Security News

The Weee! Asian and Hispanic food delivery service suffered a data breach exposing the personal information of 1.1 million customers.On Monday, a threat actor named 'IntelBroker' began leaking the data for Weee! on the Breached hacking and data breach forum.

A Sydney man has been sentenced to an 18-month Community Correction Order and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when arrested in October 2022 and now 20, used the leaked records stolen from the security lapse to orchestrate an SMS-based extortion scheme.

PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirmed they suffered a data breach after hackers leaked a 2019 backup database containing the info of millions of customers. TruthFinder and Instant Checkmate are subscription-based services allowing customers to perform background checks on other people.

Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks. Google sent notices of a data breach to Google Fi customers this week, informing them that the incident exposed their phone numbers, SIM card serial numbers, account status, account activation date, and mobile service plan details.

Hackers breached Zacks Investment Research company last year and gained access to personal and sensitive information belonging to 820,000 customers. Founded in 1978, the company helps investors with stock buying decisions by using advanced financial data analytics algorithms.

LastPass-owner GoTo on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident."The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor Authentication settings, as well as some product settings and licensing information," GoTo's Paddy Srinivasan said.

"Recently, we were informed by a third-party technology vendor that sends transactional emails on behalf of its clients like FanDuel that they had experienced a security breach within their system that impacted several of their clients," reads a FanDuel 'Notice of Third-Party Vendor Security Incident' seen by BleepingComputer. "On Sunday evening, the vendor confirmed that FanDuel customer names and email addresses were acquired by an unauthorized actor. No customer passwords, financial account information, or other personal information was acquired in this incident."

Last Thursday, FanDuel emailed customers to warn them that the threat actors acquired their names and email addresses during the MailChimp breach. "Recently, we were informed by a third-party technology vendor that sends transactional emails on behalf of its clients like FanDuel that they had experienced a security breach within their system that impacted several of their clients," reads a FanDuel 'Notice of Third-Party Vendor Security Incident' seen by BleepingComputer.

T-Mobile disclosed a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming...

Nissan North America has begun sending data breach notifications informing customers of a breach at a third-party service provider that exposed customer information. In the notification sample, Nissan claims it received notice of a data breach from one of its software development vendors on June 21, 2022.