All news with #breach tag

Alleged Mastermind Behind K-Pop Stock Heist Extradited

🔒 South Korean authorities have extradited a 34-year-old suspect from Thailand, accused of masterminding a coordinated campaign that siphoned millions in stocks from celebrities, including Jung Kook. Investigators say the group stole personal data from Korean telecom firms, used it to assume victims' identities and opened brokerage accounts between August 2023 and January 2024. With assistance from Interpol and Thai authorities, officials tracked and arrested the suspect, who has admitted some allegations while denying others.

CIISec: Majority of Security Pros Back Stricter Rules

🔒 A new CIISec survey finds 69% of security professionals believe current cybersecurity laws are insufficient. The annual State of the Security Profession report, compiled from CIISec members and the wider community, highlights a regulatory focus driven by recent legislation such as DORA, NIS2 and the EU AI Act. Respondents assign breach responsibility mainly to boards (91%), and indicate increasing support for senior management sanctions. CIISec's CEO urges improved collaboration, regulation literacy and clearer risk communication.

Major Corporation Uses '123456' for Critical Access

🔒 McDonald's reportedly configured a major corporate system with the password 123456, illustrating a glaring failure in basic security hygiene. That weak credential makes systems trivially susceptible to brute-force and credential-stuffing attacks and indicates lax oversight of password policies, privileged accounts, and access controls. Immediate remediation should include forcing password rotation, deploying multi-factor authentication, implementing centralized secrets management, and auditing privileged access.

Yemen Cyber Army Hacker Jailed for Massive Data Theft

🔒 A 26-year-old man, Al-Tahery Al-Mashriky, has been jailed after UK National Crime Agency investigators linked him to the Yemen Cyber Army and uncovered evidence of widespread website breaches. Arrested in August 2022 in Rotherham, he defaced and compromised sites across North America, Yemen and Israel, including government and faith organisations. Forensically seized devices contained personal data, account credentials and other files that could facilitate fraud; he pleaded guilty and was sentenced to 20 months in prison.

Dutch prosecution hack disables multiple speed cameras

⚠️ The Netherlands' Public Prosecution Service (Openbaar Ministerie) disconnected its networks on July 17 after suspecting attackers had exploited Citrix device vulnerabilities, leaving several fixed, average and portable speed cameras unable to record offences. Internal email remained available, but external communications and documents required printing and postal delivery. Regulators including the National Cybersecurity Centre were informed, and prosecutors warned that ongoing downtime will delay cases and hamper road-safety enforcement while systems remain offline.

Langflow Misconfiguration Exposes Data of Pakistani Insurers

🔓 UpGuard secured a misconfigured Langflow instance that exposed data for roughly 97,000 insurance customers in Pakistan, including 945 individuals marked as politically exposed persons. The instance was used by Pakistan-based Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue. Exposed materials included PII, confidential business documents and credentials; access was removed after notification and UpGuard found no evidence of exploitation.

US Seizes $1.09M in Bitcoin From BlackSuit Gang Takedown

💰 The US Department of Justice announced it seized US $1,091,453 in cryptocurrency linked to the Russian-operated BlackSuit ransomware group following an international takedown of servers, domains and the gang's dark web extortion site. The recovered funds derive from a 49.3120227 Bitcoin ransom payment on or about April 4, 2023; that payment was originally worth US $1,445,454.86. Law enforcement partners in the United States, United Kingdom, Canada, Germany, Ireland and France collaborated on the operation that seized four servers and nine domains on July 24, and the frozen funds were identified after repeated deposits and withdrawals that ended with an exchange freeze in January 2024.

KrebsOnSecurity Featured in HBO Max 'Most Wanted' Series

📰 The HBO Max documentary Most Wanted: Teen Hacker features interviews with Brian Krebs and examines the criminal trajectory of Julius Kivimäki, a Finnish hacker convicted for extensive data breaches and later mass extortion. The four-part series traces his early role in the Lizard Squad, high-profile DDoS attacks, swatting incidents, and the Vastaamo psychotherapy breach and patient extortion. Directed by Sami Kieski and co-written by Joni Soila, episodes will stream weekly on Fridays throughout September.

TeaOnHer App Replicates Tea's Functionality and Breaches

🛡️ TeaOnHer, a recent iOS knock‑off of the controversial dating app Tea, has been found exposing sensitive user data. TechCrunch reported government IDs, driving licences and selfies accessible via a public web endpoint with no authentication, and the app appears to copy wording and features from the original. Newville Media did not respond to disclosure attempts, and an exposed admin credential pair was found on the company server. Until these failures are addressed, users should avoid Tea-related apps.

Thai Hospital Fined After Patient Records Used as Wrappers

📄 A Thai hospital was fined after more than 1,000 patient records, sent for destruction, were found being used as street-food wrappers for crispy crepes. Thailand’s Personal Data Protection Committee (PDPC) determined the documents leaked following handling by a contracted disposal firm that stored them at a private residence. The hospital was fined 1.21 million baht and the disposal business owner received a separate penalty. The episode highlights failures in secure disposal and vendor oversight.

AggregateIQ exposure: Canadian political campaign data

🔐 The UpGuard Cyber Risk Team discovered exposed repositories belonging to AggregateIQ that contained website code, backups, credentials and tokens associated with multiple Canadian political campaigns and parties. Exposed artifacts included Stripe secret keys, private SSL keys, NationBuilder/Helcim/SendGrid tokens, WordPress database credentials, and admin accounts tied to aggregateiq.com. The incident highlights third-party vendor risk and the need for tighter controls on credentials and repository configurations.

