data exposed | Breaking Cybersecurity News | The Hacker News

After fining British Airways with a record fine of £183 million earlier this week, the UK's data privacy regulator is now planning to slap world's biggest hotel chain Marriott International with a £99 million ($123 million) fine under GDPR over 2014 data breach. This is the second major penalty notice in the last two days that hit companies for failing to protect its customers' personal and financial information compromised and implement adequate security measures. In November 2018, Marriott discovered that unknown hackers compromised their guest reservation database through its Starwood hotels subsidiary and walked away with personal details of approximately 339 million guests. The compromised database leaked guests' names, mailing addresses, phone numbers, email addresses, dates of birth, gender, arrival and departure information, reservation date, and communication preferences. The breach, which likely happened in 2014, also exposed unencrypted passport

Facebook is alerting its users about a security breach due to a technical glitch, that may have inadvertently exposed the email addresses and telephone numbers of roughly 6 million users. " We recently received a report to our White Hat program regarding a bug that may have allowed some of a person's contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them, " Facebook said in its announcement. The problem stemmed from a tool that allows users to upload their contact lists or address books to Facebook so that the social network can serve up friend recommendations or invite people to join Facebook. " Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people's contact information as part of their account on Facebook, " As a result,

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or