FAANGs failing on keeping user data safe from bug hunters

12 August 2022

Dylan Ayrey, a bug hunter and CEO of Truffle Security, discovered a big data company credential dump containing personal information belonging to about 50,000 of its users, and still hasn’t fixed it. This happened while he was researching cross-site scripting (XXS) vulnerabilities, and through the disclosure and reporting process, this data passed through several third-party systems.The bug bounty platform, XXS Hunter and Gmail, among them, not to mention his own hard drive and backups. Turns out the FAANG (Facebook, Amazon, Apple, Netflix and Google in the pre-Alphabet days) biz never disclosed the dump, and Ayrey and the third parties still have access to the sensitive data.

Read full article on The Register

Date:

12 August 2022

Categorie(s):

NEWS

Tag(s):

IT, News

Analyze Malicious Powershell Scripts by Running Malware in ANY.RUN Sandbox25 April 2024
Apple reportedly cuts Vision Pro production due to low demand25 April 2024
Action needed amid escalating ransomware attacks, record-high payments25 April 2024
Ransomware triggers cyberinsurance claims increase25 April 2024
SSH Backdoor from Compromised XZ Utils Library25 April 2024