Follow us:
  1. Home
  2. News
  3. Cybersecurity News

The Weekly Hack: Massage app accidentally reveals which clients asked for sexual favors

A hacker impersonated a title company and convinced a house hunter to wire over his money

Photo (c) zimmytws - Fotolia
Who would have guessed that an app designed to order massages straight to your door had both poor security and customers with perhaps some trouble keeping their hands to themselves?

Urban, a popular London-based startup selling “wellness that comes to you,” accidentally leaked its entire customer database online, revealing  email addresses, phone numbers, and names of all its 309,000 customers. Included in the database were also complaints from therapists about the specific clients who requested “sexual services.”

Urban pulled the database offline after the website TechCrunch discovered it and contacted the company for comment. So there’s probably no need to go into hiding if you’re one of the offending customers, unless someone took a screenshot.  

House hunter

A dentist in Missouri is out $90,000 after hackers successfully impersonated the real estate companies that he was already doing business with.

Howard Ritchey Jr. was hunting for a new home last year and working with title, mortgage, and real estate companies to make the purchase happen. In the middle of the deal, he received an email from what looked like his title company which instructed him to wire $88,338 over to secure his desired house.

But when he followed up in person with his lender, he was told the money didn’t go to the home. The lender said it looked like hackers got into his email and stole his money. Ritchey is now suing the title company and other parties, alleging that hackers actually targeted their emails and failed to warn him about the impersonators.

Ritchey’s case isn’t unique; the FBI says that similar complaints of real estate business impersonators are on the rise. Yet another reason not to wire money.  

Dunkin’ Donuts

Joining a donut loyalty program may have seemed like the ideal way to make your troubles go away, but reality isn’t so sweet. Dunkin’ Donuts recently informed holders of its loyalty Perks accounts that they should change their passwords to all of their other, non-donut-related accounts because their Dunkin’ Donuts passwords may have been stolen.

Dunkin’ says that thieves tried to break into the loyalty program and may have gained access to consumers’ usernames and passwords in the process. Consumers are instructed to change their passwords to other accounts only if its the same password they used for the Perks program.


Every single person who has shopped for Dell online had their password reset in the online store and wasn’t told why. The computer chain initially discovered it was hacked back on November 9 and changed passwords five days later.  

A source familiar with the incident says that Dell never informed consumers of the breach before changing their passwords on their behalf, according to a report published Wednesday in Reuters.

Security experts say it's shameful on Dell’s part that consumers were never told why their passwords were automatically reset, explaining that the move leaves potential victims “abandoned in the darkness and ambiguity.”


Consumers and researchers are scratching their head about a vague notice that shoppers received from Amazon shortly before Black Friday. The message says that users had their data exposed due to a “technical error,” but it does not specify much else, such as what type of data was exposed or how many people were affected.

Asked for more details, Amazon has told reporters that there is “nothing to add beyond our statement.” Amazon also told users they already fixed the unspecified issue and that there is no need for consumers to do anything. So, do with that information what you will.

Health records, again

Healthcare hackers have struck again, this time targeting more than two million patients covered  by Atrium, a North Carolina-based provider.

The firm said an “unauthorized third party” accessed patient information between Sept. 22 and 29, but the company told patients that medical records and payment information remains safe.

Take an Identity Theft Quiz

Get matched with an Accredited Partner

    Share your comments