Hack Notice

Hack Notice: Misconfigured firewall resulted in LogBox data exposure and conflicting claims

Misconfigured firewall resulted in LogBox data exposure and conflicting claims

Source
https://www.databreaches.net/misconfigured-firewall-resulted-in-logbox-data-exposure-and-conflicting-claims/
Description
Earlier this week, Jake Bright of TechCrunch reported that certificate researcher Anurag Sen had found an exposed database belonging to LogBox, a southward African medical data app that allows patients to apportion info with their doctors more easily. According to TechCrunch’s report, the researcher had found an exposed database containing account access tokens for “thousands of LogBox users, which if used would grant full access to users accounts without requiring their password, Sen said.” Sen reportedly reached out to LogBox to responsibly disclose his findings, but they did not reply to him and would not resolve any of TechCrunch’s questions. It’s unfortunate that they did not respond to Sen’s responsible disclosure, as i think they missed an opportunity to find out if there was anything else he could recount them that might assist them. DataBreaches.net reached out to both the researcher and to LogBox to inquire more about the extent and sensitivity of any patient data. Sen responded to this site’s enquiry by stating that the tokens provided access to medical procedures of patients, prescriptions, and personal information. LogBox provided a very different answer, however. According to their spokesperson, the vulnerability, which was in the network firewall and not the application itself, first occurred in November, 2019 and affected only a survey spring introduced as portion of a new feature in late 2019. “Based on our forensic work to date, a maximum of 25,000 survey forms, predominantly relating to pilot or test data, were potentially exposed,” the spokesperson informed DataBreaches.net. “The open port enabled access to a separate and external database of traffic logs that were being used for usage-monitoring and technical sustenance purposes.” When asked to confirm whether any real patient data was accessible via the survey forms, the spokesperson responded: Yes. That said, please line that the data that was lost constituted network tokens, which could theoretically have been used to access the survey form for the 3 users, and only that survey forms contents. There is however, no evidence based on the forensic examination thus far, that the tokens were actually used to access the forms. Our panorama at present is accordingly that no actual patient data at all, was exposed. Rather, it was network traffic-related data. The firm says it is committed to ensuring that this incident, or something similar, does not recur, writing that they believe that the added security-related measures they have already taken, coupled with reinforcement from external specialists, should ensure that LogBox is safe to use. Quite aside from any other consideration, LogBox has proven to be a remarkably potent tool in improving clinical case collaboration, where multiple medical specialists are involved, treating gravely ill patients. We are committed to ensuring that it is not derailed by this incident, and the unfortunate manner in which it was reported by TechCrunch. That LogBox has developed a good reputation seems undeniable, and the site notes that it is “Approved by the Colleges of medicine South Africa.” But was TechCrunch’s reporting “unfortunate” in the sentiency of “inaccurate?” And is LogBox’s explanation consistent with the researcher’s findings? When contacted for a reception to LogBox’s claims, TechCrunch stated it is standing by its reporting. as part of this site’s attempt to resolve the conflicting claims by Sen and LogBox, DataBreaches.net obtained more information. To cut to the chase: that information provides reinforcement for TechCrunch’s reporting. More importantly, it is inconsistent with LogBox’s description of what was accessible. None of the limited data obtained by DataBreaches.net has anything to do with any survey forms. To the contrary, the data appears to be from the startup’s academic platform and perhaps one other platform. In addition to that conflicting data, DataBreaches.net also obtained evidence of a ransom note that was allegedly left on LogBox’s server. The following is the text of that ransom note, redacted by DataBreaches.net: The likelihood that data were actually exfiltrated or copied is slim to none (and more likely to be “none”). But if this ransom line was on that server, it seems top that at least ace crook entity — likely an automatic script — accessed LogBox’s database. This particular ransom note had been noted in other reports backrest in May – June, 2019, with earlier detections of “howtogetmydataback” noted in the wild in September, 2018. That said, it is not clear when this alleged snipe on LogBox occurred, or why it remained on their server. All told, it is important to recollect that what happened here demonstrated a vulnerability and not an actual data breach. And we all cognize how many misconfigured databases we’ve seen in the past 3+ years. But it is unfortunate that the startup did not take advantage of a whitehat researcher who tried to responsibly share with them what he had found. i would encourage LogBox to hit out to him to consider if he would still live willing to apportion his findings and recommendations with them so that they can live confident that they have fully addressed any vulnerabilities he may have found.

About HackNotice and Misconfigured firewall resulted in LogBox data exposure and conflicting claims

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and Misconfigured firewall resulted in LogBox data exposure and conflicting claims was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of Misconfigured firewall resulted in LogBox data exposure and conflicting claims their products, services, websites, or applications and you were a client of HackNotice, monitoring for Misconfigured firewall resulted in LogBox data exposure and conflicting claims you may have been alerted to this report about Misconfigured firewall resulted in LogBox data exposure and conflicting claims . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If Misconfigured firewall resulted in LogBox data exposure and conflicting claims had a transgress of consumer data or a data leak, then there may be additional actions that our clients should take to protect their digital identity. Data breaches, hacks, and leaks often lead to and reason identity theft, account take overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, password reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer information through data leaks, as the direct result of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice works to monitor for hacks that leading to lower client surety and digital identities that have been exposed and should be considered vulnerable to attack. HackNotice works with clients to identify the extent that digital identities have been exposed and provides remediation suggestions for how to handle each type of exposure.

HackNotice monitors the hacker community, which is a network of individuals that part data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account take overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that hurt consumers. HackNotice applies industry specific knowledge and advanced certificate practices to monitor for trends that indicate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to portion cut notices with their friend, family, and collogues to assist growth awareness around alleged hacks, breaches, or data leaks. HackNotice works to supply clients with sharable reports to assist increase the security of our clients personal network. The security of the people that our clients interact with directly impacts the rase of security of our clients. Increased exposure to accounts that have been taken over by hackers leads to further account take overs through phishing, malware, and other attach techniques.

If you found this hack note to be helpful, then you may be interested in reading some additional drudge notices such as:

tected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorLoss of corporate information such as swap secrets, sensitive corporate information, and details ofdental or unlawful destruction, loss, alteration, unauthorized revelation of, or access to protected

Misconfigured firewall resulted in LogBox data exposure and conflicting claims

Education Dept. left Social Security numbers of thousands of borrowers exposed for months - The Washington Post

Business giant Xerox allegedly suffers Maze Ransomware attack - BleepingComputer