Security News

PHP maintainer Nikita Popov has posted an update concerning how the source code was compromised and malicious code inserted - blaming a user database leak rather than a problem with the server itself. The PHP code repository was compromised late last month with the insertion of code that, if left in place, would have enabled a backdoor into any web server running it.

From the Facebook data samples seen by BleepingComputer, almost every user record had a mobile phone number, a Facebook ID, a name, and the member's gender associated with it. Facebook has shed some light on the recent data leak comprising 533 million Facebook user profiles, data from which was posted on a hacker forum last week.

Facebook said Tuesday that hackers "Scraped" personal data of some half-billion users back in 2019 by taking advantage of a feature designed to help people easily find friends using contact lists. A trove of information about more than 530 million Facebook users was shared over the weekend at a hacker forum, prompting the leading social network to explain what happened and call on people to be vigilant about privacy settings.

Ireland's Data Protection Commission is investigating a massive data leak concerning a database containing personal information belonging to more than 530 million Facebook users. "Previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website which at the time Facebook advised occurred between June 2017 and April 2018 when Facebook closed off a vulnerability in its phone lookup functionality," the DPC said.

Reams of personal data - including phone numbers, email addresses, and birthdays - obtained from 533 million Facebook accounts was offered to all for free on a cyber-crime forum over the weekend. The information - which also includes people's names, marital status, occupation, and location - was siphoned from Facebook in 2019 via a security weakness in the platform.

Data breach notification service Have I Been Pwned can now be used to check if your personal information was exposed in yesterday's Facebook data leak that contains the phone numbers and information for over 500 million users. Troy Hunt has added the leaked data to his Have I Been Pwned data breach notification service to help users determine if a Facebook member's data was exposed in the leak.

Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore, and the University of California was leaked online by the Clop ransomware group. Data stolen in the attack targeting Stanford Medicine's Accellion server includes names, addresses, email addresses, Social Security numbers, and financial information, reported the Stanford Daily.

Wi-Fi kit-slinger Ubiquiti has suggested the attacker that accessed some of its cloud-hosted systems in January 2021 may have made off with source code and employee logins, not the customer data it initially warned could be in peril. Ubiquiti has not said when the external experts decided customer data was untouched.

Indian payment app maker MobiKwik has denied its security has been breached, saying that if it's true, as has been claimed, that its customers' information has appeared on the dark web, then some other platform was totally responsible for that. "Some users have reported that their data is visible on the dark web," reads a message from the company, dated March 30.

A security engineer and ex-contributor to an open systems non-profit organization recently reported a data leak to the organization. On discovering this GitHub repository which, the engineer says, was public since at least 2019, the engineer privately reported it to Apperta, and got thanked by them.