Security Affairs

MARCH 30, 2024

AT&T confirmed that a data breach impacted 73 million current and former customers after its data were leaked on a cybercrime forum. In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported.

Data breaches 145

Data breaches Telecommunications Cybercrime Hacking 145

Security Affairs

OCTOBER 4, 2023

Sony Interactive Entertainment has notified current and former employees and their family members about a data breach. Sony Interactive Entertainment (SIE) has notified current and former employees and their family members about a data breach that exposed their personal information.

Data breaches 145

Data breaches Ransomware Hacking Software 145

Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals.

Data breaches 138

Data breaches Telecommunications Banking Mobile 138

Security Affairs

NOVEMBER 2, 2023

Okta warns approximately 5,000 employees that their personal information was compromised due to a third-party vendor data breach. “On October 12, 2023, Rightway informed Okta that an unauthorized actor gained access to an eligibility census file maintained by Rightway in its provision of services to Okta.

Data breaches 143

Data breaches Hacking Social Engineering Healthcare 143

Security Affairs

OCTOBER 26, 2023

On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber attack. Seiko Group Corporation (hereinafter referred to as “the Company” or “we”) has confirmed that on July 28th of this year, the Company suffered a possible data breach.

Data breaches 144

Data breaches Ransomware Education Cybersecurity 144

Security Affairs

AUGUST 24, 2022

The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and encrypted passwords. According to the company, financial and payment data were not compromised because are not stored on its servers.

Data breaches 140

Data breaches Passwords Media Accountability 140

Security Affairs

SEPTEMBER 24, 2023

educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. “On May 31, 2023, the Clearinghouse was informed by our third-party software provider, Progress Software, of a cybersecurity issue involving the provider’s MOVEit Transfer solution.

Data breaches 141

Data breaches Education Ransomware Software 141

Security Affairs

APRIL 10, 2024

AT&T confirmed that the data breach impacted 51 million former and current customers and is notifying them. AT&T revealed that the recently disclosed data breach impacts more than 51 million former and current customers and is notifying them. ” reads the data breach notification.

Data breaches 134

Data breaches Telecommunications Identity Theft Hacking 134

Malwarebytes

JULY 24, 2024

SIM swapping (and the very similar port-out fraud) is the unlawful use of someone’s personal information to steal their phone number and swap or transfer it to another device. With this, criminals can intercept calls, messages, and certain multi-factor authentication (MFA) codes. Enable two-factor authentication (2FA).

Data breaches 111

Data breaches Wireless Passwords Phishing 111

Security Affairs

OCTOBER 26, 2020

Nitro PDF suffered a massive data breach that impacts many major organizations, including Apple, Chase, Citibank, Google, and Microsoft. A massive data breach suffered by the Nitro PDF might have a severe impact on well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Nitro Software , Inc.

Data breaches 137

Data breaches Advertising Software Accountability 137

Security Affairs

MAY 29, 2024

A credential stuffing attack is a type of cyber attack where hackers use large sets of username and password combinations, typically obtained from previous data breaches, phishing campaigns, or info-stealer infections, to gain unauthorized access to user accounts on various online services. ” reads advisory.

Authentication 133

Authentication Accountability Passwords Data breaches 133

Security Affairs

JANUARY 4, 2022

The Broward Health public health system disclosed a massive data breach that has impacted more than 1.3 The Broward Health public health system has suffered a data breach that impacted 1,357,879 individuals. ” reads the data breach notification letter sent to the impacted individuals.

Data breaches 116

Data breaches Healthcare Identity Theft Insurance 116

Security Affairs

JULY 29, 2022

Therefore, strong authentication methods are needed. Therefore, strong authentication methods are needed to improve security without hindering user convenience. What is Strong Authentication? The IAM Security Boundary Strong authentication is a critical component of modern-day identity and access management.

Authentication 133

Authentication Passwords Data privacy Identity Theft 133

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. which suffered a data breach in 2015 affecting 78.8

Healthcare 283

Healthcare Insurance Computers and Electronics Data breaches 283

Security Affairs

MARCH 25, 2021

Researchers discovered the availability in the DarK Web of 30M of records of Americans affected by the Astoria Company data breach. Night Lion Security’s CEO, Vinny Troia, reported to Astoria Company the flaw in their database on January 29, 2021 and the availability of their data on Dark Web. Pierluigi Paganini.

Data breaches 134

Data breaches Insurance Banking Hacking 134

Security Affairs

AUGUST 8, 2022

Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. SecurityAffairs – hacking, data breach).

Data breaches 108

Data breaches Social Engineering Phishing Accountability 108

Security Affairs

SEPTEMBER 6, 2022

“Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code,” a spokesperson added. The popular data breach hunter Bob Diachenko and his team analyzed publicly exposed data and confirmed their authenticity, but they are unable to determine the origin.

