Security News

Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees. [...]

Security in brief It's been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023 breach of its systems to anybody outside the organization, and that its ChatGPT app for macOS was coded without any regard for user privacy. According to an exclusive report from the New York Times, citing a pair of anonymous OpenAI insiders, someone managed to breach a private forum used by OpenAI employees to discuss projects early last year.

Infosec circles are awash with chatter about a vulnerability in Ghostscript some experts believe could be the cause of several major breaches in the coming months. Ghostscript is a Postscript and Adobe PDF interpreter that lets users of *nix, Windows, MacOS, and various embedded OSes and platforms view, print, and convert PDFs and image files.

A threat actor compromised Ethereum's mailing list provider and sent to over 35,000 addresses a phishing email with a link to a malicious site running a crypto drainer. Ethereum disclosed the incident in a blog post this week and said that it had no material impact on users.

Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. The investigation revealed that the partner had been compromised by hackers who leveraged the hijacked account to gain unauthorized access to HealthEquity's systems and, later, exfiltrate sensitive health data.

FIA, the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. Founded in 1904 as the Association Internationale des Automobile Clubs Reconnus, FIA is a non-profit international association that coordinates many auto racing championships, including Formula 1 and the World Rally Championship.

Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust. After researchers analyzed the data, it was determined that it had been stolen from Evolve Bank & Trust, which confirmed to BleepingComputer that the data belonged to them.

Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. According to an 8-K form filed with the U.S. Securities and Exchange Commission, Prudential detected the incident on February 5, one day after the attackers breached its systems and accessed administrative/user data and employee/contractor accounts.

Agropur, one of the largest dairy cooperatives in North America, is notifying customers of a data breach after some of its shared online directories were exposed. In a reply to BleepingComputer's request for a statement, a company's spokesperson confirmed the data exposure incident but did not provide additional info about the event due to the ongoing investigation.

Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people. "Ticketmaster recently discovered that an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider," reads a data breach notification shared with the Office of the Maine Attorney General.