Gumtree users' locations were visible by pressing F12
The UK online used goods bazaar Gumtree exposed its users’ home addresses in the source code of its webpages, and then tried to squirm out of a bug bounty after infosec bods alerted it...
Tagged: Users039
Over 1.5 Billion Facebook Users' Personal Data Found for Sale on Hacker Forum
Unrelated to other recent problems Facebook has had, this particular batch of data was scraped from profiles, meaning it’s publicly available knowledge. That doesn’t stop it from being dangerous. click here to read full...
Hackers Targeting Brazil's PIX Payment System to Drain Users' Bank Accounts
Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil’s instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account...
Apple's New iCloud Private Relay Service Leaks Users' Real IP Addresses
A new as-yet unpatched weakness in Apple’s iCloud Private Relay feature could be circumvented to leak users’ true IP addresses from iOS devices running the latest version of the operating system. Introduced with iOS...
Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers
A software package available from the official NPM repository has been revealed to be actually a front for a tool that’s designed to steal saved passwords from the Chrome web browser. The package in...
Android Apps with 5.8 million Installs Caught Stealing Users' Facebook Passwords
Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company’s Play Store after the apps were caught furtively stealing users’ Facebook login credentials. “The applications were fully functional,...
Misconfigured Cloud Database at DreamHost Exposes 800 Million WordPress Users' Records
The database contained admin and user information, including WordPress login URLs, names, email addresses, usernames, roles, host IP addresses, timestamps, and configuration and security information. click here to read full Article Read more on...
TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data
Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform....
Misconfigurations in 23 Android Apps Expose Over 100,000,000 Users' Personal Data
The findings come from a study of 23 Android apps on the Google Play Store, some of which garnered 10,000 to 10 million downloads, such as Astro Guru, iFax, Logo Maker, Screen Recorder, and...
23 Android Apps Expose Over 100,000,000 Users' Personal Data
Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors. “By not following best-practices when configuring and integrating third-party cloud-services into...
Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities
An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. “The entity attacking Tor...
Alert — There's A New Malware Out There Snatching Users' Passwords
A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed “Saint Bot,” the malware is said to have first appeared on...
533 Million Facebook Users' Phone Numbers and Personal Data Leaked Online
In what’s likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free—which was harvested by hackers...
Bug in Apple's Find My Feature Could've Exposed Users' Location Histories
Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple’s crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of...
Brave browser found to leak users' Tor dark web activity
An anonymous security researcher demonstrated that the browser was sending the queries for .onion addresses to public DNS resolvers for all to see, defeating the purpose of using the Tor mode. Click here for...
Yandex Employee Caught Selling Access to Users' Email Inboxes
Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who...