breach
Latest
SolarWinds hackers also targeted security specialist Malwarebytes
American security company Malwarebytes has revealed that it was targeted by the same “nation state actor implicated in SolarWinds breach.” The firm says it doesn’t use SolarWinds’ IT software, which served as the hackers’ entryway into the systems of all the companies and federal agencies they breached, and that it was infiltrated using another intrusion vector. In particular, the bad actors got in through a dormant email protection product within its Office 365 tenant.
T-Mobile warns customers of second data breach in less than a year
As if 2020 weren't bad enough, some T-Mobile customers are winding down the year with word of a data breach. According to reports from BleepingComputer and AndroidPolice, T-Mobile has within the past few days begun to notify affected subscribers of "malicious, unauthorized access" to some of their account information. "We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers."
Foreign state hackers reportedly breached the US Treasury (updated)
Hackers backed by a foreign government reportedly breached the US Treasury Department and NTIA, stealing info in the process.
Leak exposes personal data for millions of Brazilian COVID-19 patients
A mistake by a hospital worker exposed personal data for millions of Brazil's COVID-19 patients, including the country's president.
Hotels.com, Expedia provider exposed data for millions of guests
A cloud provider left exposed for millions of guests using major hotel reservation services.
World's biggest cruise line company hit by ransomware attack
The world’s largest cruise operator Carnival has revealed that it suffered a ransomware attack and security breach that could affect customer and employee data.
Capital One fined $80 million over 2019 data breach
Capital One has been fined $80 million for a 2019 data breach that left 100 million Americans vulnerable.
Have I Been Pwned's code base will be open sourced
It'll help ensure 'a more sustainable future' for the project after a failed acquisition process.
20GB of Intel internal documents were leaked online
More than 20GB worth of Intel internal documents has been uploaded on Mega, and according to ZDNet, the chipmaker is now trying to ascertain how the files were leaked. A Swiss software engineer named Till Kottmann published the documents, most of which are marked “confidential.” Kottmann has history publishing data from major tech companies that was leaked online through various avenues, such as misconfigured Git repositories.
Alleged Twitter hacker was previously caught stealing a fortune in Bitcoin
The teenage "mastermind" behind last month's Twitter hack reportedly stole hundreds of thousands of dollars worth of Bitcoin last year.
Everything we know about the Twitter Bitcoin hack
Early in the afternoon (Eastern time) on July 15th, a hacker -- or hackers -- gained control of a series of Twitter accounts owned by Bitcoin enthusiasts, executives and exchanges. Upon gaining control of those accounts, the hackers tweeted messages to those accounts' audiences claiming that they would be "giving 5000 BTC back to the community" and directing users to cryptoforhealth.com. People who visited the now-defunct website were told that if they sent Bitcoin to a specified address, they would receive double the amount in return, plus a bonus if contributions exceeded a certain threshold.
Twitter claims 'social engineering attack' led to crypto scam tweets
Twitter provided some details from its investigation into a massive breach on Wednesday.
Cyberattack forces Honda to suspend global production for a day
Honda was forced to suspend global production for a day due to a cyberattack that infiltrated the company's internal servers in Tokyo.
Nintendo says 140,000 more NNID accounts were vulnerable
Nintendo's NNID breach was bigger than originally reported.
Ukraine catches hacker who tried to sell 773 million stolen email addresses
Ukrainian officials detained the hacker, known as Sanix, who tried to sell a database with 773 million email addresses and 21 million unique passwords.
Facebook says it will tighten account security following 2018 hack
Facebook is promising to bolster its security processes in the wake of a 2018 hack that exposed data for 29 million users. The social network has proposed a settlement in a lawsuit over the breach that would see the company check more often for suspicious activity around the digital access tokens that let people use their accounts. There are other measures as part of the lawsuit, Bloomberg said.
Guardian: Saudi prince’s account used to hack Jeff Bezos via WhatsApp
Amazon spends millions of dollars each year physically protecting CEO Jeff Bezos, but his personal data remained all too vulnerable. According to a bombshell report published in The Guardian this afternoon, Bezos was the victim of a hacking operation conducted via WhatsApp that potentially involved Saudi crown prince Mohammed bin Salman.
FBI seizes site dedicated to selling data breach information
Following an international operation, the FBI has seized and shut down a website called WeLeakInfo that sold private user data from over 10,000 data breaches. As part of the operation, police in the Netherlands and Northern Ireland arrested two 22-year old believed to be connected to the site. Meanwhile the FBI, working in coordination with police forces in Europe,took down the domain for the site and redirected it to a seizure notice (above).
TikTok fixed a flaw that could have exposed user accounts
TikTok has been the subject of national security concerns for some time, and now things are set to get a little more uncomfortable for the company. According to cybersecurity company Check Point, the popular app had serious vulnerabilities that could have allowed hackers to obtain personal information and manipulate user data.
International money transfer service Travelex held ransom by hackers
Foreign exchange company Travelex has been targeted by hackers demanding $6 million (£4.6 million), in an attack many believe could have been averted months ago. The ransomware gang known as Sodinokibi -- also as REvil -- says it has downloaded more than 5GB of sensitive customer data, including dates of birth, credit card information and national insurance numbers, which it will publish if payment is not made within a week. The hackers originally demanded $3 million, but doubled the sum after two days of non-payment.