[WASC-WHID] WHID 2011-99: FTC settles data breach charges against Lookout Services

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Wed May 4 10:27:36 EDT 2011


WHID 2011-99: FTC settles data breach charges against Lookout Services

Entry Title: WHID 2011-99: FTC settles data breach charges against Lookout
Services
WHID ID: 2011-99
Date Occurred: October 1, 2009
Attack Method: Predictable Resource Location
Application Weakness: Insufficient Authorization
Outcome: Leakage of Information
Attacked Entity Field: Information Services
Attacked Entity Geography:
Incident Description: In October and December 2009, an employee of a Lookout
customer was able to gain access to the product's database by typing a URL
into a Web browser, the FTC said in its complaint. The intruder was able to
gain access to personal information, including Social Security numbers, of
about 37,000 consumers, the FTC said.
Mass Attack: No
Reference: 
http://news.idg.no/cw/art.cfm?id=2761F224-1A64-67EA-E41CDB96A756125A
Attack Source Geography:
Additional Link: 
http://ftc.gov/os/caselist/1023076/110503lookoutservicesanal.pdf


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110504/2d226164/attachment-0003.html>


More information about the wasc-whid mailing list