Ikea Canada Breach Exposes 95K Customer Records
An unauthorized employee accessed Ikea's customer database, but it's unclear what the intention was.
Stay informed on database security trends, breaches, and best practices in information security with our comprehensive news and updates.
Search across headline titles and summaries.
Background for this topic.
Databases store and organize data electronically, enabling efficient retrieval and management. They often hold sensitive information such as user credentials, financial records, or personal details, making them prime targets for attackers. Common database types include relational databases using structured query language (SQL) and NoSQL databases designed for unstructured data.
Security risks include SQL injection attacks that exploit improper input handling to manipulate or extract data, and misconfigured access controls that allow unauthorized users to view or alter information. Protecting databases involves strict authentication, role-based access controls, encryption of data at rest and in transit, and timely application of security patches to database software. Monitoring query logs and access patterns helps detect suspicious activity that could indicate compromise or insider threats.
An unauthorized employee accessed Ikea's customer database, but it's unclear what the intention was.
Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database
Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database. The Salesforce-owned cloud platform acknowledged the same compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." [...]
Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database. The Salesforce-owned cloud platform acknowledged the same compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." [...]