Researcher

Uncategorized

“Millions of Customer Records Breached Online: AT&T Sends Out New Passcodes”

AT&T resets account passcodes after millions of customer records leak online US telco giant takes action after 2019 data breachPhone giant AT&T is reseting customer account passcodes after a huge cache of data containing millions of customer records was dumped online earlier this month, TechCrunch has exclusively learned. A security researcher who analyzed the leaked data told TechCrunch that the encrypted account passcodes are easy to decipher. TechCrunch held the publication of this story until AT&T could begin reseting customer account passcodes. The leaked data includes AT&T customer names, home addresses, phone numbers, dates of birth and Social Security numbers. The researcher double-checked their findings by looking up records in the leaked data against AT&T account passcodes known only to them.

Ava Patel
March 30, 2024

Uncategorized

Critical Vulnerability on Indian State Government Website Leaks PII of Residents

An Indian state government has fixed security issues impacting its website that exposed the sensitive documents and personal information of millions of residents. The bugs existed on the Rajasthan government website related to Jan Aadhaar, a state program to provide a single identifier to families and individuals in the state to access welfare schemes. One of the bugs allowed anyone to access personal documents and information with knowledge of a registrant’s phone number. The state’s Jan Aadhaar portal, which launched in 2019, says it has more than 78 million individual registrants and 20 million families. The portal aims to offer “One Number, One Card, One Identity” to residents in the northern state of Rajasthan for accessing state government welfare schemes.

Max Chen
January 28, 2024

Security

“Finding the Silver Lining: How Cybersecurity Sparked Hope in 2023”

Bangladesh thanked a security researcher for citizen data leak discoveryWhen a security researcher found that a Bangladeshi government website was leaking the personal information of its citizens, clearly something was amiss. TechCrunch verified that the Bangladeshi government website was leaking data, but efforts to alert the government department were initially met with silence. The data was so sensitive, TechCrunch could not say which government department was leaking the data, as this might expose the data further. Florida’s Lee County took the heavy-handed (and self-owning) position of threatening the security researcher with Florida’s anti-hacking laws. Several state CISOs and officials responsible for court records systems across the U.S. saw the disclosure as an opportunity to inspect their own court record systems for vulnerabilities.