Under Armour is getting kudos for disclosing breach within weeks, but concerns remain over an unknown portion of credentials reportedly stored using the weak SHA-1 hashing function.

Ancestry.com closes parts of its community-driven genealogy site RootsWeb as it investigates a leaky server that exposed thousands of passwords, email addresses and usernames to the public internet.

The Onliner spambot, Google’s forthcoming Not Secure warnings for Chrome, the WireX botnet, Sarahah privacy and more are discussed.

Researchers accessed the Onliner spambot and found 711 million records, including email addresses, email and password combinations, and SMTP credentials and configuration files.

The glaring privacy issues tied to an online health and beauty retailer allows customers to log-in to their user accounts with just their email address – no password needed.

Spiral Toys has filed a breach notification with the California Attorney General’s office informing them of the CloudPets data breach.

Voice messages from children sent through an internet-connected toy called CloudPets were stolen from an exposed MongoDB database, which has been wiped clean and the data held for ransom.

St. Jude Medical yesterday filed a lawsuit alleging that investment research firm Muddy Waters and healthcare security research company Med Sec made false claims in a report focused on the security of St. Jude products. The report released Aug. 25 warned of potentially catastrophic cybersecurity vulnerabilities in St. Jude pacemakers, defibrillators and other medical devices....