Daily Archives: May 12, 2024

US Patent and Trademark Office confirms another leak of filers’ address data

Posted on by

The federal government agency responsible for granting patents and trademarks is alerting thousands of filers whose private addresses were exposed following a second data spill in as many years.

The U.S. Patent and Trademark Office (USPTO) said in an email to affected trademark applicants this week that their private domicile address — which can include their home address — appeared in public records between August 23, 2023 and April 19, 2024.

U.S. trademark law requires that applicants include a private address when filing their paperwork with the agency to prevent fraudulent trademark filings.

USPTO said that while no addresses appeared in regular searches on the agency’s website, about 14,000 applicants’ private addresses were included in bulk datasets that USPTO publishes online to aid academic and economic research.

The agency took blame for the incident, saying the addresses were “inadvertently exposed as we transitioned to a new IT system,” according to the email to affected applicants, which TechCrunch obtained. “Importantly, this incident was not the result of malicious activity,” the email said.

Upon discovery of the security lapse, the agency said it “blocked access to the impacted bulk data set, removed files, implemented a patch to fix the exposure, tested our solution, and re-enabled access.”

If this sounds remarkably familiar, USPTO had a similar exposure of applicants’ address data last June. At the time, USPTO said it inadvertently exposed about 61,000 applicants’ private addresses in a years-long data spill in part through the release of its bulk datasets, and told affected individuals that the issue was fixed.

[…]

Source: US Patent and Trademark Office confirms another leak of filers’ address data | TechCrunch

Dell customer order database stolen, 49m records for sale on dark web

Posted on by

Dell has confirmed information about its customers and their orders has been stolen from one of its portals. Though the thief claimed to have swiped 49 million records, which are now up for sale on the dark web, the IT giant declined to say how many people may be affected.

According to the US computer maker, the stolen data includes people’s names, addresses, and details about their Dell equipment, but does not include sensitive stuff like payment info. Still, its portal was compromosed.

“We recently identified an incident involving a Dell portal with access to a database containing limited types of customer information including name, physical address and certain Dell hardware and order information,” a Dell spokesperson told The Register today.

“It did not include financial or payment information, email address, telephone number or any highly sensitive customer data.”

A report at the end of last month from the aptly named Daily Dark Web suggested as many as 49 million Dell customers may have had some of their account information taken. The data is said to cover purchases made between 2017 and 2024.

Judging from a screenshot of a sample of the stolen info, the Dell database now up for sale on a cyber-crime forum includes the following columns: service tag, items, date, country, warranty, organization name, address, city, province, postal code, customer code, and order number.

[…]

Source: Dell customer order database stolen, for sale on dark web • The Register

Apparently Dell doesn’t think knowing your name coupled to your address and how much expensive stuff you bought from them constitutes a risk though, so you’re allright. But not really.

Google Cloud accidentally deletes UniSuper’s online account with 620k customers due to ‘unprecedented misconfiguration’

Posted on by

More than half a million UniSuper fund members went a week with no access to their superannuation accounts after a “one-of-a-kind” Google Cloud “misconfiguration” led to the financial services provider’s private cloud account being deleted, Google and UniSuper have revealed.

Services began being restored for UniSuper customers on Thursday, more than a week after the system went offline. Investment account balances would reflect last week’s figures and UniSuper said those would be updated as quickly as possible.

The UniSuper CEO, Peter Chun, wrote to the fund’s 620,000 members on Wednesday night, explaining the outage was not the result of a cyber-attack, and no personal data had been exposed as a result of the outage. Chun pinpointed Google’s cloud service as the issue.

In an extraordinary joint statement from Chun and the global CEO for Google Cloud, Thomas Kurian, the pair apologised to members for the outage, and said it had been “extremely frustrating and disappointing”.

They said the outage was caused by a misconfiguration that resulted in UniSuper’s cloud account being deleted, something that had never happened to Google Cloud before.

“Google Cloud CEO, Thomas Kurian has confirmed that the disruption arose from an unprecedented sequence of events whereby an inadvertent misconfiguration during provisioning of UniSuper’s Private Cloud services ultimately resulted in the deletion of UniSuper’s Private Cloud subscription,” the pair said.

“This is an isolated, ‘one-of-a-kind occurrence’ that has never before occurred with any of Google Cloud’s clients globally. This should not have happened. Google Cloud has identified the events that led to this disruption and taken measures to ensure this does not happen again.”

While UniSuper normally has duplication in place in two geographies, to ensure that if one service goes down or is lost then it can be easily restored, because the fund’s cloud subscription was deleted, it caused the deletion across both geographies.

UniSuper was able to eventually restore services because the fund had backups in place with another provider.

“These backups have minimised data loss, and significantly improved the ability of UniSuper and Google Cloud to complete the restoration,” the pair said.

[…]

Source: Google Cloud accidentally deletes UniSuper’s online account due to ‘unprecedented misconfiguration’ | Superannuation | The Guardian

Sonos releases new but hugely broken, incomplete app causing shitstorm

Posted on by

Sonos launched a new version of its app this week, altering the software experience that tens of millions of users rely on to control the company’s premium home wireless home speaker systems.

Turns out, people really hate it! The response from users on Reddit, on audio forums, and on social media has been almost total condemnation since the app experience switched over on May 7. Users on the dedicated r/sonos subreddit are particularly peeved about it, expressing frustration at all manner of problems. The quickest way to see the scores of complaints is to visit the megathread the users in the community started to catalog all the problems they’re experiencing.

Sonos app
Courtesy of Sonos

Many features that had long been a part of the Sonos app are simply missing in the update. Features such as the ability to set sleep timers and alarms, set the speakers at a precise volume level, add songs to the end of a queue, manage Wi-Fi connectivity, and add new speakers are missing or broken, according to the complaints. Users are also reporting that the revamped search engine in the app often can’t search a connected local library running on a networked computer or a network-attached storage drive—they way many of Sonos’ most loyal users listen to their large private music libraries. Some streaming services are partially or completely broken for some users too, like TuneIn and LivePhish+.

Worse, the new app is not as accessible as the previous version, with one Reddit user calling it “an accessibility disaster.” The user, Rude-kangaroo6608, writes: “As a blind guy, I now have a system that I can hardly use.”

Source: Many People Do Not Like the New Sonos App

Also, they got rid of the next and previous buttons and you can’t scrob through the song in the small player. You can’t add all files in a directory in your Library at once to the Sonos playlist – you have to add them one by one. The shuffle is gone. You can’t re-arrange queues. The system loses speakers randomly. So basically, you can’t really use the app to play music with.

Tuesday May 14th there will be an Ask Me Anything (AMA) – I would feel sorry for the Sonos people taking the questions, but don’t because they caused this fiasco in the first place. It certainly is “courageous” (ie stupid) to release an incomplete and broken app on top over expensive hardware.