Failures Database
This database contains reports analyzing software failures from the news. Currently, it contains failures from 2010 to 2022. This database was created through the FAIL (Failure Analysis Investigation with LLM) project. FAIL leverages Large Language Models (LLMs) to collect and analyze software failures reported in the news. Our work has been presented in the paper titled "FAIL: Analyzing Software Failures from the News Using LLMs." Contributing members include Dharun Anandayuvaraj, Matthew Campbell, Tanmay Singla, Parth Patil, Arav Tewari, and James C. Davis from Purdue University.
| Title | Published Date | System | Number of Articles | Actions |
|---|---|---|---|---|
| Vulnerabilities in Apple Pay Integration Expose Websites to Attacks | 2019-08-08 | The system that failed in the software failure incident described in the article is the integration between third-party websites and Apple Pay, specifically in how websites can configure the integration with Apple Pay. The vulnerabilities stemmed from the connection between a site and the Apple Pay infrastructure, and the validation mechanism that could be established in various ways at the host site's discretion. The failure can be attributed to the following: 1. Integration between third-party websites and Apple Pay, allowing for potential vulnerabilities in how websites configure the integration [Article 88901]. | 1 | View Details |
| Twitter Exposes User Phone Numbers Due to Flaw in Contacts Feature | 2020-02-03 | 1. Twitter's "contacts upload" feature 2. Twitter's Android app 3. Twitter's account privacy settings 4. Twitter's notification system for data breaches [96761] | 1 | View Details |
| River Avon Boat Tour Company Revenue Loss Due to Software Fault | 2020-09-18 | 1. Software operating the vertical sluice gate [104834] | 1 | View Details |
| Smart Chastity Belt Hack Leaves Users Trapped and Exposed | 2020-10-06 | 1. Cellmate Chastity Cage system failed due to a security flaw in the software that allowed hackers to remotely lock all the devices simultaneously, with no manual release [106334, 106355, 106477, 109711]. 2. Cellmate Chastity Cage app failed to provide a manual override for users trapped in the device, leading to potential risks and incidents [106334, 106355, 106477, 109711]. 3. Cellmate Chastity Cage server API failed to adequately protect user data and device control, allowing hackers to access personal details and locations of users [106334, 106355, 106477, 109711]. 4. Qiui's software development process failed to address security vulnerabilities promptly, leaving users at risk even after updates were released [106334, 106355, 106477, 109711]. | 4 | View Details |
| Cyberpunk 2077 Launch Failure on Last-Gen Consoles by CD Projekt Red | 2020-12-14 | 1. PlayStation 4 2. Xbox One 3. Base PS4 model 4. Original 2013 model of PS4 5. Base PS4 and Xbox One hardware 6. Microsoft's Xbox Series X 7. Sony's PlayStation 5 8. Console version of Cyberpunk 2077 [Cyberpunk 2077: How to get a full refund before the Dec. 21 deadline, #110171, #108649, #115853] | 3 | View Details |
| Cyber-Attack on Microsoft Exchange Servers Affects Thousands Worldwide | 2021-03-08 | 1. Microsoft Exchange servers [112046] 2. Microsoft products and services [112046] | 1 | View Details |
| Tesla Cruise Control Software Issue in China, June 2021 | 2021-06-28 | 1. Cruise control system in certain Tesla models [Article 115929, Article 116081] | 2 | View Details |
| Tesla Autopilot Accidents: Self-Driving Feature Failures and Investigations | 2021-08-17 | 1. Tesla's Autopilot feature 2. Tesla's traffic-aware cruise control 3. Tesla Model Y, X, S, and 3 with model years 2014 to 2021 [117484] | 1 | View Details |
| MFA Prompt Bombing: Weak MFA Forms Exploited by Hackers | 2022-03-30 | The system that failed in the software failure incident described in the article is the Multifactor Authentication (MFA) system. Specific components/models/versions that failed include: 1. Weaker forms of MFA based on one-time passwords sent through SMS or generated by mobile apps like Google Authenticator or push prompts sent to a mobile device [125629]. 2. MFA prompt-bombing technique exploited by threat actors like Cozy Bear and Lapsus$ to bypass MFA protection [125629]. | 1 | View Details |
| Iranian Government-Backed Hackers Target Boston Children's Hospital Network | 2022-06-01 | 1. Fortinet software made by California-based firm - exploited by the attackers to control the Boston Children’s Hospital computer network [128447] | 1 | View Details |