Cyber Hacks of the month IT Security
image of data breach and coding

Hacks of the Month—December

These are the hacks and attacks that happened last month. A short recap and rundown of what you might have missed in regards to consumer personal data exposed. Hacks of the Month —December!

December Timeline:

Week 1 (Dec. 1 – 8):

elasticserachElasticSearch server 

On November 14 through November 20th, the search engine, Shodan, Elasticsearch servers exposed 57 million US citizens data. This includes full name, employer, job title, email address, ZIP code, phone number, and IP address.


iPhone users Touch ID Scam ios touch id

iOS apps, Fitness Balance and Calories Tracker fingerprint access users are approving payments of over US $100. To view your track history, it prompts to scan your fingerprint. Once you scan your fingerprint, in a flash of a second an in-app purchase popups, charging users $90 and above.

dell Hacks of the Month—DecemberDell Security Breach

Account information from sites and was under attack. It was possible that names, emails, and hashed passwords were removed. Dell reset passwords of customers’ accounts on their website. In their press release they mention credit card information was not targeted nor any Dell products or services.

tablet webpage_q100M Quora users personal data exposed

On December 3rd, 100 million Quora users were notified by email that their user data was compromised. The breach includes names, email addresses, encrypted passwords, data imported from linked networks, downvotes and direct messages. The firm also offered to send users an archive of their content and personal data within 72 hours of receiving a request to do so.

ca.flowers1-800-Flowers purchasers were exposed over four year period

1-800-flowers payment data breached on its Canadian website. The impacted data consisted of first and last name, payment card number, expiration date and card security code. A malware scrapping credit cards between August 15, 2014 to September 15, 2018.


Week 2 (Dec 9 – 15):

log-in-pageFacebook API Bug

Facebook’s latest bad press -announced new API bug in its photo-sharing system. It gave 1,500 third-party apps access to unposted Facebook photos of 6.8 million users. Left exposed for 12 days, between September 13th and September 25th.

g+ dead


Google Plus API bug

The second breach on Google plus was related to it’s APIs which allowed developers to access user’s private profiles.


Week 3 (Dec 16 – 22):

Caribou Bagels & Coffee Shops stores breachedstores_front

The company, Coffee and Bagels said, “Only Caribou Coffee and Bruegger’s Bagels stores point-of sale (POS) systems were breached.” Hackers gained unauthorized access to steal customer’s payment cards—name, card number, expiration date and card security code. Store goers who visited company owned Caribou locations between Aug. 28 and Dec. 3 of this year could be potentially impacted.


Josue Nolasco

I'm a former US Marine infantryman who made a switch to IT to provide cyber security services to SMB's. I'm as much a child of technology as I am of the great outdoors. I like spending time playing, experimenting with, and learning new technologies and whenever possible taking camping trips with friends and family.

toto togel TOGEL togel4d akitoto situstoto Akitoto situstoto Situstoto TOGEL situs toto togel situstoto toto togel