Your daily round-up of some of the other stories in the news
There’s a hole in my AWS bucket
We’ve written about data breaches many times where the leak has come from improperly secured Amazon Web Services (AWS) buckets, with organisations hit ranging from Dow Jones and Verizon to the Democratic National Committee, and Amazon has since issued guidance to help its customers secure their instances.
So it’s not good news to see that yet another organisation, this time hotel booking service Groupize, has apparently allowed data to leak from its AWS bucket. According to researchers as reported by MacKeeper, the Boston-based company had stored data including full credit card details, contracts and agreements in an AWS repository that required neither logins nor passwords.
Groupize has denied that any sensitive details were leaked, and added that it was “grateful [Kromtech, the researchers] shed some light on a potential vulnerability on one of our S3 buckets on Amazon. We have taken immediate action to remedy the situation.”
If you’ve got data in an Amazon S3 bucket, now might be a good time to double-check that you’re not inadvertently sharing it with the world.
Healthcare provider data exposed in hack
And while we’re on the subject of data breaches, the UK’s beleaguered National Health Service (NHS) has apparently been the focus of an attack, with 11m records relating to 1.2m patients allegedly stolen.
A man claiming to be linked to Anonymous told The Sun that he had been able to access the database of a company called SwiftQueue, which provides an appointment-booking service to eight NHS trusts, the administrative units that manage hospitals and services in the regions.
The man told The Sun: “I think the public has the right to know how big companies like SwiftQueue handle sensitive data. They can’t even protect patient details.”
SwiftQueue said that its initial investigation had found that only 32,501 “lines of administrative data” – including patient names, emails, dates of birth and phone numbers – had been exposed. It added that the breach had been “fixed within three hours”.
HBO hackers threaten to release more GoT episodes
The group targeting HBO has been busy again, this time threatening to make the final two episodes of the current series of Game of Thrones available online.
The group that calls itself “Mr Smith” gave Mashable details of its latest data dump, which apparently also includes passwords to a number of HBO’s social media accounts. The group told Mashable that it has “access to many HBO platforms already”.
HBO said it’s not “in communication with the hacker and we’re not going to comment every time a new piece of information is released … the hacker may continue to drop bits and pieces of stolen information in an attempt to generate media attention. That’s a game we’re not going to participate in.”
It seems that that “stolen information” may well be those episodes of Game of Thrones. In its email to Mashable, “Mr Smith” added: “Be ready for GoT … as soon as possible.”
Catch up with all of today’s stories on Naked Security
Chris
I like how it’s “only 32,501 “lines of administrative data” – including patient names, emails, dates of birth and phone numbers – had been exposed.”
Oh that’s ok, it’s such a small number and it’s not like identity thieves can do any damage.