Volkswagen, in a statement, said a data breach at a vendor has affected 3.3 mn customers and potential buyers in North America. Almost all of them were customers or potential buyers of Audi. The vendor had left sales and marketing information from 2014-19 in an e-file unsecured. Limited personal information about customers and potential buyers was exposed to hackers. VW will offer free credit protection services to the 90,000 customers affected by the leak.
Truecaller’s ‘Guardians’ app, launched on March 3, that allows users to share live location with guardians had a major vulnerability. The firm had fixed the issues within hours after it was pointed out by Bengaluru-based security researcher and founder of cybersecurity startup Pingsafe Anand Prakash. The ‘personal safety’ app also has an emergency button that notifies selected contacts with real-time location details at the tap of a button in case of a crisis.
A security flaw in the website of the West Bengal govt’s COVID-19 testing program exposed the personal data of millions who were tested. Sourajeet Majumder, a security researcher found that the link containing the patient’s unique test identification number could be easily converted using online tools as it was scrambled with base64 encoding. The ID was sequenced, allowing anyone to change it in the browser’s address bar to view another test result.
The Android version of SHAREit, downloaded more than one billion times, contains unpatched vulnerabilities that the app maker has failed to fix for more than three months. The bugs can be exploited to run malicious code on smartphones and hijack the app’s features to run custom code, overwrite its local files, or install third-party apps without the user’s knowledge as reported by Echo Duan, a mobile threats analyst for Trend Micro.
Pak-based hackers, identified as ‘TeamLeets’, while working with ISI in 2018, leaked data of 26 lakh Airtel users from J&K and tried to sell it for $3500 in Bitcoin, but failed hence, dumped it on the internet. This group has also hacked the Indian government websites. It is threatening to leak more Airtel data via a new Twitter handle, ‘Red Rabbit Teams’. It created another Twitter handle, ‘PANAMA-iii, leaking data belonging to the people from the Indian Army.
Data of over 2.5 mn Airtel subscribers were up for sale on a hacker group Red Rabbit Team’s website for about three months before it disappeared on Tuesday, cybersecurity researcher Rajshekhar Rajaharia said in a tweet. The website had details of Airtel customers names, DOB, phone numbers, addresses, and Aadhaar IDs and was up for sale for $3,500. “In this specific case, we confirm that there is no data breach at our end,” an Airtel spokesperson said.
Rajshekhar Rajaharia, an independent cybersecurity researcher, said that data of nearly 10 cr credit and debit card users of India was being sold on the Dark Web via cryptocurrency Bitcoin. The massive data, according to Rajaharia, has been leaked from a compromised server of payments gateway Juspay. The Bangaluru based firm said that no financial data were compromised during the Aug 2020 cyber-attack and the actual number was much lower than 10 cr.