Members of the Girl Scouts of Orange County were notified this week that their personal information may have been exposed Attack.Databreach to an unknown party who gained access Attack.Databreach to an organization email account last month , according to a letter sent to members . The organization sent the letter Tuesday to about 2,800 members who may have been affected by the data breach Attack.Databreach . Christina Salcido , vice president of mission operations , said members ’ names , birth dates , home addresses , insurance policy numbers and health history information could have been accessed Attack.Databreach from Sept 30 to Oct 1 . “ Out of an abundance of caution , we are notifying everyone whose email was in this email account , ” Salcido wrote in the letter . On the day the organization became aware of the breach , IT services changed the password and determined it was secure , Salcido wrote . The Girl Scouts of Orange County reviewed the account , eliminated all personal information it contained and notified the California attorney general ’ s office of the breach . Because the email account was used for the organization ’ s travel purposes , it contained information about members dating to 2014 . Salcido said the third party used the account to send messages , but she did not specify what type of messages were sent . Elizabeth Fairchild , spokeswoman for the Girl Scouts of Orange County , said staff members noticed Oct 1 that the email account had been used the day before “ to send out non-Girl Scout related emails. ” On Oct 1 , staff members sent an email to members telling them what happened , stating they had secured the account and advising them to not open any unusual emails from that account . “ The vast majority of information stored in the account was nonsensitive , ” Fairchild said . “ Fewer than 300 had sensitive information stored in the account. ” The Girl Scouts of Orange County provided contact information for the credit bureaus Equifax , Experian and TransUnion and suggested that members place fraud alerts on their accounts . If members have questions or concerns about the breach , they can call ( 800 ) 974-9444 or email customercare @ girlscoutsoc.org .

Investigators with Hold Security , a Wisconsin-based security consultancy , on Tuesday afternoon discovered an unsecure internal customer service portal for the company 's Argentinian operations . The national ID numbers for at least 14,000 Argentinians have been exposed Attack.Databreach , but the leak Attack.Databreach could potentially affect tens of thousands more people . The website held thousands of credit-related dispute records , faxes and national identity numbers for Argentinians who had filed complaints . It also stored the usernames and passwords in plaintext for about 100 of the company 's customer service representatives . The findings were first reported by cybersecurity blogger Brian Krebs , who notified Equifax . The website has now been shut down . The findings will put further pressure on Equifax , which has been criticized for its haphazard and slow response to a breach Attack.Databreach that exposed Attack.Databreach the personal details of 143 million U.S. consumers , as well as an as-yet-unspecified number of British and Canadian residents . Alex Holden , founder and CTO of Hold Security , tells Information Security Media Group that the Equifax website for Argentina `` could be exploited by a 3-year-old . '' He says he did n't use any advanced hacking techniques to uncover the breach . Holden - a veteran investigator credited with discovering the massive Adobe Systems and Target data breaches in 2013 - says he still found the Equifax findings `` completely unexpected and surprising . '' Equifax says it acted immediately to halt the leak , which is unrelated to the breach it announced Sept 7 , says Meredith Griffanti , the company 's spokeswoman for Latin America . The data was a `` limited amount of public information strictly related to consumers who contacted our customer service center and the employees who managed those interactions , '' she says . `` We have no evidence at this time that any consumers , customers , or information in our commercial and credit databases were negatively affected , and we will continue to test and improve all security measures in the region , '' Griffanti says .

