Tag Archives: account

Hot new trading site leaked oodles of user data, including login tokens

Enlarge (credit: colddayforpontooning ) The past few days have showered plenty of favorable attention on a new trading platform called DX.Exchange , with glowing profiles by Bloomberg News and CNBC . The only problem is that the site, which allows people to trade currencies and digitized versions of Apple, Tesla, and other stocks, has been leaking oodles of account login credentials and personal user information. A few days ago, an online trader who heard about DX.Exchange decided to check out the site to see if it might be something he wanted to use. Besides assessing the robustness of the site’s features, he also wanted to make sure it had good security hygiene. After all, the site collects a fair amount of sensitive financial and legal information about its users, and this prospective customer wanted to make sure those details wouldn’t fall into the wrong hands. So he created a dummy account and began to poke around. To get better visibility, he turned on the developer tools inside the Chrome browser. Super easy to criminalize Almost immediately, the trader identified a major problem. When his browser sent DX.Exchange a request, it included an extremely long string of characters, called an authentication token, which is supposed to be a secret the site requires when a user accesses her account. For some unexplained reason, DX.Exchange was sending responses that, while valid, included all kinds of extraneous data. When the trader sifted through the mess, he found that the responses DX.Exchange was sending to his browser contained a wealth of sensitive data, including other users’ authentication tokens and password-reset links. Read 13 remaining paragraphs | Comments

Read More »

“Security researcher” dumps files of German chancellor, legislators, bloggers

Enlarge / A screenshot of the Twitter account of "_0rbit" before its suspension. Over the last week of December, files with personal data of hundreds of German politicians, bloggers, and celebrities was posted via links from the account. Over the past week, someone using the Twitter handle "_0rbit" and claiming to be a "security researcher" and "artist" published archive files appearing to containing personal data belonging to an array of German politicians. The apparent victims include Chancellor Angela Merkel, members of the Bundestag (Germany's parliamentary body) and the European Parliament, as well as regional and local officials. Today, a German government spokesperson acknowledged that at least some of the documents appear to be genuine, dating back to 2017. German deputy government spokesperson Martina Fietz told reporters that "personal data and documents belonging to hundreds of politicians and public figures were published on the Internet... the government is taking this incident very seriously." The data includes home addresses, mobile telephone numbers, letters, invoices, and copies of identity documents. While the Twitter account, Blogger page, and other websites associated with the breach have been taken down, dozens of mirror sites remain up and running. Fietz said that none of the data regarding Merkel reviewed thus far contained sensitive information—Merkel's data included copies of letters she had sent and received, two email addresses apparently tied to the Chancellor, and a fax number. Read 5 remaining paragraphs | Comments

Read More »

Blumenthal Nordrehaug Bhowmik De Blouw LLP File a Class Action Lawsuit…

The class action complaint alleges that the Cable Services company failed to pay proper overtime wages and did not provide the legally required off-duty meal and rest breaks to their Account Executive... (PRWeb November 19, 2018) Read the full story at https://www.prweb.com/releases/blumenthal_nordrehaug_bhowmik_de_blouw_llp_file_a_class_action_lawsuit_against_comcast_cable_communications_management_llc_for_allegedly_failing_to_pay_overtime/prweb15888712.htm

Read More »

DocASAP and Prevea Health to Co-Present at AMGA’s 2018 Institute for…

Dr. Ashok Rai, CEO and President of Prevea Health and Jordan Pisarcik, Vice President, Account Management at DocASAP, will host a session titled “Patient-centric Care: Closing Care Gaps through... (PRWeb November 14, 2018) Read the full story at https://www.prweb.com/releases/docasap_and_prevea_health_to_co_present_at_amgas_2018_institute_for_quality_leadership/prweb15914139.htm

Read More »