Data breaches 105

Data breaches Hacking Media Authentication 105

Security Affairs

JANUARY 3, 2023

A post published on a popular hacking forum claims Volvo Cars has suffered a new data breach, alleging stolen data available for sale. French cybersecurity Anis Haboubi yesterday first noticed that a threat actor was attempting to sell data allegedly stolen from Volvo Cars on a popular hacking forum. Pierluigi Paganini.

Data breaches 98

Data breaches Hacking Ransomware Manufacturing 98

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts.

Internet 135

Internet Internet Data breaches Authentication 135

Security Affairs

AUGUST 31, 2022

The Russian subscription-based streaming service Start discloses a data breach affecting 7.5 The Russian media streaming platform START disclosed a data breach that impacted 7.5 Russian news outlet Medusa verified that the leaked data are valid. ” reads the data breach notice published on Telegram.

Data breaches 98

Data breaches Passwords Banking Media 98

Security Affairs

MARCH 8, 2022

Samsung confirmed that threat actors had access to the source code of its Galaxy smartphones in recent security breach. Samsung this week disclosed a data breach, threat actors had access to internal company data, including the source code of Galaxy models. Source: Lapsus$ gang’s Telegram Channel.

Data breaches 105

Data breaches Ransomware Hacking Cyber Attacks 105

Krebs on Security

APRIL 27, 2023

Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information.

Banking 330

Banking Government Information Security Authentication 330

Security Affairs

MAY 13, 2023

A data breach disclosed by Toyota Motor Corporation exposed info of more than 2 million customers for ten years Toyota Motor Corporation disclosed a data breach that exposed the car-location information of 2,150,000 customers between November 6, 2013, and April 17, 2023.

Data breaches 98

Data breaches Authentication Internet Internet 98

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. User authentication seems easy, but there are inherent challenges to be aware of. User Authentication.

Authentication 105

Authentication Passwords Risk Education 105

Security Affairs

JANUARY 20, 2023

PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. The company added that the unauthorized accessed were the result of credential stuffing attacks and that its systems were not breached. .” What is credential stuffing?

Data breaches 98

Data breaches Identity Theft Accountability Passwords 98

Security Affairs

JUNE 5, 2023

The BBC and British Airways were both impacted by the data breach suffered by the payroll provider Zellis. As a result of the cyber attack on the payroll provider Zellis, the personal data of employees at the BBC and British Airways has been compromised and exposed. reads the advisory published by the company.

Data breaches 98

Data breaches Retail Software Cyber Attacks 98

The Last Watchdog

APRIL 4, 2022

SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. According to Forbes, “the first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records.”

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

JANUARY 18, 2021

The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach. OpenWRT forum was compromised during the weekend and user data were stolen by intruders. The administrators of the forum disclosed the data breach with an announcement published on the forum.

Hacking 143

Hacking Data breaches Passwords Accountability 143

Krebs on Security

NOVEMBER 21, 2018

The researcher said he informed the USPS about his finding more than a year ago yet never received a response. ” Nicholas Weaver , a researcher at the International Computer Science Institute and lecturer at UC Berkeley , said the API should have validated that the account making the request had permission to read the data requested.

Accountability 269

Accountability Authentication Identity Theft Advertising 269

Security Affairs

JUNE 2, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 132

Data breaches VPN Cloud Migration Cybercrime 132

The Last Watchdog

MAY 19, 2022

Nearly all CMS platforms, whether traditional or headless, offer some level of built-in security to authenticate users who are allowed to view, add, remove, or change content. Best security practices. According to the IBM Data Breach Report 2021 , data breaches in the United States reached $4.24

Data breaches 262

Data breaches Encryption Mobile Technology 262

Security Affairs

JUNE 21, 2020

Cyble has analyzed the data and confirmed its authenticity, it also indexed the record in its data breach monitoring and notification service AmiBreached.com. The leaked dump includes name, address, present address, telephone number, citizenship, diagnosis date, result, result date, and many more.

Data breaches 142

Data breaches Advertising Mobile Authentication 142

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users.

Cryptocurrency 144

Cryptocurrency Data breaches Authentication Accountability 144

CyberSecurity Insiders

MARCH 28, 2023

Understanding the FTC Safeguards Rule The FTC Safeguards Rule is a set of regulations that require covered financial institutions to develop, implement, and maintain an information security program designed to protect customer information. Implementation of multi-factor authentication.

Data breaches 125

Data breaches Authentication Risk Phishing 125

Security Affairs

APRIL 14, 2020

Quidd , an online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019. Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords.

Accountability 145

Accountability Hacking Data breaches Passwords 145

Security Affairs

JULY 14, 2020

The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web. Bad news for the guests of the MGM Resorts, the 2019 data breach suffered by the company is much larger than initially reported. MGM Resorts Dump (source ZDNet).

Data breaches 145

Data breaches Advertising Hacking Cybercrime 145

Security Boulevard

AUGUST 21, 2022

The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show. The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show.

Authentication 98

Authentication Accountability Hacking Ransomware 98