Panera Bread left millions of customer records exposed on the web

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

Add another big-name brand to the list of those who've left customer data exposed online. Thanks to security researcher Dylan Houlihan, KrebsOnSecurity has discovered that Panera Bread left millions of customer sign-up records (possibly 37 million) i…
Engadget RSS Feed
Cash For Apps: Make money with android app

Dating app Grindr exposed user HIV statuses to at least two third-parties

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND


A popular gay hookup app has come under fire for sharing highly-sensitive user details with third-party companies. Used by more than 3.6 million men daily, Grindr has been handing over its users’ HIV status to at least two other companies, according to a report by BuzzFeed News. The app, which aims to facilitate safe hookups in the gay community, gives users the option to display their HIV status — including their “last tested date” — on a public profile as a means of active disclosure. This information is then shared with two companies: Apptimize and Localytics. Both, as best we…

This story continues at The Next Web
The Next Web

Cash For Apps: Make money with android app

Security flaw in Grindr exposed locations to third-party service

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

Users of Grindr, the popular dating app for gay men, may have been broadcasting their location despite having disabled that particular feature. Two security flaws allowed for discovery of location data against a user’s will, though they take a bit of doing.

The first of the flaws, which were discovered by Trever Faden and reported first by NBC News, allowed users to see a variety of data not available normally: who had blocked them, deleted photos, locations of people who had chosen not to share that data and more.

The catch is that if you wanted to find out about this, you had to hand over your username and password to Faden’s purpose-built website, C*ckblocked (asterisk original), which would then scour your Grindr account for this hidden metadata.

Of course it’s a bad idea to surrender your credentials to any third party whatsoever, but regardless of that, this particular third party was able to find data that a user should not have access to in the first place.

The second flaw involved location data being sent unencrypted, meaning a traffic snooper might be able to detect it.

It may not sound too serious to have someone watching a Wi-Fi network know a person’s location — they’re there on the network, obviously, which narrows it down considerably. But users of a gay dating app are members of a minority often targeted by bigots and governments, and having their phone essentially send out a public signal saying “I’m here and I’m gay” without their knowledge is a serious problem.

I’ve asked Grindr for comment and confirmation; the company told NBC News that it had changed how data was handled in order to prevent the C*ckblocked exploit (the site has since been shut down), but did not address the second issue.

Mobile – TechCrunch

Cash For Apps: Make money with android app

Samsung Galaxy S9+ repair difficulty, camera aperture details exposed in teardown

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

Article Image

The similarity between the Samsung Galaxy S9+ and its predecessor are not limited to just the external design, as a teardown of the firm’s flagship smartphone reveals its internal construction bears more than a passing resemblance to the Galaxy S8, and is just as difficult to repair.
AppleInsider – Frontpage News

Cash For Apps: Make money with android app

T-Mobile website bug exposed customer logins to hackers, carrier says no accounts compromised

Cash For Apps: Make money with android app

In the words of a famous disc jockey: “Another one.” A young hacker-turned-security researcher in England found a critical vulnerability on T-Mobile’s website that basically left records of user logins exposed online for hackers to pillage. The bug was reported and patched in December, and T-Mobile says no customer information was compromised as a result of this flaw.

Kane Gamble, who pled guilty to trying to hack into the email accounts of senior U.S.

Read More

T-Mobile website bug exposed customer logins to hackers, carrier says no accounts compromised was written by the awesome team at Android Police.

Android Police – Android news, reviews, apps, games, phones, tablets

Failure of Pixel 2 exposed a larger problem: Google’s ads don’t work

Article Image

Across 2017, Google heavily promoted its Pixel phone brand. Despite being lauded as being "the world’s most valuable brand" and its status as the world’s largest purveyor of advertising, all of Google’s global efforts, including DoubleClick and YouTube, resulted in inconsequential Pixel sales. Worse than its failure to sell hardware is the fact that Google has proven that its advertising simply isn’t very effective.
AppleInsider – Frontpage News

FedEx left sensitive customer data exposed on unsecured server

It seems like there's no end to the data breach stories. Uber covered their problem up, then had to answer to Congress. Equifax's initial response to its massive data exposure added its own security issue. Federal employees were even found stealing d…
Engadget RSS Feed

Equifax breach may have exposed more data than first thought

The 2017 Equifax data breach was already extremely serious by itself, but there are hints it was somehow worse. CNN has learned that Equifax told the US Senate Banking Committee that more data may have been exposed than initially determined. The ha…
Engadget RSS Feed