Hacks of the Month—October 2019
Another month of who got hacked, consumer data left publicly accessible, and un-patched flaws to report on. For this month on the Hacks of the Month—October 2019, we listed a short recap and rundown on consumer data exposed by various companies. Read on for the latest security flaw and data breaches below.
American Express notifies its cardholder members on a security data breach made from within the company by an employee.
The company says “The individual no longer employed by them is now under criminal investigation.”
They are offering 2 years of free credit monitoring and providing additional helpful next steps information.
Here is the list of information breached:
- Full Name
- Physical and/or billing address
- Social Security numbers
- Birth Dates
- Credit Card Number
The virtual private network provider NordVPN confirms a hack was conducted on one of their servers. The hackers were able to gain access to a data center they are renting servers from in Finland and stole an expired internal private key that NordVPN was unaware of. The company states no other servers on their network have been affected. The hack was possible due to a remote management software installed on the server that NordVPN was unaware of.
Adobe Creative Cloud’s users data was breached on an unsecured database server. About 7.5 million email addresses were exposed. A security researcher found the exposed data breach and believes it might have been exposed for a week. The “misconfigured environment” was quickly patched the same-day on October 19th. No payment or passwords were detailed as being exposed, only the following information:
- Account creation date
- Adobe products used
- Subscription status
- Member IDs
- Time since the last login
- Payment Status
Web.com and two domain name providers it owns, NetworkSolutions.com and Register.com, confirmed they were victims of a data breach in August 2019. A third party gained unauthorized access to a limited number of computer systems. The company released a notice that account information may have been accessed, however, no credit card information or passwords were breached. Still, they encourage customers to change their passwords and monitor any suspicious credit card transactions.
The data breached was:
- Phone Numbers
- email addresses