Security News

Pro has suffered a data breach exposing the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names. On Tuesday, someone using the alias 'KryptonZambie' shared a link on the BreachForums hacking forum to CSV files containing 5.93 GB of data stolen from Cutout.

A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users. IntelBroker claims this partial Facebook Marketplace database was stolen by someone using the 'algoatson' Discord handle after hacking the systems of a Meta contractor.

Leaked credentials from traditional sources are still a prominent and substantial risk to organizations. We monitor more than 14 billion leaked credentials found from dumps across the dark web.

Toyota Tsusho Insurance Broker India, an Indo-Japanese joint insurance venture, operated a misconfigured server that exposed more than 650,000 Microsoft-hosted email messages to customers, a security researcher has found. Zveare then examined the calculator web page on the TTIBI website and saw that it included a client-side function that created a request to send email using a server-side API. "This caught my eye because this was a client-side email sending mechanism," he wrote in a post describing his findings.

The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data. Links to download the source code were shared on numerous channels, including Discord, a dark web website, and a Telegram channel that the hackers previously used to leak stolen Rockstar data.

IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data. HTC Global Services is a managed service provider offering technology and business services to the healthcare, automotive, manufacturing, and financial industries.

The UK division of Samsung Electronics has allegedly alerted customers of a year-long data breach - the third such incident the South Korean giant has experienced around the world in the past two years. An email to customers, shared on social media by web security consultant and Have I Been Pwned creator Troy Hunt, detailed that the breach exposing data of customers who made purchases between July 1, 2019 and June 30, 2020 was discovered on November 13.

Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI. The vulnerability was reported by security researchers with Palo Alto's Prisma Cloud. "Customers using the affected CLI commands must update their Azure CLI version to 2.53.1 or above to be protected against the risks of this vulnerability. This also applies to customers with log files created by using these commands through Azure DevOps and/or GitHub Actions."

The LockBit crew is claiming to have leaked all of the data it stole from Boeing late last month, after the passenger jet giant apparently refused to pay the ransom demand. Neither data dump has been verified by The Register, and Boeing declined to answer specific questions about the incident or the stolen files.

23andMe told The Reg: "We are aware that the threat actor involved in this investigation posted what they claim to be additional customer DNA Relative profile information. We are currently reviewing the data to determine if it is legitimate. Our investigation is ongoing and if we learn that a customer's data has been accessed without their authorization, we will notify them directly with more information." Golem posted a link to what was advertised as a trove of 1 million records of 23andMe profiles including Ashkenazi Jewish markers to BreachForums on October 2.