Security News

Atlassian suffered a data leak after threat actors used stolen employee credentials to steal data from a third-party vendor. Atlassian confirmed to BleepingComputer that the compromised data was from third-party vendor Envoy which they use for in-office functions.

Atlassian has confirmed that a breach at a third-party vendor caused a recent leak of company data and that their network and customer information is secure. As first reported by Cyberscoop, a hacking group known as SiegedSec leaked data on Telegram yesterday, claiming to be stolen from Atlassian, a collaboration software company based out of Australia.

Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018. The legal dispute sprang up in response to revelations that the social media giant allowed third-party apps such as those used by Cambridge Analytica to access users' personal information without their consent for political advertising.

"The DPC corresponded with Twitter International Unlimited Company in relation to a notified personal data breach that TIC claims to be the source vulnerability used to generate the datasets and raised queries in relation to GDPR compliance," the Irish privacy regulator said on Friday. Twitter's lead EU watchdog wants to determine if Twitter has complied with its obligation as a data controller regarding the processing of users' data and if it infringed any General Data Protection Regulation or Data Protection Act 2018 provisions.

Twitter confirmed today that the recent leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022. Twitter says its incident response team analyzed the user data leaked in November 2022 and confirms it was collected using the same vulnerability before it was fixed in January 2022.

Every year the personal data of millions of people, such as passwords, credit card details, or health details, fall into the hands of unauthorized persons through hacking or data processing errors by companies. In the EU, any data leak that may result in risks for the concerned individuals must be reported within 72 hours.

A technical SNAFU shut down the UK's Royal Mail Click and Drop website on Tuesday after a security "Issue" allowed some customers to see others' order information. The data leak started around 13:00 GMT, and according to an alert posted on Click and Drop's status page, Royal Mail shut down the website about an hour later.

"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.

Microsoft has confirmed a data leak linked to a misconfigured server for a cloud storage service but is disputing the extent of the problem.In a revelation this week, Microsoft's Security Response Center said the cloud provider was notified by threat intelligence firm SOCRadar on September 24 about the misconfigured endpoint that exposed business transaction data related to interactions between Microsoft and customers.

Identities of secret agents working for the Australian Federal Police have been exposed after hackers leaked documents stolen from the Colombian government. The leak comes from a hacktivist group called Guacamaya and includes more than five terabytes of classified data, including emails, documents, and methods AFP agents were using to stop drug cartels from running their business in Australia.