2018-12-11: another one bites the dust

Dec 11, 2018 11:21:43 AM By Mark Miller 2018-12-11 another one bites the dust - Featured Image

It's getting harder and harder to keep track of who's been breached, where, and for how much data. This is a weekly roundup of current breaches, with links to stories highlighting the issues. I'll try to keep these weekly updates to a reasonable length, but that's getting harder, and harder, to do. Let's get started...

A New Google+ Blunder Exposed Data from 52.5 Million Users

Wired OnlineWired Online - On Monday, Google announced that an additional bug in a Google+ API, part of a November 7 software update, exposed user data from 52.5 million accounts. Or as Google puts it, "some users were impacted." The bug exposed Google+ profile data that a user hadn't made public—things like name, age, email address, and occupation—and some profile data shared privately between users that shouldn't have been accessible. 


Marriott: Data on 500 Million Guests Stolen in 4-Year Breach

Krebs on SecurityKrebs on Security - “For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences,” Marriott said in a statement released early Friday morning.



event-stream: Analysis of a Compromised npm Package

DevSecOps Days - 200 x 200DevSecOps Days - Once again, the pattern of taking over a known npm package and modifying it with malicious intent has happened. In this case, it's with the event-stream module in the npm repository. In this broadcast I speaker with Thomas Hunter, Software Developer at Intrinsic and author of "Compromised npm Package: event-stream", and Brian Fox, CTO of Sonatype, author of the Forbes "Open Source Developers And Infrastructure Are The New Front Line Of Security?" article.


GDPR: 8,000 Data Breach Reports Filed So Far in UK

Bank Info SecurityBank Info Security - The U.K.'s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in the number of data breach reports. That includes "more complaints from the public - from 9,000 to 19,000 in a comparable six-month period - complaints about subject access, data portability and data security."


additional resources

* This article is a copy of the "another one bites the dust" weekly update from DevSecOps Days. If you'd like to have these sent to your inbox every Tuesday, register below.