Twee T-shirts ‘n’ merch purveyor CafePress had 23 million user records swiped – reportedly back in February – and this morning triggered a mass password reset, calling it a change in internal policy. Details of the security breach emerged when infosec researcher Troy Hunt’s Have I Been Pwned service – which lists websites known to Read more about We’ve, um, changed our password policy, says CafePress amid reports of 23m pwned accounts[…]

Last week, online sneaker-trading platform StockX asked its users to reset their passwords due to “recently completed system updates on the StockX platform.” In actuality, the company suffered a large data breach back in May, and only finally came clean about it when pressed by reporters who had access to some of the leaked data. Read more about You Can’t Trust Companies to Tell the Truth About Data Breaches[…]

Trendy online-only Brit bank Monzo is telling hundreds of thousands of its customers to pick a new PIN – after it discovered it was storing their codes as plain-text in log files. As a result, 480,000 folks, a fifth of the bank’s customers, now have to go to a cash machine, and reset their PINs. Read more about Monzo online bank stored bank card codes in log files as plain text[…]

It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices. Specifically, the following two security holes, dubbed Qualpwn and found by Tencent’s Blade Team, can be leveraged one after the other to potentially take over a Read more about It’s 2019 – and you can completely pwn a Qualcomm-powered Android over the air[…]