Welcome back to ‘This Week in Getting Hacked’—the world’s greatest cybersecurity-related link dump! Each week, we bring you the best news stories from the cybersecurity field, letting you know who’s getting hacked, who’s hacking, what data is leaking, and about what you should take with caution. So strap in, change your password, and let’s find out who’s getting hacked this week!
On to the links…
Popular music festival Coachella alerted attendees that their data had been stolen, although no financial information was hacked.
Thousands of women in sun dresses and flower crowns were alerted in an email that everyone who bought tickets through their website—a requirement to purchase tickets (so, everyone)—was compromised. AEG, the company behind Coachella said:
“We recently discovered that unauthorized third parties illegally gained access to the usernames, first and last names, shipping addresses, email addresses, phone numbers and dates of birth individuals provided to Coachella.”
In case you needed more assurance that the Internet of Things is more unsecure than an open window, a “connected” teddy bear that was able to record messages to share between loved ones living far away and their children has been breached, leaving millions of personal messages and account details exposed for anyone to take.
Spiral Toys, makers of the CloudPets line of internet-connected plush toys, stored its customer data on a database that was neither behind a firewall or protected by a password.
The data included hundreds of thousands of passwords and emails that were easily cracked. The software on the toys was also able to be overcome and turned into a spying machine. So you know, don’t buy connected anything.
New York’s Stewart International Airport left its servers filled with 760 GB of data unprotected for over a year.
Surprise! Surprise! Yahoo got breached again—this time to the tune of 32 million accounts. There might as well be a sign on all their user data that says, “Take this, please.”
The Foreign Intelligence Surveillance Act, or FISA, was first revealed when Edward Snowden disclosed the NSA’s secret surveillance programs in 2013. FISA allows for broad, sweeping, and intrusive surveillance of emails and other electronic communications, and two provisions laid out in Section 702—Upstream and Prism—allow for gathering of Web traffic data, and messaging data from tech giants, respectively.
Those two provisions have faced criticisms on both sides of the aisle, with many in Congress calling for reforms for surveillance on American citizens. However, the White House has recently come out stating that they are for the renewal of the law without any revisions or reforms, citing that it’s important for national security.
That’s it for this week! Stay safe out there!