Hacks of the Month —August 2019

security flaw

Hacks of the Month —August 2019

Another month of who got hacked, consumer data left publicly accessible, and unpatched flaws to report on. For this month, we listed a short recap and rundown on consumer data left exposed by various companies. Read on for the latest security flaw and data breaches for hacks of the month —August 2019.

Security Flaw

Windows Systems Security Flaw

Google security researcher discovers a 20-year-old unsecured vulnerability affecting all versions of Microsoft Windows (Windows XP – Windows 10).  The security flaw allows attackers to bypass User Interface Privilege Isolation (UIPI) allowing an unprivileged process to:

  • Read sensitive text from any window of other applications (including passwords from dialog boxes)
  • Gain SYSTEM privileges
  • Take control of the UAC consent dialog
  • And send commands to the administrator’s console session

Microsoft has patched the security flaw in its August Patch Tuesday update.

security flaw

Firefox Master Password Security Flaw

Mozilla Firefox has patched a flaw in it’s password manager. The “security glitch” allows for locally stored passwords which are accessed through “saved logins” to be copied without a master password, (A code CVE-2019-11733). These were accessible  by copying to the clipboard through the ‘copy password’ context menu item without first entering the master password. As a result allowing for potential theft of stored passwords.” 

Choice Hotels Data Exposed 

Choice Hotels has confirmed a data breach. About 700,000 guest records were stolen from an unsecured server. The company stated the exposed data was hosted on a third-party vendor’s server. Data exposed was publicly available without a password or any requirement for authentication. Exposed consumer data included:

  • Names
  • Physical & Email Address
  • Phone Numbers
  • Passwords
  • And payment Information

data breach

MoviePass Data Exposed

161 million records stored on Moviepass data servers suffer from a data breach. The exposed data was stored on an unsecured server, and publicly available without a password or need for authentication (this sounds familiar doesn’t it?).  As a result, MoviePass has taken the database offline. The exposed data included:

  • MoviePass Debit card numbers
  • Debit card balance
  • Personal credit cards
  • Billing Information (Names, Addresses)
  • Email Address
  • And Passwords

security flaw

Lenovo Security Flaw

Lenovo’s decommissioned Lenovo Solution Center is found to contain yet another security flaw. The software came pre-installed on millions of older Lenovo PCs. Security researchers at Pen Test Partners found the flaw can execute code on a targeted system and give Administrator or System-level privileges. All Lenovo laptops since 2011 have this program installed. As a result, we recommend uninstalling the program and migrate to Lenovo Vantage or Lenovo Diagnostics. Lenovo has instructions on how to uninstall the software here.

data breach

Hostinger Data Breach

Hostinger, a popular web, cloud, and virtual private server hosting provider, as well as a domain registrar, confirmed a data breach. The affected server has been accessed by an unauthorized third party. Consequently the unauthorized user had access to 14 million of Hostiner’s user data. The company said it secured the system, and identified the origin of the unauthorized access. The exposed data was made up of:

  • User names
  • Email Addresses
  • Hashed Passwords
  • First Names
  • IP Addresses

The the company reset the affected user passwords. They are also urging anyone impacted to cross check if their password is being re-used somewhere else. If so, to change them ASAP! Reusing passwords across other sites is a real problem nowadays. Don’t let your accounts get hacked and locked out, practice good password security and change them every 60 to 90 days.

About SmartFix

We are a family owned business that provides fast, warrantied repairs for all your mobile devices.

Brooklyn Area

2307 Beverley Rd Brooklyn, New York 11226 United States

1000 101-454555
support@smartfix.theme

Store Hours
Mon - Sun 09:00 - 18:00

San Francisco Area

358 Battery Street, 6rd Floor San Francisco, CA 27111

1001 101-454555
support@smartfix.theme

Store Hours
Mon - Sun 09:00 - 18:00