Dismiss this notice
Avast Premier Photo Caption - [Only registered and activated users can see links Click here to register]

Dismiss this notice
FastestVPN Accounts Giveaway - [Only registered and activated users can see links Click here to register]

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast Security News Roundup: Financial firm sued over breach, and more news of the we
[Image: TVDumYE.png]

A data breach victim slapped a class-action lawsuit on First American Financial for a data breach exposing 885 million files

On Monday, a First American Financial customer named David Gritz filed a class-action lawsuit against the real-estate title insurer for an alleged data breach exposing 885 million files. The breach was reported last week by cybersecurity researchers who claimed the files “were available without authentication to anyone with a web browser,” as reported by Bloomberg. Gritz’s lawyer claims that hundreds of millions of bank account numbers, Social Security numbers, and financial records were exposed because the company “failed to implement even rudimentary security measures.” The exorbitant volume of data includes files dating back to 2003. The lawsuit will play out in a U.S. District Court in Santa Ana, Calif., where First American is based.

“We deeply regret the concern this defect has caused,” commented First American CEO Dennis J. Gilmore in a statement posted to the company’s website. “We are thoroughly investigating this matter and are fully committed to protecting the security, privacy, and confidentiality of the information entrusted to us by our customers.” The company’s statement also implied that the exposed information had never been used for malicious intent, noting, “Though the ongoing investigation is in its early states, at this time there is no indication that any large-scale unauthorized access to sensitive customer information occurred.”

Apologies and addressing breaches are not enough, said Luis Corrons, a security evangelist at Avast. “It happens again and again – companies leaving data unprotected for everyone to see. Some major data leaks have happened because of this kind of negligence. Perhaps if it was punished by law with high fines, companies would be vigilant and better protect the data they are holding.”

Flipboard hacked

“An unauthorized person accessed and potentially obtained copies of certain databases containing Flipboard user information between June 2, 2018 and March 23, 2019 and April 21-22, 2019,” the content-sharing platform said on their site. The company discovered the hack on April 23, after its engineering team noticed suspicious activity related to certain databases. Flipboard then hired a third-party security firm to investigate.

Not all Flipboard databases were compromised, but the subset that was contained user names, hashed and “salted” (encrypted) passwords, email addresses, and digital tokens linking third-party accounts with a user’s Flipboard account. Flipboard does not collect financial info, credit card numbers, bank account numbers, or Social Security numbers. In its notice to the public, the company states that while there is no evidence that “the unauthorized person accessed third-party account(s),” all digital tokens have been either deleted or replaced as a precaution. All users’ passwords have been reset as well, so any user who is logged off and tries to log back in will be prompted to create a new password. The company states, “we implemented enhanced security measures and continue to look for additional ways to strengthen the security of our systems. We also notified law enforcement.”

This week’s stat

Last year the online gaming industry produced an estimated revenue of $135 billion, a 10.9% increase over 2017.

Phishing scam poses as Microsoft Office 365

A new phishing scam hitting inboxes pretends to be an alert from Office 365 informing users that their accounts have had unusual amounts of file deletions, reports BleepingComputer. The malicious email encourages the user to click on a VIEW ALERT DETAILS button, which then takes the user to a phony Office 365 login page. When the user enters his or her credentials, that login information is sent to a domain controlled by the attacker, while the user is then redirected to the official Office 365 page and asked to log in again.

Savvy users might notice that the phony Office 365 login page is hosted on an Azure site, which is a telltale sign that something is off. Microsoft and Outlook login pages will only be found on microsoft.com, live.com, microsoftonline.com, and outlook.com.

The incident is a good reminder to never click a link within an unvalidated email. Instead, close the email, open a new browser window, and then log in to the account in question — through the “front door.” More often than not, users will then learn that there is really nothing amiss regarding their account. Read more on how to defend yourself from email fraud.
[Only registered and activated users can see links Click here to register]

Forum Jump:

Users browsing this thread: 1 Guest(s)
You have to register before you can post on our site.



Recent Posts
GFYI [Official] FastestVPN Accounts Giv...
"WHY do you wan...kubik67 — 11:44
Adobe Acrobat Reader DC 2019.012.20036 /...
Adobe Acrobat Read...harlan4096 — 08:55
Lenovo High-Severity Bug Found in Pre-In...
Another flaw has b...silversurfer — 07:35
Spyware App on Google Play Gets Boot, Re...
A music-streaming ...silversurfer — 07:30
Instagram Phishing Emails Use Fake Login...
Instagram users ar...silversurfer — 07:25

Today's Birthdays
avatar (41)Susanskymn
avatar (35)stepaRurry
Upcoming Birthdays
avatar (33)emogig
avatar (35)Isabelle88Nes
avatar (35)ferpuMip
avatar (32)kinotExaro
avatar (44)HerbertPab
avatar (33)JasonSoult

Online Staff
harlan4096's profile harlan4096