At a glance.
- New South Wales driver's licenses exposed in data breach.
- Paytm Mall sustains a data breach.
- Moroccan bank customer data exposed in what may be a third-party breach.
- Denmark investigates whistle-blower's claim that its Defence Intelligence Service had shared citizens' data with the US NSA.
New South Wales driver's licenses found exposed online.
Researcher Bob Diachenko tweeted that he'd found an exposed folder containing about fifty-thousand scans of driver's licenses issued by the Australian state of New South Wales. The folder was discovered in a misconfigured AWS S3 bucket. Who owned the bucket and collected the data is unclear. Transport for New South Wales told CarAdvice that the data didn't belong to them, nor did they belong to any other government agency. An investigation is in progress.
Paytm Mall sustains a data breach.
E-commerce platform Paytm Mall has sustained a data breach, LiveMint reports. Cyble Inc. attributes the attack to the "John Wick" criminal group. "A known cybercrime group with the alias ‘John Wick’ was able to upload a backdoor/Adminer on Paytm Mall application/website and was able to gain unrestricted access to their entire databases," Cyble's blog said. The attack was an extortion attempt. Paytm denied the report to LiveMint in the following statement:
"We would like to assure that all user as well as company data is completely safe and secure. We invest heavily in our data security, as you would expect. We have been investigating the claims of a possible hack and data breach, and haven't found any security lapses yet. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies,"
"John Wick," which sometimes postures as a grey hat operation, has been a particular thorn in the side of Indian tech companies. Cyble conjectures that this is so because "John Wick" has experienced some success in extorting payment from victims in the subcontinent.
Moroccan bank discloses customer account exposure in an apparent third-party breach.
Morocco’s CIH Bank disclosed Friday that an unspecified number of customer accounts had been accessed by unauthorized parties. Morocco World News reported that CIH Bank said that it's own systems did not appear to have been compromised, but rather that customer information had been exposed by compromises appearing on carding sites.
Denmark looks into allegations of citizens' data provided to NSA.
Reuters says that Danish authorities are investigating the country’s Defence Intelligence Service following allegations that the Service shared Danish citizens’ data with the US NSA. The Danish government has said little, beyond stating that its investigation represented follow-up to a whistleblower’s complaint.