Security News

A new trove of 361 million email addresses has been added to Have I Been Pwned?, the free online service through which users can check whether their account credentials and other data has been compromised in one or more data breaches. The data includes lists of credentials for accounts grouped either by service or country.

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. Cybersecurity researchers collected these credentials from numerous Telegram cybercrime channels, where the stolen data is commonly leaked to the channel's users to build reputation and subscribers.

Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website. The data quickly spread online, being shared in torrents and hacking forums, allowing threat actors and others to download the data easily.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

AT&T has confirmed that the data set leaked on the dark web some two weeks ago does contain "AT&T data-specific fields".According to AT&T, the batch includes data of approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders: full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode.

AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them. While the company continues to say there is no indication their systems were breached, it has now confirmed that the leaked data belongs to 73 million current and former customers.

NHS Dumfries and Galloway has confirmed that a "Recognised ransomware group" was able to "Access a significant amount of data including patient and staff-identifiable information," and has published "Clinical data relating to a small number of patients." "NHS DG still holds the original files and they have not been altered or deleted. Some information has been copied and leaked. NHS DG will contact everyone whose information is known to have been leaked. We are still investigating how much information has been stolen. Unfortunately we cannot yet rule out that more information will be leaked in the future," the board said.

Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. The researchers started looking on the public web for personally identifiable information exposed via vulnerable Firebase instances.

AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to confirm the legitimacy of all the data in the database, we have confirmed some of the entries are accurate, including those whose data is not publicly accessible for scraping.

Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum. Earlier today, a threat actor known as 'ph1ns' published a link to download a stolen database containing Acer employee data for free on a hacking forum.