Convenience store chain Wawa has disclosed a data breach that occurred from March 2019 to December 2019. Malware was detected and then removed from its payment processing servers by their information security team. Payment information, including credit and debit card numbers, expiration dates, and cardholder names were included in this breach. Wawa is offering one year of identity theft protection for affected cardholders.
Video camera maker Ring released a statement specifying that its customer accounts have not been compromised by hackers. A small number of Ring customers had Ring home video cameras accessed by third parties using login credentials that were previously made available in data breaches from other companies and websites. Ring recommended setting up two-factor authentication, not reusing passwords for multiple websites, and other security measures to its customers.
Microsoft has released updates to fix a security issue for Remote Desktop Services on Windows 10, 7, and 8.1, as well as Windows Server 2008 and 2012. Windows 10 Home and Windows 10 Pro computers will be updated automatically as part of the standard Windows Update process.
Intel released information regarding a new set of CPU vulnerabilities called Microarchitectural Data Sampling (MDS). A list of affected Intel products may be found here.
Updates are available from major technology companies for this issue, including:
Docker became aware that a single Docker Hub database was unsecured on April 25th 2019. The security issue was resolved and Docker is continuing to investigate this matter. An estimated 190,000 accounts may have been affected and those passwords were reset and user tokens and access keys were revoked.
Google issued a security notice on its Bluetooth Low Energy (BLE) Titan Security Keys and is offering a free replacement for affected keys. A new key may be requested at google.com/replacemykey.
Microsoft found a security vulnerability in Remote Desktop Services or Terminal Services for older versions of Windows and has released updates. This does not affect the Remote Desktop Protocol (RDP). The issue was logged as CVE-2019-0708.
Some of the more comprehensive lists of known data breaches include:
- USA Today list of largest data breaches and hacks
- CNN.com – biggest data breaches in history
- Bloomberg.com – worst corporate hacks list
- Wikipedia data breach list
- State of California data breaches list
Identity theft victims can receive advice from these websites:
Facebook released a notice in March 2019 stating several million user passwords were kept in a readable unencrypted format on their own internal servers. However, Facebook maintains that this data was never publicly available or misused and will notify individual users affected by this issue.
Security researcher Troy Hunt recently published his findings about a huge store of 773 million email accounts with some password information that had previously been stored at a location available to hackers.
To verify if a specific email address was included in his list of data breaches, enter it at Troy Hunt’s website haveibeenpwned.com. Passwords can be verified separately at haveibeenpwned.com/Passwords.