Krebs on Security

JUNE 28, 2019

says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. As it happened, the PCM employee was not using multi-factor authentication. And when that PCM employee’s account got hacked, so too did many other PCM customers.

Authentication 266

Authentication Accountability Data breaches Software 266

Krebs on Security

AUGUST 1, 2018

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. APP-BASED AUTHENTICATION. “We point this out to encourage everyone here to move to token-based 2FA.”

Authentication 225

Authentication Mobile Passwords Accountability 225

The Last Watchdog

JUNE 9, 2021

Massive data base breaches today generally follow a distinctive pattern: hack into a client -facing application; manipulate an API; follow the data flow to gain access to an overly permissive database or S3 bucket (cloud storage). A classic example of this type of intrusion is the Capital One data breach.

Data breaches 203

Data breaches Software Hacking Mobile 203

Webroot

APRIL 22, 2025

If a company you do business with becomes part of a data breach, cybercriminals may have full access to your confidential information. Unfortunately, data breaches are on the rise and affecting more companies and consumers than ever. billion people received notices that their information was exposed in a data breach.

Data breaches 70

Data breaches Identity Theft Passwords eCommerce 70

Security Affairs

NOVEMBER 2, 2023

Okta warns approximately 5,000 employees that their personal information was compromised due to a third-party vendor data breach. ” reads the data breach notification sent to the impacted individuals and shared with the Office of the Maine Attorney General.

Data breaches 140

Data breaches Hacking Social Engineering Healthcare 140

The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. Related: Kaseya hack worsens supply chain risk. Often inadvertent data breaches stem from a well-meaning employee trying to meet the needs of clients but without the technical systems to facilitate.

Mobile 235

Mobile Data breaches Authentication Accountability 235

Troy Hunt

NOVEMBER 21, 2017

But it's exactly what it sounds like and on Thursday next week, I'll be up in front of US congress on the other side of the world testifying about the impact of data breaches. For a bit more context, I've been chatting with folks from the House Energy and Commerce Committee for a while now about the mechanics of data breaches.

Data breaches 237

Data breaches InfoSec Backups IoT 237

Krebs on Security

DECEMBER 13, 2022

While the FBI’s InfraGard system requires multi-factor authentication by default, users can choose between receiving a one-time code via SMS or email. Prior to its infiltration by the FBI, RaidForums sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches.

Hacking 363

Hacking Energy and Utilities Cybercrime Accountability 363

Troy Hunt

JANUARY 8, 2019

Regular readers will appreciate the mechanics of this already but all those who I point here for whom this is new, this attack simply takes exposed credentials from a data breach and tries them on another site. Got my playlists deleted and the hacker created a playlist called "Get Hacked".

Hacking 260

Hacking Passwords Accountability Data breaches 260

Security Affairs

NOVEMBER 3, 2021

Labour Party discloses a data breach after a ransomware attack hit a service provider that is managing its data. Labour Party discloses a data breach after a service provider that manages its data was hit by a ransomware attack. SecurityAffairs – hacking, data breach). The post The U.K.

Data breaches 143

Data breaches Ransomware Authentication Hacking 143

Krebs on Security

AUGUST 6, 2020

. “We identified a handful of legitimate businesses who are customers that may have experienced a breach,” Dubner said. Dubner said all customers are required to use multi-factor authentication, and that everyone applying for access to its services undergoes a rigorous vetting process.

Accountability 363

Accountability Identity Theft Hacking Insurance 363

Security Affairs

JUNE 19, 2024

. “We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data.” ” Earlier this week IntelBroker announced on the BreachForums cybercrime forum that they were “selling the AMD.com data breach.”

Data breaches 137

Data breaches Firmware Cybercrime Media 137

Security Affairs

NOVEMBER 16, 2023

Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual. Samsung Electronics suffered a data breach that exposed the personal information of some of its customers to an unauthorized individual. ” reads the data breach notification sent to the customers.

Data breaches 139

Data breaches eCommerce Hacking Passwords 139

Security Affairs

SEPTEMBER 3, 2022

Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. Threat actors had access to internal company data, including the source code of Galaxy models.

Data breaches 145

Data breaches Hacking Authentication Cybersecurity 145

Security Affairs

OCTOBER 4, 2023

Sony Interactive Entertainment has notified current and former employees and their family members about a data breach. Sony Interactive Entertainment (SIE) has notified current and former employees and their family members about a data breach that exposed their personal information.

Data breaches 145

Data breaches Ransomware Hacking Software 145

Krebs on Security

JANUARY 7, 2025

Lookout researchers discovered multiple voice phishing groups were using a new phishing kit that closely mimicked the single sign-on pages for Okta and other authentication providers. Federal Communications Commission (FCC), as well as those working at the cryptocurrency exchanges Coinbase and Binance. “ Annie.”

Phishing 334

Phishing Cryptocurrency Accountability Social Engineering 334

Krebs on Security

FEBRUARY 12, 2019

VFEmail’s Twitter account responded that “external facing systems, of differing OS’s and remote authentication, in multiple data centers are down.” “I fear all US based data my be lost.” Strangely, not all VMs shared the same authentication, but all were destroyed.

