Security News
AT&T has confirmed that the data set leaked on the dark web some two weeks ago does contain "AT&T data-specific fields".According to AT&T, the batch includes data of approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders: full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode.
AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them. While the company continues to say there is no indication their systems were breached, it has now confirmed that the leaked data belongs to 73 million current and former customers.
NHS Dumfries and Galloway has confirmed that a "Recognised ransomware group" was able to "Access a significant amount of data including patient and staff-identifiable information," and has published "Clinical data relating to a small number of patients." "NHS DG still holds the original files and they have not been altered or deleted. Some information has been copied and leaked. NHS DG will contact everyone whose information is known to have been leaked. We are still investigating how much information has been stolen. Unfortunately we cannot yet rule out that more information will be leaked in the future," the board said.
Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. The researchers started looking on the public web for personally identifiable information exposed via vulnerable Firebase instances.
AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to confirm the legitimacy of all the data in the database, we have confirmed some of the entries are accurate, including those whose data is not publicly accessible for scraping.
Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum. Earlier today, a threat actor known as 'ph1ns' published a link to download a stolen database containing Acer employee data for free on a hacking forum.
GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. In terms of which sectors leaked the most secrets, IT tops the list with the lion's share of 65.9%, followed by education with a notable 20.1%, and all others combined accounting for 14%. GitGuardian's generic detectors, which caught about 45% of all secrets the firm detected in 2023, are analyzed as follows.
Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. The leaked data includes user IDs, full names, company names, office addresses, phone numbers, email addresses, positions/roles, and other information.
The National Cyber Security Centre of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. The Swiss government started investigating the leaked files and instantly admitted that the leaked data might contain documents belonging to the Federal Administration of Switzerland.
Pro has suffered a data breach exposing the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names. On Tuesday, someone using the alias 'KryptonZambie' shared a link on the BreachForums hacking forum to CSV files containing 5.93 GB of data stolen from Cutout.