< ciso
brief />
Tag Banner

All news with #credential stuffing tag

87 articles

23andMe Agrees $18M Settlement and New Security Terms

πŸ”’ A coalition of 42 US attorneys general has secured an $18m settlement with genetic testing firm 23andMe following the 2023 credential-stuffing breach that exposed profile and ancestry data for over six million individuals. The settlement, led by New York Attorney General Letitia James, includes more than $705,000 payable to New York and imposes new data protection requirements on the company and its successor. As 23andMe entered bankruptcy in March 2025, its customer data was transferred to TTAM Research; the agreement mandates risk analysis, an advisory board on data security, and continued consumer deletion rights to safeguard that information.
read more β†’

Search for Clean Residential Proxies in Carding

πŸ” Flare researchers examined nearly 2,900 underground posts to map how carders assess residential proxies and build fraud-ready digital identities. The analysis shows proxies are judged by reputation and history rather than just being residential, and are commonly paired with antidetect browsers, device fingerprints, and billing consistency. Providers’ restrictions and takedowns have pushed demand for β€œfinance-compatible” IPs and increased operational complexity for attackers.
read more β†’

23andMe to Pay $18M After Massive Genetic Data Breach

πŸ”’ A coalition of 43 state attorneys general reached an $18 million settlement with 23andMe (now Chrome Holding Co.) over a 2023 data breach that exposed genetic data of 6.9 million customers. Investigators found the company lacked basic protections against credential-stuffing attacks, including multifactor authentication, password blocklisting, and adequate monitoring. The settlement imposes new security requirements, governance measures, and preserves consumer deletion rights while following prior lawsuits and fines.
read more β†’

INTERPOL-led Operation First Light nets global arrests

πŸ•΅οΈ Law enforcement agencies coordinated Operation First Light 2026 across 97 countries, arresting 5,811 suspects and seizing $293 million in illicit assets. The operation targeted social engineering fraud β€” including BEC, sextortion, impersonation, romance, and investment scams β€” and associated money laundering between January 15 and April 30. Authorities identified over 142,000 victims, blocked 31,014 bank accounts, and analyzed 152,808 cases while additional suspects were identified. INTERPOL coordinated the effort with regional policing bodies and funding support from China's Ministry of Public Security.
read more β†’

Phishing campaign abused Facebook verification claims

πŸ”’ Cybercriminals abused Facebook Messenger chatbots to deliver phishing messages that appeared to come from legitimate Facebook Business accounts. The campaign, active from November 2025 until June 2026, coaxed victims to log in on fake pages and surrender credentials, MFA codes, contact details and images of government IDs. Meta disrupted the infrastructure after Huntress reported the activity, but business accounts remain attractive targets.
read more β†’

KDDI breach may expose millions of ISP email logins

πŸ“§ KDDI Corporation disclosed a breach affecting an email system shared with five Japanese ISPs after discovering unauthorized access on June 17. The company attributes the intrusion to a vulnerability in unnamed third-party software and says it immediately blocked the attacker and implemented defenses. Up to 14.22 million current, former, and inactive customer email addresses and passwords may have been exposed, though some credentials were stored hashed or encrypted. KDDI is notifying regulators and working with affected ISPs while advising customers to reset passwords and enable 2FA where possible.
read more β†’

Shop app abused to deliver callback phishing scams

πŸ›’ Researchers warn that threat actors are abusing Shop, Shopify’s order-tracking app, by adding fake purchase receipts to users' histories to trick them into calling scam phone numbers. Fraudulent receipts impersonate brands like Apple, PayPal, Norton, and McAfee, and aim to collect credentials, payment details, OTPs, or persuade victims to install remote access software. Users are advised to verify charges with their bank rather than call numbers on suspicious receipts.
read more β†’

KDDI Breach Exposes Millions of Japanese Email Accounts

πŸ“§ KDDI has confirmed an unauthorized intrusion into an email system it provides to several Japanese ISPs, potentially exposing up to 14.22 million email addresses and passwords. The incident, detected on June 17, affected customers across multiple providers, including JCOM, Nifty, Biglobe and others. KDDI said the attacker likely exploited a vulnerability in third-party software and has implemented technical countermeasures. The company is collaborating with affected ISPs and authorities and has urged users to change their passwords.
read more β†’

Search-Your-Target Market for Stolen Credentials

πŸ”Ž Flare analyzed 470 underground forum posts from January 2025 to June 2026 revealing a growing service layer that lets buyers query massive infostealer-derived credential collections for specific companies, platforms, domains, geographies, or account types. These sellers act as brokers, offering search, deduplication, formatting, and targeted delivery of credentials from databases claiming billions of records. Buyer feedback highlights gaps in quality, freshness, and validity, while the market partially overlaps with Initial Access Brokers and amplifies account takeover risks.
read more β†’

CISA Warns Fortinet Customers Amid FortiBleed Campaign

πŸ”’ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure FortiGate appliances after a large-scale campaign, dubbed FortiBleed, compromised 86,644 devices as of June 19, 2026. The campaign, attributed to Russian-speaking actors, used mass scanning and credential spraying against internet-facing VPN and firewall endpoints, leveraging leaked and reused credentials. Telecom, government, and education sectors were heavily affected, prompting guidance to reset passwords, enable MFA, and move to PBKDF2 hashing for admin credentials.
read more β†’

