It's getting harder and harder to keep track of who's been breached, where, and for how much data. This is a weekly roundup of current breaches, with links to stories highlighting the issues. I'll try to keep these weekly updates to a reasonable length, but that's getting harder, and harder, to do. Let's get started...
Wired Online - On Monday, Google announced that an additional bug in a Google+ API, part of a November 7 software update, exposed user data from 52.5 million accounts. Or as Google puts it, "some users were impacted." The bug exposed Google+ profile data that a user hadn't made public—things like name, age, email address, and occupation—and some profile data shared privately between users that shouldn't have been accessible.
Krebs on Security - “For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences,” Marriott said in a statement released early Friday morning.
DevSecOps Days - Once again, the pattern of taking over a known npm package and modifying it with malicious intent has happened. In this case, it's with the event-stream module in the npm repository. In this broadcast I speaker with Thomas Hunter, Software Developer at Intrinsic and author of "Compromised npm Package: event-stream", and Brian Fox, CTO of Sonatype, author of the Forbes "Open Source Developers And Infrastructure Are The New Front Line Of Security?" article.
Bank Info Security - The U.K.'s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in the number of data breach reports. That includes "more complaints from the public - from 9,000 to 19,000 in a comparable six-month period - complaints about subject access, data portability and data security."
* This article is a copy of the "another one bites the dust" weekly update from DevSecOps Days. If you'd like to have these sent to your inbox every Tuesday, register below.