Breach Brief – U.S. Government, TimeWarner Cable, Instagram,

Published On September 6, 2017 | By Tom Huskerson | Breach Briefs

U.S. Government

The personal information of thousands of U.S. citizens and employees holding security clearances up to Top Secret have been compromised.

The security breach was revealed by Chris Vickery Director of cyber risk research firm UpGuard.  Vickery found the information of over 9,000 job application files on an un-secure Amazon Web Services S3 storage server that required no password to access.

The data included details about the past duties and responsibilities of thousands of federal employees. It is unclear if these people continue to work for the government, the U.S. Department of Defense and other agencies in the U.S. intelligence community.

Even so the information is extremely sensitive including personal information such as social security numbers, driver’s license and passport numbers, home addresses and other contact details. A leak of this magnitude represents a significant security failure that comes after a major government Office of Personnel Management (OPM) data breach in 2015.

TigerSwan, a US-based private security firm has pointed the finger of blame at TalentPen, a third-party vendor contracted by the company to process new job applicants.

In a statement Tiger Swan said, “We learned that our former recruiting vendor TalentPen used a bucket site on Amazon Web Services for the transfer of resumes to our secure server but never deleted them after our login credentials expired. Since we did not control or have access to this site, we were not aware that these documents were still on the web, much less, were publicly facing.

Among the hundreds of exposed files UpGuard discovered were the resumes of people with Top Secret U.S. security clearances, other documents revealed details about Iraqi and Afghan nationals who cooperated with U.S. forces. Some of those exposed by this data breach were involved in highly classified military operations. To add insult to injury UpGuard stated that the highly sensitive information remained exposed even after it notified TigerSwan about the leak.

TimeWarner Cable

Spectrum Communications,  owner of TimeWarner Cable, announced a data breach affecting the records of 4 million former customers.  TimeWarner Cable (TWC) customer’s data were left unsecured on a cloud server last month. TWC and said there is no evidence of illegal activity on its former customer’s accounts. The company did however urge subscribers using the MyTWC app to change their user names and passwords as a precaution.

TimeWarner Cable provides cable television service to major metropolitan areas including New York, Boston, Chicago, St. Louis and major part of the Carolinas and throughout the country.

The breach was uncovered by a third party firm attempting to resolve a data breach at another company. According to reports, BroadSoft, a TWC partner and global communications provider may have accidentally configured an Amazon Web Services server to allow public access.

According to Bob Diachenko, chief communications officer at security vendor Kromtech, the error exposed over 600GB of sensitive data to the public internet.

“It is most likely that they were forgotten by engineers and never closed the public configuration. This would allow anyone with an Internet connection to access extremely sensitive documents,” he said.

Instagram

A hack originally intended to target celebrities has instead impacted over six million Instagram user accounts.
Instagram sent out warnings of the hack after singer, Selena Gomez, appeared to be one of the first celebrity compromised. Hackers used a bug in the application programming interface (API), to access phone numbers and email addresses.

The news of the hack came after Instagram assured it users on August 30th that only celebrity accounts were targeted.

Instagram CTO, Mike Krieger released a statement acknowledging the scale of the breach; “We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public.”

Originally Instagram stated that only a “low percentage” of accounts were affected but quickly back tracked when hackers refuted the information. Instagram, which is owned by Facebook, then advised users how to protect themselves from such an attack. “Additionally, we’re encouraging you to report any unusual activity through our reporting tools,” Instagram said.

Some reports indicate that one of the accounts compromised includes that of President Donald Trump. That account is operated by White House social media team.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.