Security News

A court filing and announcement allege that a chap named Jonathan Toebbe, an employee of the Department of the Navy who served as a nuclear engineer, contacted entities that he believed represented a foreign power and offered to sell "Restricted Data concerning the design of a nuclear-powered warship". An FBI legal attaché obtained a letter sent by Toebbe in April 2020 that included some US Navy documents and instructions on how to establish a secure channel between a foreign nation and Toebbe.

An attacker claims to have ransacked Twitch for everything it's got, including all of its source code and user-payout information. Twitch's announcement came days after Black and LGBTQ Twitch streamers, fed up with torrents of racist and transphobic hate, boycotted the service for 24 hours in the #ADayOffTwitch protest.

Links to torrents that contain 128GB of data supposedly pulled from the Amazon-owned Twitch streaming service have been posted to 4chan. Without a trace of irony, the anonymous poster described Twitch as "a disgusting toxic cesspool" and linked to the data, which they alleged contains the source code for the Twitch site, other bits of released and unreleased software, and data on payouts made to Twitch creators.

Twitch source code and streamers' and users' sensitive information were allegedly leaked online by an anonymous user on the 4chan imageboard. The leaker shared a torrent link leading to a 120GB archive containing data allegedly stolen from roughly 6,000 internal Twitch Git repositories.

EUTNAIOA earlier leaked 180GB of data it said it siphoned from Epik servers, plenty of it detailing the activities of far-right groups such as The Proud Boys and the ridiculous QAnon mob. The hacktivist collective justified the release of stolen data on the grounds it exposed racists, and dubbed the operation: Epik Fail.

FBI accused of withholding ransomware key as part of REvil probe. The FBI had obtained a key to undo a flood of ransomware infections but sat on it for a while in an attempt to strike at the malware operators, it's claimed.

On Wednesday, BleepingComputer reported that it's been in touch with a threat actor who leaked a list of nearly half a million Fortinet VPN credentials, allegedly scraped from exploitable devices last summer. The news outlet has analyzed the file and reported that it contains VPN credentials for 498,908 users over 12,856 devices.

A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum. As first noticed by security researcher vx-underground, an alleged member of the Babuk group released the full source code for their ransomware on a popular Russian-speaking hacking forum.

The names and home addresses of 111,000 British firearm owners have been dumped online as a Google Earth-compatible. Dumped online last week onto an animal rights activist's blog, the reformatted Guntrader breach data was explicitly advertised as being importable into Google Earth so randomers could "Contact as many [owners] as you can in your area and ask them if they are involved in shooting animals."

Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers.New York City-based JPMorgan Chase Bank is a financial services giant with a $120 billion annual revenue and over 250,000 employees worldwide.