AggregateIQ Exposure Reveals Canadian Campaign Assets

🔒 The UpGuard Cyber Risk Team discovered an unsecured AggregateIQ (AIQ) code repository containing site backups, API keys, SSL private keys, and other sensitive assets tied to multiple Canadian campaigns and parties. Exposed files included WordPress backups, donation processor keys (Stripe), NationBuilder tokens, and PEM private keys that could enable impersonation or account takeover. The findings illustrate significant third‑party vendor risk and raise regulatory and public‑interest concerns about how AggregateIQ managed client credentials and campaign tooling.

ISP Exposes Admin Credentials via Misconfigured S3 Bucket

🔒 The UpGuard Cyber Risk team discovered a 73 GB dataset belonging to Washington ISP Pocket iNet publicly exposed in a misconfigured Amazon S3 bucket named pinapp2. The exposed files included plain text administrative passwords, AWS access keys, network diagrams, device configurations, inventories, and photographs of physical infrastructure. UpGuard notified Pocket iNet on discovery (October 11, 2018); the bucket remained exposed for seven days and was secured on October 19 after repeated contact. The incident highlights the dangers of storing secrets in public object storage and recommends using secrets managers, encryption, and hardened S3 ACLs.

Leakzone Elasticsearch Exposure Reveals Visitor IP Logs

🔎 UpGuard discovered an unauthenticated Elasticsearch index containing roughly 22 million web-request records, of which about 95% referenced leakzone.net. The logs included client IP addresses, destination domains, request sizes, geolocation data and ISP metadata, spanning June 25 to discovery on July 18, with about one million requests per day. Analysis found extensive use of public proxies and clustered VPN exit nodes, alongside many one-off IPs likely representing direct users. The dataset raises privacy and operational concerns for visitors, service operators, and investigators.

Top Secret INSCOM Data Exposed via Public AWS S3 Repository

🔓 On September 27, 2017, UpGuard researcher Chris Vickery discovered an Amazon S3 bucket at the AWS subdomain "inscom" that was publicly accessible and contained 47 entries with three downloadable files. One download, an .ova virtual appliance named "ssdev," included a virtual hard drive with partitions and metadata labeled Top Secret and NOFORN. The exposed assets also contained private keys, hashed passwords, a ReadMe referencing the Pentagon cloud project Red Disk, and a classification-training snapshot. UpGuard notified INSCOM and the repository was promptly secured.

Public Exposure of Tetrad Consumer Data Sets in S3

🔓 UpGuard Research discovered a publicly accessible Amazon S3 bucket containing detailed consumer data attributed to Tetrad, including files derived from Experian Mosaic, Claritas/PRIZM, and client-supplied datasets covering over 120 million U.S. household records. The exposure included full names, addresses, gender, Mosaic codes, and retailer account and purchase information. UpGuard notified Tetrad in early February and, after repeated contact, the company removed public access and secured the bucket. The dataset's breadth raises significant privacy and targeted-risk concerns for individuals and communities.

Open rsync Repository Exposes 42,000+ Patients' Records

🔒 UpGuard discovered a publicly accessible rsync repository tied to Cohen Bergman Klepper Romano Mds PC that exposed records for more than 42,000 patients and over three million medical notes. The exposed data included patient and physician names, Social Security numbers, dates of birth, phone numbers, email and insurance information, along with an Outlook .pst and a virtual hard drive containing staff home addresses and family details. UpGuard notified the affected parties and Accenture, and the repository was secured after follow-up, underscoring failures in basic access controls and the need for faster remediation.

Spartan Technology S3 Exposure of South Carolina Arrests

🔒 UpGuard Research discovered a publicly accessible AWS S3 bucket containing roughly 60 GB of MSSQL backups uploaded by a Spartan Technology employee, exposing South Carolina justice-system records spanning 2008–2018. The dataset included about 5.2 million arrest-event rows, tens of millions of related records, and sensitive PII such as names, dates of birth, driver’s license numbers and roughly 17,000 Social Security numbers. Permissions included the "AuthenticatedUsers" group, enabling broad access; Spartan removed public access the same day after notification.

Exposed NGA Data Linked to Booz Allen S3 Misconfiguration

🛡️ UpGuard analyst Chris Vickery discovered a publicly exposed S3 file repository containing credentials and SSH keys tied to systems used by US geospatial intelligence contractors. The plaintext data included access tokens and administrative credentials that could enable entry to systems handling Top Secret-level data. NGA secured the bucket rapidly after notification; Booz Allen Hamilton responded later. UpGuard preserved the dataset at government request.

GoDaddy AWS Configuration Data Exposed in Public S3

🔓 The UpGuard Cyber Risk Team discovered a publicly accessible Amazon S3 bucket that contained detailed configuration spreadsheets appearing to describe GoDaddy infrastructure running in the AWS cloud. The files included over 24,000 hostnames and 41 configuration fields per system, plus modeled financials and apparent AWS discounting—information useful for targeted attacks or competitive intelligence. GoDaddy closed the exposure after notification; no credentials were found, but the incident highlights the severe consequences of cloud misconfiguration at scale.