud Clusters had potentially compromised usernames and passwords connected with Magento, WordPress and MySQL.

 

The exposed database contained records concerning data backups, monitoring, error logging, and more, with emails and passwords displayed in plain text. 

Liquid - Cryptocurrency Exchange

Cryptocurrency exchange Liquid has announced it had suffered a data breach on November 13 that led to an exposure of users’ emails, name, address, and encrypted passwords.

According to an official blog post, Liquid’s domain name hosting provider “incorrectly transferred” control over the exchange’s account and domain to a bad actor. The exchange says this gave the actor the ability to change DNS records and in turn, “take control of a number of internal email accounts.”

Liquid assures that all cold storage crypto wallets are secured and were not compromised. The exchange believes the bad actor could steal personal information from Liquid’s user database, including users’ emails, name, address and encrypted password.

Read more at https://ihodl.com/topnews/2020-11-18/liquid-suffers-users-data-breach/

Pray.com - Christian faith app

A popular Christian faith app has unwittingly exposed the personal data of up to 10 million users dating back several years, after misconfiguring its cloud infrastructure.

Santa Monica-headquartered Pray.com claims to be the “#1 App for daily prayer and biblical audio content” and has been downloaded over a million times from the Play Store.

Researchers at vpnMentor discovered four misconfigured AWS S3 buckets belonging to the company.

Although it had made private around 80,000 files, it failed to replicate these security measures on its Cloudfront CDN, which also had access to the files. This means a hacker could have compromised personal information on as many as 10 million people, most of whom were not even Pray.com users.

Glofox - Irish startup

Irish gym management software company Glofox is investigating reports of a recent data breach in which users’ personal details may have been compromised 46 million accounts, reportedly hacked by a well-known group, ShinyHunters

Irish gym management software company Glofox is investigating reports of a recent data breach in which users’ personal details may have been compromised.

The start-up is one of a number of companies whose databases were reportedly hacked by a well-known group, ShinyHunters. Others believed to have been impacted include popular children’s online playground Animal Jam, which this week reported it had suffered a breach affecting 46 million accounts.

Glofox has not responded to media requests for comment on a possible security breach but it has, in recent days, responded to individuals on Twitter who posed questions to the company after being informed its website had been compromised.