Partiful's Location Data Flaw Exposed User Photos
ByAinvest
Saturday, Oct 4, 2025 12:10 pm ET2min read
CRM--
Salesforce Data Breach: A Major Threat
A cybercriminal group, 'Scattered LAPSUS$ Hunters,' has claimed to have stolen nearly 1 billion records from Salesforce customer databases [1]. The group, which includes members from ShinyHunters, Scattered Spider, and LAPSUS$, is demanding a ransom and threatening to release sensitive information from 39 major companies, including Google, Toyota, and Disney.
The breach affects a wide range of sectors, including retail, hospitality, and luxury brands. Hackers have accessed personally identifiable information (PII) such as names, addresses, dates of birth, Social Security numbers, and business contact details. This incident underscores the growing risks of cloud-based data breaches, with companies facing mounting legal challenges and potential financial losses.
Salesforce maintains that its core platform remains secure, attributing the breaches to social engineering attacks on individual customers. However, the company faces at least 14 lawsuits in Northern California, seeking class-action status over alleged negligence and privacy violations [1]. This incident serves as a stark reminder of the importance of strong authentication methods, monitoring third-party integrations, and employee security training.
KuCoin Enhances Privacy with ISO 27701 Certification
In response to increasing privacy concerns in the crypto space, KuCoin has obtained ISO 27701:2025 certification, reinforcing its commitment to user privacy and trust [2]. The certification builds upon KuCoin's existing ISO 27001:2022 and SOC 2 Type II certifications, adding layers of security and compliance controls.
The ISO 27701 certification ensures that KuCoin's privacy safeguards span the full data lifecycle, from collection and processing to secure storage and disposal. This certification aligns with global regulatory expectations and signals KuCoin's readiness for compliance in multiple jurisdictions.
KuCoin's $2 Billion Trust Project, which aims to improve transparency and reliability, now includes the ISO 27701 certification. The exchange has appointed a global Data Protection Officer to oversee compliance across all regions, further strengthening its security architecture.
Implications for Partiful
Partiful, a social event planning app, recently faced a security flaw involving user-uploaded images. The app did not strip location data from user-uploaded images, potentially compromising user privacy . While Partiful has since fixed the issue, this incident underscores the importance of comprehensive data protection measures.
Conclusion
Recent incidents highlight the critical need for robust data protection measures in the cloud. Companies must prioritize strong authentication, third-party integration monitoring, and employee security training. Certifications like ISO 27701 can provide an additional layer of security and enhance user trust.
Partiful, a social event planning app, has been collecting a large amount of user data. The company's app allows users to RSVP to events and has a powerful social graph. However, TechCrunch found that the app was not stripping location data from user-uploaded images, including public profile photos. This security flaw could be used to reveal the location of where a person's profile photo was snapped, potentially compromising user privacy. Partiful has since fixed the issue.
The cybersecurity landscape continues to evolve, with recent incidents highlighting the vulnerabilities of cloud-based platforms. Two notable events have drawn significant attention: a massive data breach involving Salesforce and KuCoin's ISO 27701 certification.Salesforce Data Breach: A Major Threat
A cybercriminal group, 'Scattered LAPSUS$ Hunters,' has claimed to have stolen nearly 1 billion records from Salesforce customer databases [1]. The group, which includes members from ShinyHunters, Scattered Spider, and LAPSUS$, is demanding a ransom and threatening to release sensitive information from 39 major companies, including Google, Toyota, and Disney.
The breach affects a wide range of sectors, including retail, hospitality, and luxury brands. Hackers have accessed personally identifiable information (PII) such as names, addresses, dates of birth, Social Security numbers, and business contact details. This incident underscores the growing risks of cloud-based data breaches, with companies facing mounting legal challenges and potential financial losses.
Salesforce maintains that its core platform remains secure, attributing the breaches to social engineering attacks on individual customers. However, the company faces at least 14 lawsuits in Northern California, seeking class-action status over alleged negligence and privacy violations [1]. This incident serves as a stark reminder of the importance of strong authentication methods, monitoring third-party integrations, and employee security training.
KuCoin Enhances Privacy with ISO 27701 Certification
In response to increasing privacy concerns in the crypto space, KuCoin has obtained ISO 27701:2025 certification, reinforcing its commitment to user privacy and trust [2]. The certification builds upon KuCoin's existing ISO 27001:2022 and SOC 2 Type II certifications, adding layers of security and compliance controls.
The ISO 27701 certification ensures that KuCoin's privacy safeguards span the full data lifecycle, from collection and processing to secure storage and disposal. This certification aligns with global regulatory expectations and signals KuCoin's readiness for compliance in multiple jurisdictions.
KuCoin's $2 Billion Trust Project, which aims to improve transparency and reliability, now includes the ISO 27701 certification. The exchange has appointed a global Data Protection Officer to oversee compliance across all regions, further strengthening its security architecture.
Implications for Partiful
Partiful, a social event planning app, recently faced a security flaw involving user-uploaded images. The app did not strip location data from user-uploaded images, potentially compromising user privacy . While Partiful has since fixed the issue, this incident underscores the importance of comprehensive data protection measures.
Conclusion
Recent incidents highlight the critical need for robust data protection measures in the cloud. Companies must prioritize strong authentication, third-party integration monitoring, and employee security training. Certifications like ISO 27701 can provide an additional layer of security and enhance user trust.
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PROEditorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process.
While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context.
Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue
ABOUT US
Our StoryNews AuthorsKnowledge BasePrivacy PolicyTerm of UseThird Party Brokerage DisclaimerAIME Terms of UseAInvest AI Risk DisclosuresCareersCONTACT US
Email: support@ainvest.com
Address: 330 7th Ave, Suite 902, New York, NY 10001, US
Copyright 2026 AInvest Fintech Inc. All rights reserved.
Comments
No comments yet