Showing all posts tagged with "Information leak". You can also see all tags.
The web page for shipment information contained personal data - and it was possible to iterate through the data.
Personal info like Social Security numbers and personal documents were available. While I mostly hail the City of Bergen's handling of this issue, here are also the details they didn't tell you.
A web shop left their backup of all shopping data and their site in a publicly available directory - indexed by Google.
A Christmas story on how to cheat in advent calendars and of course some personal information leaks.
Guest blog post by Hallvard Nygård (@hallny)
Personal - and in some cases sensitive - information about 63,000 students could be accessed. Here are the details that the newspaper article did not give.
Looking for an easy way to find out when the garbage was being picked up ended up in discovering a data leak affecting half a million people.
A newspaper published details about a newly discovered serious security vulnerability. Here are the details that the newspaper article did not give.
Thomas Cook Airlines was leaking passenger information about future og past flights. Information about tens of thousands - or maybe hundreds of thousands - of travels could be systematically downloaded.
The tool for the owner to track its pet became a tool for tracking all the pet owners themselves. The hunters became the hunted.
It was possible to do systematic account takeover for one of Norway's biggest parking companies.
Guest blog post by Hallvard Nygård
Information about as many as maybe 1.5 million past, current and future hotel stays were openly accessible on the Internet.
Information about thousands - theoretically maybe hundreds of thousands - of customers could be stolen.
This one my of my regrets. This is one of those cases I should have told the world about. But now it's such a long time ago that naming anyone won't do any good.
Let me spell out why you should care that I recently so easily found 13 security vulnerabilities.
No one can see what you are shopping online, right?
One of the biggest insurance companies in Norway leaked personal data and used 4.5 months to fix the issue.
Tens of thousands - possibly several hundred thousands - of kids can be tracked via their Gator and Caref watches.
A digital memory book and social platform for people with special needs was found to be open for anyone to read, change and delete its users' content.
Ever been logged in at ikea.com? Then there's a chance you don't surf very anonymously.
A company offering an online project and customer relationship management system had a very easy-to-spot SQL injection vulnerability for 10 years or more.
Is your gym telling on you? It sure was telling on me and my fellow members. Everything from contact info to pictures to bank account numbers to the time people enter the gym was leaking for a long, long time.
A campaign where you can upload your pictures is making a small version of them publicly available at a "impossible to guess" URL. It was possible to systematically retrieve all the images.
I'm sure you expect your bank accounts to be safe from prying eyes. For a while other customers knowing my bank account number could check my account balance.
One of the "digital mailbox" services used by more than 400 central and local Norwegian government agencies to send mail, was leaking IP addresses and full names.
Using only the plate number of a Norwegian car you can find the name, address, Social Security number, etc. of the owners.