Database Security Digest – July 2018
Please take a look at the biggest database security incidents in June 2018.
Typeform
Typeform is a well-known software-as-a-service company located in Spain. The company helps to carry out online surveys by providing different online forms. However, the company suffered its database breach. All this resulted in the fact that all the information collected by Typeform customers got into hands of the unknown hackers who got access to a backup file dated May 3. This hacked database contained names, email addresses and all pieces of information sent by users using Typeform forms.
Typeform boasts about 30,000 paying customers among which are the UK-based mobile banking service Monzo who declared that they’re ending their relations with Typeform as the result of the incident. Other customers include or included such well-known companies as Apple, Uber, Facebook, Adobe, Airbnb, WeTransfer, BBC, Trello, HubSpot, Indiegogo, Forbes, and Freshdesk.
Although Typeform is saying they’re doing everything they can to address the source of this data breach the company’s image has been badly damaged.
Timehop Discloses a Data Breach Affecting 21 Million
In July 2018 the Timehop startup informed about a database breach that compromised the personal data of its entire userbase (that’s about 21 million users). Someone was able to access a database in Timehop’s cloud computing environment not protected by multifactor authentication. The stolen information may not seem terribly sensitive, but it makes so-called identity theft just a matter of time. At the moment the company is in the process of adopting two-factor identification across the board and encrypting its databases. Obviously, Timehop should have taken data security more seriously!
1.5 Million Patients Affected + one Prime Minister
In a recent series on attacks on health care providers around the world the Singapore’s largest healthcare group, SingHealth has fallen prey to the unknown hackers. The company database containing information on about 1.5 million patients has been copied. Even the medical records of the prime minister of Singapore were stolen. The following sensitive personal data has been stolen about each of the patients: name, National Registration Identity Card number, address, race and gender, birth date. The investigators say that the attack was carefully planned and carried out professionally. The cyber-attack started on a front-end workstation, after which the criminals took hold of a privileged account and later to the database itself.
This case shows that everyone, even prime ministers, and presidents are vulnerable to cybercrimes.
So, ladies and gentlemen, protect your personal information and databases!
Databases’ security updates
Oracle
https://nvd.nist.gov/vuln/detail/CVE-2018-3096https://nvd.nist.gov/vuln/detail/CVE-2018-3097
https://nvd.nist.gov/vuln/detail/CVE-2018-3098
https://nvd.nist.gov/vuln/detail/CVE-2018-3099
https://nvd.nist.gov/vuln/detail/CVE-2018-3100
https://nvd.nist.gov/vuln/detail/CVE-2018-3101
https://nvd.nist.gov/vuln/detail/CVE-2018-3102
https://nvd.nist.gov/vuln/detail/CVE-2018-3103
https://nvd.nist.gov/vuln/detail/CVE-2018-3104
MS SQL Server
https://nvd.nist.gov/vuln/detail/CVE-2018-12942PostgreSQL
https://nvd.nist.gov/vuln/detail/CVE-2018-5384https://nvd.nist.gov/vuln/detail/CVE-2017-15097
MySQL
https://nvd.nist.gov/vuln/detail/CVE-2018-3075https://nvd.nist.gov/vuln/detail/CVE-2018-3077
https://nvd.nist.gov/vuln/detail/CVE-2018-3078
https://nvd.nist.gov/vuln/detail/CVE-2018-3079
https://nvd.nist.gov/vuln/detail/CVE-2018-3080
https://nvd.nist.gov/vuln/detail/CVE-2018-3081
https://nvd.nist.gov/vuln/detail/CVE-2018-3082
https://nvd.nist.gov/vuln/detail/CVE-2018-3084
https://nvd.nist.gov/vuln/detail/CVE-2018-1999016
https://nvd.nist.gov/vuln/detail/CVE-2016-8647
IBM DB2
https://nvd.nist.gov/vuln/detail/CVE-2018-1566https://nvd.nist.gov/vuln/detail/CVE-2018-1487
https://nvd.nist.gov/vuln/detail/CVE-2018-1458
MongoDB
https://nvd.nist.gov/vuln/detail/CVE-2017-2665https://nvd.nist.gov/vuln/detail/CVE-2018-13863