The third-party website exposed passports, selfies, and the location data of applicants who submitted their documents as part of the U.K. visa application process. Instead of fixing the issue, the website sent attorneys.
President Trump’s branded cell phone maker and cell provider said the exposure was linked to a third-party platform, and was evaluating whether it needs to notify customers.
Trump Mobile is leaking customers’ email and home addresses, but has not responded to people alerting the company of the data exposure, according to two YouTubers who said they verified that their leaked data is authentic.
The federal cybersecurity agency left plaintext passwords in a spreadsheet uploaded to a public GitHub repository, per a report by independent journalist Brian Krebs.
The tech company that maintains the hotel check-in system set its cloud storage to public, allowing anyone to access customers’ data without a password.
The bank said the security lapse was due to the use of an “unauthorized” AI software app.
An exposed Amazon-hosted server allowed anyone to access reams of customer data without needing a password.
A backend flaw in web admin dashboards used by one of India’s largest pharmacy chains, exposed thousands of online pharmacy orders.
The online mentoring site UStrive exposed email addresses, phone numbers, and other non-public information to other logged-in users. The nonprofit told TechCrunch that the issue is now fixed, but wouldn’t commit to alerting affected individuals.
The phishing campaign targeted users on WhatsApp, including an Iranian-British activist, and stole the credentials of a Lebanese cabinet minister and at least one journalist.