Prime Day 2026: Surge in Amazon-Themed Scams

πŸ›‘οΈ Check Point Research warns that Amazon Prime Day (June 23–26, 2026) is generating a large pre-event surge in phishing, fake storefronts, and domain-squatting operations. Between December 2025 and May 2026, thousands of Amazon-themed domains were registered, with many already flagged as malicious. Attackers are building multi-TLD campaigns, regional IDN spoofs, and convincing counterfeit product pages to steal credentials and payments.
read more β†’

World Cup 2026 Scams: Watch for Fake Streams

⚠️ Scammers are exploiting World Cup hype with fake streaming sites, fraudulent betting platforms, and counterfeit merchandise stores that harvest payments and personal data. Many sites demand extensive personal information or up-front payments, sometimes even in cryptocurrency, and use professional-looking pages to trick victims. Fans and bettors risk losing money and having credentials reused across accounts stolen; strong security measures and unique passwords are advised.
read more β†’

FortiBleed leak exposes Fortinet VPN credentials

πŸ”’ A newly discovered data leak called FortiBleed appears to expose Fortinet and FortiGate VPN credentials for 73,932 firewall URLs worldwide. Researcher Bob Diachenko discovered a server containing usernames, emails, and plaintext passwords and linked the collection to a Russian-speaking multi-operator group that performed massive credential harvesting and cracking. Hudson Rock and other researchers validated the dataset, noting impacts across many industries and countries, and urged affected organizations to rotate credentials and enforce MFA.
read more β†’

Oxford University reports CareerConnect credential breach

πŸ”’ Oxford University disclosed a data breach after its third-party provider, Group GTI, reported that the CareerConnect platform was compromised on May 28. The attackers accessed users' first and last names, email addresses, and encrypted passwords for accounts not using Single Sign-On; GTI has invalidated those passwords and will require resets. The university said no course materials, uploaded files, appointments, or financial data appear affected, but warned users to watch for phishing attempts.
read more β†’

FIFA World Cup 2026: Rising Cybercrime Threats

πŸ›‘οΈ FortiGuard Labs warns that cybercriminals are actively exploiting FIFA World Cup 2026 demand, registering thousands of themed domains and creating fake ticketing sites, malicious apps, and impersonation accounts to steal credentials and payments. Their research found over 13,000 new tournament-related domains and identified numerous scams across social media, underground forums, and stealer telemetry. Organizations and fans are urged to prepare early and verify official channels.
read more β†’

WeedHack campaign infects over 116,000 Minecraft systems

πŸ›‘οΈ McAfee researchers report that a large-scale malware campaign named WeedHack has infected more than 116,000 systems by distributing malicious Minecraft mods, clients, cheats, and utilities via YouTube links and SEO poisoning. The operation provides a free, clear-net MaaS dashboard and a paid premium tier that adds remote control, keylogging, and webcam access, targeting session IDs, browsers, wallets, and gaming credentials. Victims are concentrated in the US, Germany, India, and the UK, and the campaign uses hundreds of distribution URLs and thousands of malicious JARs. Players are urged to only download from official sources and use the in-game Marketplace for safety.
read more β†’

Romanian sentenced for hacking Oregon government network

πŸ”’ A Romanian national was sentenced to 56 months in federal prison after pleading guilty to aggravated identity theft and unauthorized access to an Oregon state government computer network. The 46-year-old, known online as "inthematrixl," also sold access and stolen personal data from other U.S. victims, causing at least $250,000 in losses. Authorities coordinated internationally to arrest and extradite him, and the court ordered forfeiture of cryptocurrency and supervised release.
read more β†’

AppSheet-phishing: attackers abusing Google-linked emails

πŸ“§ Recent phishing campaigns exploit Google’s AppSheet platform to send convincing emails from a legitimate noreply{@}appsheet.com address, making them likely to bypass filters. Attackers craft personalized messages β€” urgent warnings or enticing job offers β€” to trick victims into submitting identity details on clone sites, then harvest credentials and data. The compromises can lead to account takeover, device control, and secondary targeted attacks using the stolen information.
read more β†’

How to Manage Subscriptions Securely and Avoid Scams

πŸ”’ Subscription services are widespread and often contain personal data, making them attractive targets for attackers. The article outlines common attack vectors β€” phishing, credential reuse, infostealers, and bulk-resale of hacked family slots β€” and explains practical defenses: use password managers, enable two-factor authentication or passkeys, and monitor active sessions. It also advises how to spot phishing and track hidden recurring charges through bank statements and app-store settings.
read more β†’

PCPJack worm steals cloud credentials and cleans TeamPCP

πŸ› PCPJack is a new worm that targets exposed cloud infrastructure to harvest credentials while actively removing traces of rival group TeamPCP. It infects Linux systems via a shell script (bootstrap.sh), establishes persistence (monitor.py), and propagates by scanning for exposed Docker, Kubernetes, Redis, MongoDB and RayML services. Stolen credentials are encrypted with X25519/ChaCha20-Poly1305 and exfiltrated to Telegram channels; researchers recommend MFA, IMDSv2 and least-privilege controls.
read more β†’