Unsecured databases continue to expose the personal and financial information of millions of consumers, leaving individuals at increased risk for identity theft, credit card fraud, and more. Research by Comparitech found the hackers prey on newly uploaded databases and can compromise it’s data within hours if it is not protected with a strong password.
Here are the recent data breaches that made headlines in November 2020:
November 3, 2020: Malware embedded in the online shopping platform of precious metals dealer, JM Bullion, captured the personal and banking card information of customers who made purchases between February and July 2020. Using the malicious code, hackers we able to collect an undisclosed number of customer names, addresses, and payment card details including account numbers, card expiration dates, and the security codes.
A database containing staff, users, and subscribers data of the online media company, Mashable.com, was leaked by hackers. The database contains an undisclosed number of names, email addresses, country, gender, job description, online behavior related details, date of registration, IP addresses, social media profile links, and authentication tokens.
Expedia, Hotels.com & Booking.com
An unsecured database belonging to the hotel reservation platform, Prestige Software, leaked sensitive data from over 10 million hotel guests worldwide, dating as far back as 2013. The third-party data leak affected guests that have booked reservations through travel companies such as Expedia, Hotels.com, Booking.com, Agoda, Amadeus, Hotelbeds, Omnibees, Sabre and more. The information exposed in the data leak includes names, email addresses, national ID numbers, phone numbers of hotel guests, and reservation details such as reservation number, dates of a stay, the price paid per night. The unsecured database also disclosed sensitive credit card details from over 100,000 guests, including card number, cardholder’s name, CVV, and expiration data, and total cost of hotel reservations.
Vertafore, an insurance software firm, fell victim to a data breach and exposed the personal and driver’s license data of over 27 million Texas citizens. The files accessed by an unauthorized party contained Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories.
An unsecured database belonging to the Christian faith app, Pray.com, exposed the personal information of over 10 million individuals – including users of the app and their contacts. The impacted information includes photos uploaded by the app’s users, names, home and email addresses, phone numbers, marital status, login information along with users’ phone contacts names, phone numbers, email, home and business addresses, company names and family ties.