Latest news with #securityflaw
BBC News
23-05-2025
- Business
- BBC News
OxBykes customer data leak treated with 'utmost urgency'
A bicycle rental company that accidentally made customer data available on its mobile app has said it is treating the matter "with the utmost urgency". A user of OxBykes, which operates its own fleet of bicycles for rental and sale in Oxford, Cambridge and London, said they had accidently been granted administrative level access to its database on 13 shown to the BBC by the customer - who asked to remain anonymous - display confidential data including names, contact details and order said the security flaw had been resolved and that potentially affected customers would be contacted. OxBykes has 25 depots across Oxford, 14 in Cambridge and three in London. It makes bicycles available for collection instantly after user said they had come across the glitch while trying to contact the support team after struggling to find a bike they had said the data was found via a button on the mobile app and "was accessible throughout the past week".The customer added that they received a personal WhatsApp message from OxBykes founder Louis Wright on Sunday, explaining the error and requesting that they did not release any confidential CEO Tom Widgery replied to BBC's request for comment on Wednesday. He said the company was "made aware today that a very limited selection of customer data from a small number of customers may have been accessed as a result of a previously resolved vulnerability"."We are treating this matter with the utmost urgency and are currently speaking to our lawyers to understand the full implications of the situation," he said."We have already taken steps to patch the security flaw and are working to understand the extent of any data exposure. "We are also reporting the incident to the Information Commissioner's Office and are preparing to contact any potentially affected customers directly." You can follow BBC Oxfordshire on Facebook, X (Twitter), or Instagram.
Yahoo
06-05-2025
- Yahoo
iPhone Users Issued Urgent Warning After Major Flaw
Billions of iPhone users and Apple device owners worldwide are being warned to update their devices immediately after a major security flaw puts them at risk of malware attacks. Apple's AirPlay feature conveniently enables Apple devices to seamlessly integrate with other devices, allowing iPhones and Macbooks to play music or show videos on other Apple devices or third-party speakers and televisions. However, that same technology has also opened up those devices to a major security flaw. As first reported by Wired this week, the cybersecurity firm Oligo revealed a security flaw in Apple's Airplay software that allowed devices to be hacked if the hackers were connected to the same Wi-Fi network as the devices which includes public places like airports, coffee shops, or even your work office. The flaw, which Oligo has named "AirBorne" could allow hackers to deploy malware, snoop on your private data, or even eavesdrop on your conversations using microphones in the devices. Apple told Wired that it has patched the bugs on its own devices in recent months, so iPhone and Macbook users have been urged to make sure their devices are up to date. However, even if your Apple device is up to date, that does not necessarily mean you are safe from potential hacks, because third-party devices are vulnerable to the attacks, too. Oligo's chief technology officer and co-founder Gal Elbaz estimates that there are tens of millions of third-party AirPlay-enabled devices that are potentially vulnerable to attacks – gadgets like smart TVs or Bluetooth speakers, even if they are not in use. The vulnerability even applies to CarPlay, putting the car's automotive computer at risk of a hack. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch—or they will never be patched,' Elbaz told Wired. 'And it's all because of vulnerabilities in one piece of software that affects everything.' These third-party devices are likely to remain hackable unless users intentionally act to update them. And even if you update all of your devices, you still could be at risk from someone else's device that has not been updated if it is connected to the same public Wi-Fi network at the airport, a coffee shop, or even at work. 'The amount of devices that were vulnerable to these issues, that's what alarms me,' says Oligo researcher Uri Katz. 'When was the last time you updated your speaker?' Apple has worked with its certified third-party partners to come up with a security patch, but the risk will still remain from other manufacturers who might incorporate Apple's AirPlay feature without notifying Apple and becoming a "certified" AirPlay device. These devices might never receive a patch. As for how you can best keep yourself secure from malware attacks and hacks, make sure all of your AirPlay-enabled devices are up to date and be wary of which Wi-Fi networks you connect to your devices.
