All news with #pii tag

0ktapus Phishing Campaign Compromises 130+ Firms Worldwide

🔐 Researchers link a sprawling phishing campaign to the 0ktapus threat group, which spoofed Okta authentication pages and induced employees to submit credentials and MFA codes. The operation hit more than 130 organizations and led to 9,931 compromised accounts, with targeted activity against Twilio and Cloudflare staff. Group-IB reports 5,441 harvested MFA codes and urges URL vigilance, better password hygiene and adoption of FIDO2 security keys.

Twitter Whistleblower Alleges Major Security Failures

🔍 An 84-page whistleblower complaint from former Twitter head of security Peiter “Mudge” Zatko alleges systemic security and privacy failings at the company, including excessive staff access, unpatched servers, and potential foreign-agent infiltration. Zatko says these issues violate a 2010 FTC order and pose a national security risk. Twitter calls him a disgruntled ex-employee and says many issues are addressed. Congressional inquiries have already begun.

DSCC S3 Misconfiguration Exposes 6.2M Email Addresses

🔒 UpGuard researchers discovered an Amazon S3 bucket tied to the Democratic Senatorial Campaign Committee (DSCC) that publicly exposed about 6.2 million email addresses. The unprotected archive, EmailExcludeClinton.zip, contained a comma-separated .csv of addresses from major ISPs, universities, government and military domains and was last modified in 2010. UpGuard notified the DSCC on July 26, 2019, and the bucket was secured the same day. The incident highlights persistent operational risks in campaign data handling.

Open NAS Exposed Thousands' PII at Maryland JIA Systems

🔒 UpGuard discovered a publicly accessible network-attached storage (NAS) device belonging to the Maryland Joint Insurance Association (JIA), exposing backups and administrative files. The repository contained customer PII—including full Social Security numbers, birth dates, addresses, phone numbers, insurance policy identifiers, and check images showing full bank account numbers—alongside plaintext internal credentials and third-party access details. UpGuard notified JIA and the device was secured; the exposure highlights serious configuration and vendor-risk failures that can rapidly put vulnerable policyholders at risk.

Exposed S3 Bucket Leaked Thousands of TigerSwan Resumes

🔓 UpGuard discovered an Amazon S3 bucket publicly exposing 9,402 TigerSwan job applications and resumes, many containing sensitive personal details and hundreds of claims of Top Secret/SCI clearances. The repository, last updated in February 2017 and attributed by TigerSwan to a terminated recruiting vendor, included names, addresses, contacts, passport and partial Social Security numbers, and driver’s license data. UpGuard notified TigerSwan in July 2017; after follow-ups the files were secured on August 24, highlighting the risks of cloud misconfiguration and third-party vendor practices.