Security News

AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to confirm the legitimacy of all the data in the database, we have confirmed some of the entries are accurate, including those whose data is not publicly accessible for scraping.

Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum. Earlier today, a threat actor known as 'ph1ns' published a link to download a stolen database containing Acer employee data for free on a hacking forum.

GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. In terms of which sectors leaked the most secrets, IT tops the list with the lion's share of 65.9%, followed by education with a notable 20.1%, and all others combined accounting for 14%. GitGuardian's generic detectors, which caught about 45% of all secrets the firm detected in 2023, are analyzed as follows.

Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. The leaked data includes user IDs, full names, company names, office addresses, phone numbers, email addresses, positions/roles, and other information.

The National Cyber Security Centre of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. The Swiss government started investigating the leaked files and instantly admitted that the leaked data might contain documents belonging to the Federal Administration of Switzerland.

Pro has suffered a data breach exposing the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names. On Tuesday, someone using the alias 'KryptonZambie' shared a link on the BreachForums hacking forum to CSV files containing 5.93 GB of data stolen from Cutout.

A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users. IntelBroker claims this partial Facebook Marketplace database was stolen by someone using the 'algoatson' Discord handle after hacking the systems of a Meta contractor.

Leaked credentials from traditional sources are still a prominent and substantial risk to organizations. We monitor more than 14 billion leaked credentials found from dumps across the dark web.

Toyota Tsusho Insurance Broker India, an Indo-Japanese joint insurance venture, operated a misconfigured server that exposed more than 650,000 Microsoft-hosted email messages to customers, a security researcher has found. Zveare then examined the calculator web page on the TTIBI website and saw that it included a client-side function that created a request to send email using a server-side API. "This caught my eye because this was a client-side email sending mechanism," he wrote in a post describing his findings.

The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data. Links to download the source code were shared on numerous channels, including Discord, a dark web website, and a Telegram channel that the hackers previously used to leak stolen Rockstar data.