Hacking 275

Hacking DDOS Backups Accountability 275

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. ” reads the data breach notification send to the impacted individuals. date and time of the message, type of message, etc.).”

Data breaches 140

Data breaches Social Engineering Engineering Authentication 140

Dark Reading

AUGUST 11, 2022

Ransomware gang gained access to the company's VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification.

Data breaches 135

Data breaches VPN Hacking Authentication 135

Krebs on Security

SEPTEMBER 13, 2023

Credentials stolen by info-stealers often end up for sale on cybercrime shops that peddle purloined passwords and authentication cookies (these logs also often show up in the malware scanning service VirusTotal ). Microsoft Corp. government inboxes.

Cybercrime 338

Cybercrime Passwords Authentication Malware 338

Krebs on Security

JULY 12, 2024

disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).

Data breaches 344

Data breaches Passwords Authentication Accountability 344

Security Affairs

MAY 13, 2024

Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company. Firstmac Limited, one of the largest non-bank lenders in Australia, disclosed a data breach. The company is notifying the impacted customers. ” continues the notice.

Data breaches 128

Data breaches Cyber Attacks Identity Theft Banking 128

SecureWorld News

MARCH 24, 2022

One of the first hacks to ever get widespread public attention occurred on the night of April 27, 1986. RELATED: Original HBO Hack ]. To some, the ability to hack a satellite broadcast was unsettling. Now, headlines about ransomware, cyberattacks, and data breaches pour into social media feeds as steady as a river flows.

Data breaches 130

Data breaches Passwords Accountability Government 130

Security Affairs

OCTOBER 26, 2023

On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber attack. Seiko Group Corporation (hereinafter referred to as “the Company” or “we”) has confirmed that on July 28th of this year, the Company suffered a possible data breach.

Data breaches 143

Data breaches Ransomware Education Cybersecurity 143

Security Affairs

MARCH 30, 2024

AT&T confirmed that a data breach impacted 73 million current and former customers after its data were leaked on a cybercrime forum. In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported.

Data breaches 144

Data breaches Telecommunications Cybercrime Hacking 144

Security Affairs

SEPTEMBER 24, 2023

educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. The security breach resulted from a cyber attack exploiting a vulnerability in the MOVEit managed file transfer (MFT).- reads the advisory published by the company.

Data breaches 135

Data breaches Education Ransomware Software 135

Security Affairs

DECEMBER 30, 2024

Cisco confirmed the authenticity of the 4GB of leaked data, the data was compromised in a recent security breach, marking the second leak in the incident. Cisco confirmed the authenticity of the 4GB of leaked data, which was compromised in a recent security breach, marking it as the second leak in the incident.

Data breaches 123

Data breaches Cybercrime Authentication Technology 123

Security Affairs

AUGUST 24, 2022

The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and encrypted passwords. According to the company, financial and payment data were not compromised because are not stored on its servers.

Data breaches 134

Data breaches Passwords Media Accountability 134

Krebs on Security

FEBRUARY 10, 2020

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans.

Hacking 303

Hacking Identity Theft Government Phishing 303

Security Affairs

NOVEMBER 20, 2023

The Canadian government discloses a data breach after threat actors hacked two of its contractors. “On October 19 th , 2023, Brookfield Global Relocation Services (BGRS) informed the Government of Canada of a breach involving Government of Canada information held by BGRS and SIRVA Canada systems.”

Data breaches 137

Data breaches Government Hacking Backups 137

Security Affairs

NOVEMBER 2, 2024

is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. Attackers can also trigger flaws to extract network details to infiltrate connected systems, increasing the risk of data breaches and ransomware attacks.

Firmware 121

Firmware Manufacturing IoT Healthcare 121

Krebs on Security

AUGUST 2, 2019

In Capital One’s case, the misconfigured WAF for whatever reason was assigned too many permissions, i.e. it was allowed to list all of the files in any buckets of data, and to read the contents of each of those files. “SSRF has become the most serious vulnerability facing organizations that use public clouds,” Johnson wrote.

Hacking 269

Hacking Firewall Data breaches Software 269

The Last Watchdog

AUGUST 29, 2022

Related: Damage caused by ‘business logic’ hacking. This is according to Verizon’s latest 2022 Data Breach Investigations Report ( DBIR ). In the report’s findings, stolen credentials and exploited vulnerabilities are the top reasons for web breaches. Authentication bypass.

Hacking 201

Hacking Passwords Password Management Data breaches 201

Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals.

Data breaches 131

Data breaches Telecommunications Banking Mobile 131

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. According to Forbes, “the first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records.”

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

The Last Watchdog

SEPTEMBER 24, 2024

Ever since the massive National Public Data (NPD) breach was disclosed a few weeks ago, news sources have reported an increased interest in online credit bureaus, and there has been an apparent upswing in onboarding of new subscribers. Related: Class-action lawsuits pile up in wake of NPD hack So what’s the connection?

Authentication 216

Authentication Identity Theft Banking Data breaches 216

Troy Hunt

APRIL 14, 2024

Data breach verification: that seems like a good place to start given the discussion in this week's video about Accor. Watch the vid for the whole thing but in summary, data allegedly taken from Accor was published to a popular hacking forum and the headlines inevitably followed.

Retail 294

Retail Authentication Data breaches Hacking 294