HipChat has reset all its users ' passwords after what it called a security incident that may have exposed Attack.Databreach their names , email addresses and hashed password information . In some cases , attackers may have accessed Attack.Databreach messages and content in chat rooms , HipChat said in a Monday blog post . But this happened in no more than 0.05 percent of the cases , each of which involved a domain URL , such as company.hipchat.com . HipChat did n't say how many users may have been affected by the incident . The passwords that may have been exposed Attack.Databreach would also be difficult to crack , the company said . The data is hashed , or obscured , with the bcrypt algorithm , which transforms the passwords into a set of random-looking characters . For added security , HipChat `` salted '' each password with a random value before hashing it . HipChat warned that chat room data including the room name and topic may have also been exposed Attack.Databreach . But no financial or credit information was taken Attack.Databreach , the company said . HipChat is a popular messaging service used among enterprises , and an attack Attack.Databreach that exposed Attack.Databreach sensitive work-related chats could cause significant harm . The service , which is owned by Atlassian , said it detected the security incident last weekend . It affected Vulnerability-related.DiscoverVulnerability a server in the HipChat Cloud and was caused by a vulnerability in an unnamed , but popular , third-party library that HipChat.com used , the company said . No other Atlassian systems were affected , the company said . “ We are confident we have isolated the affected systems and closed any unauthorized access , ” HipChat said in its blog post . This is not the first time the messaging service has faced problems keeping accounts secure . In 2015 , HipChat reset user passwords after detecting and blocking suspicious activity in which account information was stolen Attack.Databreach from less than 2 percent of its users . When breaches occur , security experts advise users to change their passwords for any accounts where they used the same login information . Users can consider using a password manager to help them store complex , tough-to-memorize passwords . HipChat has already sent an email to affected users , informing them of the password reset . In 2015 , rival chat application Slack reported its own breach , and as a result rolled out two-factor authentication to beef up its account security . HipChat does not offer two-factor authentication .

A California auto loan company left the names , addresses , credit scores and partial Social Security numbers of up to 1 million people exposed Attack.Databreach on an insecure online database . The company behind the database is Alliance Direct Lending Corporation , according to Kromtech Security Research Center , which discovered the data earlier this week . It said the data was found on an unprotected Amazon server and that the data could have been exposed Attack.Databreach for up to two years . According to Alliance Direct Lending ’ s website , the company works with individuals and auto dealership partners to help car owners refinance existing auto loans . Data stored in the cloud was in clear text , according Diachenko . He said data also included several dozen recorded voice conversations with customers that disclosed full Social Security numbers of loan applicants . Sample data included the names of 114 car dealerships . According to Kromtech , it estimated between 550,000 to 1.1 million loan records from those dealers were exposed Attack.Databreach online . Dealers were located across the United States from California , Colorado , Florida and Massachusetts . Kromtech said it was unsure if additional third parties may have accessed Attack.Databreach the data . Privacy experts said the data in the hands of the wrong person would be a nightmare for victims . A criminal that knows the data comes from people who have refinanced their car loan and may have less than stellar credit , coupled with partial Social Security numbers , would be a dream come true . “ Things could go wrong on a variety of levels . The data could be used to phish additional data Attack.Phishing via email or phone scams . That ’ s not even mentioning the reputational damage to those in the database with bad credit scores , ” said Adam Levin , chairman and founder of CyberScout . The data found by Kromtech was on an Amazon ’ s AWS S3 server . AWS S3 is marketed as an easy-to-use web service that allows businesses to store and retrieve data at a moment ’ s notice . Data is stored in what Amazon calls buckets . “ The Kromtech Security Research Center has seen an increase in vulnerable AWS S3 buckets recently due to misconfigurations or public settings , ” Diachenko said . “ We have identified hundreds of misconfigured instances and we have been focused on helping to secure them as soon as we identify who the data belongs to. ” He said companies should consider Alliance Direct Lending ’ s example a sobering reminder that companies and individuals need to make sure their data is secure . For Diachenko , this is the latest in a string of insecure database he has helped uncover . In January , he was part of a research team that found 400,000 audio files associated with a Florida company ’ s telemarketing efforts were stored insecurely online . In February , Kromtech researchers found tens of thousands of sensitive documents insecurely stored online belonging to a print and marketing firm . Thousands of resumes and job applications from U.S. military veterans , law enforcement , and others were leaked Attack.Databreach by a recruiting vendor in an unsecured AWS S3 bucket .