Latest news with #dataexposure
TechCrunch
6 days ago
- Business
- TechCrunch
Vanta bug exposed customers' data to other customers
Compliance company Vanta has confirmed that a bug exposed the private data of some of its customers to other Vanta customers. The company told TechCrunch that the data exposure was a result of a product code change and not caused by an intrusion. Vanta, which helps corporate customers automate their security and compliance processes, said it identified an issue on May 26 and that remediation will complete June 4. The incident resulted in 'a subset of data from fewer than 20% of our third-party integrations being exposed to other Vanta customers,' according to the statement attributed to Vanta's chief product officer Jeremy Epling. Epling said fewer than 4% of Vanta customers were affected, and have all been notified. Vanta has more than 10,000 customers, according to its website, suggesting the data exposure likely affects hundreds of Vanta customers. One customer affected by the incident told TechCrunch that Vanta had notified them of the data exposure. The customer said Vanta told them that 'employee account data was erroneously pulled into your Vanta instance, as well as out of your Vanta instance into other customers' instances.' The customer told TechCrunch that Vanta's notice said this type of data 'generally includes' information like employee names, roles, and information about configurations of some tools, such as the use of multi-factor authentication. When asked by TechCrunch, Vanta spokesperson Erin Cheng would not say what types of customers' data were involved during the incident or comment on whether Vanta employee data was exposed. Founded in 2018, Vanta has raised more than $350 million to date, including $150 million in its most recent Series C funding round in July 2024.
Yahoo
24-05-2025
- Business
- Yahoo
Naukri exposed recruiter email addresses, researcher says
a popular Indian employment website, has fixed a bug that exposed the email addresses of recruiters using its platform to search and hire talent online. The issue, discovered by security researcher Lohith Gowda, affected the API that Naukri used on its Android and iOS apps. The API exposed the email addresses of recruiters visiting profiles of potential candidates on Naukri's platform. The issue did not appear to affect the company's website. "The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam," Gowda told TechCrunch. He added that exposed email IDs could be added to public breach databases or spam lists, and mass email address scraping could lead to automated bot abuse or scams. TechCrunch verified the exposure after the researcher shared details about the bug. The researcher confirmed to TechCrunch that the issue was fixed earlier this week, which Naukri corroborated on Friday. "All identified enhancements are implemented, ensuring our systems remain updated and resilient," Alok Vij, IT infrastructure head at Naukri's parent company InfoEdge, told TechCrunch over email. "Our teams have not detected any usual activity that affects the integrity of user data." Founded in March 1997, is India's top classified recruitment website, helping connect recruiters, employers, and job seekers. Apart from India, the site exists in the Middle East as "Certain features of our recruiter profiles are designed to be public to enable users to know who has access to their profile(s). We conduct regular audits and security assessments," said Vij. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
24-05-2025
- Yahoo
Naukri exposed recruiter email addresses, researcher says
a popular Indian employment website, has fixed a bug that exposed the email addresses of recruiters using its platform to search and hire talent online. The issue, discovered by security researcher Lohith Gowda, affected the API that Naukri used on its Android and iOS apps. The API exposed the email addresses of recruiters visiting profiles of potential candidates on Naukri's platform. The issue did not appear to affect the company's website. "The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam," Gowda told TechCrunch. He added that exposed email IDs could be added to public breach databases or spam lists, and mass email address scraping could lead to automated bot abuse or scams. TechCrunch verified the exposure after the researcher shared details about the bug. The researcher confirmed to TechCrunch that the issue was fixed earlier this week, which Naukri corroborated on Friday. "All identified enhancements are implemented, ensuring our systems remain updated and resilient," Alok Vij, IT infrastructure head at Naukri's parent company InfoEdge, told TechCrunch over email. "Our teams have not detected any usual activity that affects the integrity of user data." Founded in March 1997, is India's top classified recruitment website, helping connect recruiters, employers, and job seekers. Apart from India, the site exists in the Middle East as "Certain features of our recruiter profiles are designed to be public to enable users to know who has access to their profile(s). We conduct regular audits and security assessments," said Vij.
TechCrunch
24-05-2025
- TechCrunch
Naukri exposed recruiter email addresses, researcher says
a popular Indian employment website, has fixed a bug that exposed the email addresses of recruiters using its platform to search and hire talent online. The issue, discovered by security researcher Lohith Gowda, affected the API that Naukri used on its Android and iOS apps. The API exposed the email addresses of recruiters visiting profiles of potential candidates on Naukri's platform. The issue did not appear to affect the company's website. 'The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam,' Gowda told TechCrunch. He added that exposed email IDs could be added to public breach databases or spam lists, and mass email address scraping could lead to automated bot abuse or scams. TechCrunch verified the exposure after the researcher shared details about the bug. The researcher confirmed to TechCrunch that the issue was fixed earlier this week, which Naukri corroborated on Friday. 'All identified enhancements are implemented, ensuring our systems remain updated and resilient,' Alok Vij, IT infrastructure head at Naukri's parent company InfoEdge, told TechCrunch over email. 'Our teams have not detected any usual activity that affects the integrity of user data.' Founded in March 1997, is India's top classified recruitment website, helping connect recruiters, employers, and job seekers. Apart from India, the site exists in the Middle East as 'Certain features of our recruiter profiles are designed to be public to enable users to know who has access to their profile(s). We conduct regular audits and security assessments,' said Vij.
CNA
14-05-2025
- Business
- CNA
Some Instarem users' account details revealed in other customers' app after 'technical incident'
SINGAPORE: The account details of some Instarem users were revealed on other customers' app on Tuesday (May 13) night, in what the cross-border payments company described as a 'technical incident'. In response to CNA's queries, Instarem said on Wednesday that it was aware that a 'limited number' of users had been affected by a 'technical incident'. 'Our team has taken immediate action to investigate the nature and scope of this incident, with our top priority being the security of our systems,' it added. Based in Singapore, Instarem allows its users to make international transfers to more than 60 countries and offers a multi-currency travel card called amaze. According to its LinkedIn profile, it is licensed to operate in Singapore, Australia, Malaysia, Hong Kong, Indonesia, Japan, India, Europe, the United Kingdom, the United States and Canada. Its website says it has more than 1 million customers. Two Instarem users told CNA that when they logged into their accounts on Tuesday night, they found details belonging to someone else instead. These included the user's email address, phone number and latest transactions on Instarem. Both users said they received emails from the platform about a 'technical issue' that occurred around 8.50pm. The company attributed the issue to an "unexpected bug" in its system, saying that some users may have "briefly seen partial user information" that is not from their account. According to the email, all systems were returned to normal operations in 30 minutes. Both users told CNA they first experienced the issue at around 9.30pm. In its email, Instarem said users' sensitive data, such as identification numbers, financial details or passwords, was not exposed or accessible. "Our security and engineering teams are conducting a full root cause analysis and implementing additional safeguards to prevent such incidents in the future," it added. "We deeply value the trust you place in us, and we take the responsibility of protecting your information extremely seriously. We apologise for any confusion or concern this may have caused." The Personal Data Protection Commission told CNA it is reaching out to Instarem for more information.
