Cyber security news for all

More

    Chaos Computer Club discovered access to 5 million records

    Members of the Chaos Computer Club have discovered several vulnerabilities – a cloud system for catering establishments. According to the Chaos Computer Club, several million sensitive data records were visible in corona lists and reservations. Before the release, the CCC contacted the software company so that they could close the gaps.

    The security gap emerged after members of the Chaos Computer Club went to a joint restaurant after they were supposed to register themselves in a Corona list. The security promises had aroused the hackers suspicions.

    Personal data of visitors are mainly recorded for reservations and corona registrations. Here the CCC was able to gain access to a 5 million personal data records from over millions of reservations. The data available there went back almost ten years. The company confirmed a security gap in a blog entry on its website.

    Chaos Computer Club

    Among other things, reservations of the offices appeared in the data. When checking the software, the hackers noticed several vulnerabilities inside. A faulty check of the access rights enabled full administrative access to all data stored in the system to be obtained. Other errors in a programming interface enabled users to access sensitive data, even without special rights. For example, Restaurants were able to access the Corona data ,says the CCC.

    The Passwords Were Inadequately Protected

    They could be accessed using a simple query. Some of the passwords were available in plain text. For newer accounts, a modern hashing method was used. Nevertheless, over 30 percent of the passwords could have been recovered from their hashes in a sample. Trivial passwords like indicated the lack of an adequate password policy, for example with regard to minimum length and complexity. The CCC recommends setting up a separate e-mail address just for this purpose, even with paper based recording. For example, many free service providers allow incoming messages to be forwarded to the actual email address.

    Recent Articles

    Unclear cyber attacks that target Covid-19 vaccine campaign

    Security researchers have discovered some cyber attacks that are targeted against the delivery of vaccine against COVID. The targeted attacks began in 2 months...

    New malware called Egregor is on the rise

    New malware is on the rise. The Egregor malware has only been in active for 2 months, but it is already becoming apparent that...

    Anyone with a smartphone can become a victim of cyber-mobbing

    Cyber-mobbing is becoming a huge risk in the current COVID crisis. According to a study, almost 20 percent of students in Germany are exposed...

    macOS Trojans: Traces lead to Vietnam

    Security researchers have discovered a new macOS Trojans. Behind this could be a well known hacker group that has spied on Vietnamese dissidents in...

    Court forces Tutanota to perform a surveillance function

    Tutanota email only stores its user mails in encrypted form and cannot read them itself. Tutanota is one of the few email providers that...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox