Black Hat Badge Attack Reveals Attendees' PII

In a brief blog post full of informative screenshots, a Colorado security researcher known as NinjaStyle details how easily he was able to figure out how to pull personal information belonging to attendees of this year's Black Hat security conference. His snooping reveals that personally identifiable information for every attendee of the conference could be gathered in as little as six hours from an API used in collating marketing data via scans of attendee's conference badges. NinjaStyle found that he could pull his ...

» Read more...


Uber Did (Another) Bad, Bad Thing

This week on Badly Handled Data Breach Theater, it's Uber in the hotseat. New CEO Dara Khosrowshahi, who seems to have inherited from Noted Dirtbag Travis Kalanick the business equivalent of a flaming used diaper, reveals (ta-da!) in a solemn blog post that personal information belonging to 57 million Uber customers was stolen in 2016 by "two individuals outside the company." Stolen data includes names, email addresses, and mobile phone numbers. Oh, and also: they knew this a year ago and never bothered to ...

» Read more...


Essentially Stupid: Essential Leaks Customer ID Data

In case you haven't heard, one of the dopiest screwups in tech history stumbled stupidly into the news yesterday. Andy Rubin's new hardware startup, Essential, has massively borked what should be a relatively simple order fulfillment process in shipping their new smartphone. What happened is just so unimaginably wrong in so many ways. There simply are not enough facepalm memes in the world to express the magnitude of imbecility on display in this debacle. Let's walk through what happened. Perhaps other companies ...

» Read more...