Month: September 2020

US fitness chain Town Sports has suffered a data breach, where a server containing over a terabyte of spreadsheets representing internal company data, financial records and personal customer records.

The archive contained records of almost 588,000 members and staff. Exposed information includes names, addresses, phone numbers, email addresses, last four digits of credit cards, credit card expiration dates, and a member’s billing history.

The unprotected server was exposed for almost a year. The company secured the database the day after it was informed of the data leak.

Town Sports International Holdings is an operator of fitness centers in the Eastern United States, California and in Switzerland. Its brands include New York Sports Clubs, Boston Sports Clubs, Philadelphia Sports Clubs, Washington Sports Clubs, Lucille Roberts, TMPL Gym, and Total Woman Gym and Spa.

Read more about it here.

Giant office retail company Staples informed some of its customers of a data breach, related to their orders. The company sent a brief letter signed by its CEO Alexander ‘Sandy’ Douglas, describing the incident. The incident occurred around September 2, 2020, in included “non-sensitive customer order data”: names, addresses, email addresses, phone numbers, last four credit card digits, and details about the order (delivery, cost, product). Credential information or credit card information wasn’t exposed.

Data breach at @Staples pic.twitter.com/gvLndAJV2P

— Troy Hunt (@troyhunt) September 14, 2020

Although this breach is considered low impact, it may still cause serious damage to customers. Adversaries could use the information to launch phishing attacks.

Read more about it here.

Zoom announced it has implemented Two-Factor Authentication (2FA) to protect all user accounts against cyber attacks.

“Zoom’s enhanced Two-Factor Authentication (2FA) makes it easier for admins and organizations to protect their users and prevent security breaches right from our own platform.” reads the announcement published by Zoom.

“Zoom offers a range of authentication methods such as SAML, OAuth, and/or password-based authentication, which can be individually enabled or disabled for an account.”

In order to use 2FA, it needs to be enabled on the Zoom account. Sign into the Zoom Dashboard. Navigate to Advanced -> Security in the menu, and toggle the “Sign in with Two-Factor Authentication” option on. Then select to enable 2FA for one of the following options:

• All users in your account
• Users with specific roles
• Users belonging to specific groups

Read more about it here.