Posts Tagged: exposed

Security flaw in Florida tax website exposed filers’ sensitive data

Some Florida residents may be keeping a close eye on their finances after a security incident. Researcher Kamran Mohsin tellsTechCrunch that Florida’s Department of Revenue website had a flaw that exposed hundreds of filers’ bank account and Social Security numbers. Anyone who logged in to the state business tax registration site could see, modify and even delete personal data just by modifying the web address pointing to a taxpayer’s application number — you just needed to change the digits in the link.

There were over 713,000 applications in the Department’s pipeline at the time of the discovery, Mohsin said. Mohsin warned the Department about the flaw on October 27th.

Department representative Bethany Wester said in a statement that the government fixed the flaw within four days of the report, and that two unnamed firms have deemed the site secure. She added there was “no sign” attackers abused the flaw, but didn’t say how officials might have spotted any misuse. The agency contacted every affected taxpayers by phone or writing within four days of learning about the issue, and has offered a year of free credit monitoring.

Bugs like these, known as insecure direct object references, are relatively easy to fix. The damage might also be limited compared to other tax-related breaches, such as a Healthcare.gov intrusion that compromised about 75,000 people in 2018. However, the incident underscores the potential harm from weak security — even a small-scale exposure like this could be used to commit tax fraud and steal refunds.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Cloud leak exposed sensitive data from over 200,000 voicemails

Some data leaks contain more sensitive info than most. Security researcher Bob Diachenko and Comparitech discovered (via Threatpost) that Broadvoice, a cloud VoIP provider for businesses, left over 350 million records exposed online in an unprotected…
Engadget RSS Feed

Razer data leak may have exposed info of over 100,000 customers

If you recently bought something from Razer, you'll want to keep an eye on your email inbox for suspicious links. According to security researcher Bob Diachenko, the company recently misconfigured one of its Elasticsearch servers, leaving the sensiti…
Engadget RSS Feed

US could soon end mass phone surveillance program exposed by Snowden

The US government might put an end to the controversial NSA phone surveillance program Edward Snowden exposed by the end of 2019. Republican congressional national security adviser Luke Murry revealed during a Lawfare podcast that Congress might not…
Engadget RSS Feed

500px reveals 2018 breach that exposed user data

Photo-sharing platform 500px has revealed that it suffered a security breach that exposed its users' data and profile information. While the company's engineers have only just discovered the unauthorized entry, it actually happened way back on July 5…
Engadget RSS Feed

Fitness app PumpUp left users’ personal data exposed on server

While it's not at the catastrophic level of MyFitnessPal's 150 million-user data breach , the company behind the workout app PumpUp left information for 6 million of its members exposed. The Amazon cloud-hosted back-end server holding the data didn't…
Engadget RSS Feed

Equifax breach may have exposed more data than first thought

The 2017 Equifax data breach was already extremely serious by itself, but there are hints it was somehow worse. CNN has learned that Equifax told the US Senate Banking Committee that more data may have been exposed than initially determined. The ha…
Engadget RSS Feed

Saks Fifth Avenue left customer data exposed to the public

Sometimes, hackers don't have to lift a finger to swipe valuable shopping data — it can be sitting right out in the open. BuzzFeed News has found that a number of associated major fashion stores, including Saks Fifth Avenue, Gilt and Lord & Tay…
Engadget RSS Feed