All news with #data breach tag

🔒 Cybersecurity researcher Jeremiah Fowler uncovered a publicly accessible database containing 149 million login credentials, including usernames, plaintext passwords and direct login URLs. Affected accounts span major tech and streaming providers, with about 48 million Gmail entries, 17 million Facebook and 6.5 million Instagram records. Fowler attributes the collection to keyloggers and infostealer malware and warns the dataset enables automated credential-stuffing, targeted fraud and convincing phishing campaigns.

⚠️ Halcyon researchers report a Sicarii ransomware variant that generates a fresh RSA key pair on each execution and immediately discards the private key, leaving encrypted files unrecoverable even if victims pay or use a provided decryptor. Analysts attribute the defect to poor key management or immature development, possibly involving AI-assisted tooling. Affected organizations should prioritize containment, isolate systems, and restore only from known-good, offline, or immutable backups rather than relying on ransom-based recovery.

🔍 Chainalysis warns that Chinese-language money laundering networks now underpin a rapidly expanding global crypto laundering ecosystem, handling roughly 20% of illicit flows over the past five years. Last year these networks processed an estimated $16bn—about $44m per day—across 1,799+ active wallets. The firm traces the rise from a $10bn market in 2020 to over $82bn last year and identifies six operational typologies, from running point brokers to swapping-as-a-service, which increasingly avoid centralized exchanges and exploit OTC, gambling and mule-based layering services.

🛡️ On Data Protection Day 2026, CrowdStrike urges organizations to move beyond checkbox compliance toward operational resilience against modern data risks. The post details how adversaries exploit stolen credentials, identity abuse, SaaS sprawl and AI-driven workflows to access and exfiltrate data, often without crossing conventional boundaries. It calls for controls across identity, endpoints, browsers and the AI interaction layer, and highlights Falcon AIDR as a runtime capability to detect prompt injection, model manipulation and unauthorized tool execution while preserving legitimate workflows.

🔒 Nike is investigating a potential cyber security incident after the extortion group World Leaks published 1.4 TB of files it claims were stolen from the company. Nike said it takes consumer privacy and data security seriously and is actively assessing the situation. The group claimed nearly 190,000 corporate files but later removed Nike from its leak site, a step often seen during negotiations or after a ransom payment.

🔒 SoundCloud confirmed unauthorized activity in December 2025 after users reported 403 errors and the company said it had activated incident response procedures; it indicated no passwords or financial data were accessed. Have I Been Pwned later disclosed the incident impacted 29.8 million accounts, exposing email addresses, names, usernames, avatars, follower/following counts and, in some cases, country. Sources and updates attribute the intrusion to the ShinyHunters extortion group, which attempted to extort SoundCloud and used email flooding to harass users, employees, and partners.

🔒 Nike has entered incident response after the World Leaks ransomware group posted a claimed 188,000+ files from the company to its leak site, with the countdown expiring last Sunday and the full dump now live. The firm said it is investigating a potential cybersecurity incident and actively assessing the situation. Leaked folders reviewed by reporters include development, tech packs and evaluations, and schematics, indicating design and supply-chain materials may be exposed.

🔍 US law firm Hagens Berman is investigating alleged security failures at Coupang after a June 2025 breach that may have exposed the personal data of 33.7 million customers. The firm says it is probing why it took nearly six months to detect a former employee’s access and alleges inadequate access protocols. Investors are being urged to join a class action by the February 17 lead-plaintiff deadline. South Korean regulators and police have also opened inquiries, and Coupang has faced executive changes and an order to remove a liability disclaimer from its terms.

🔒 Under Armour is investigating claims that an unauthorized third party obtained customer data after the Everest ransomware group allegedly added the brand as a victim and claimed to have taken 343GB of information. Reports on 18 January 2026 said roughly 72 million email addresses and other personal details were posted on a hacking forum, and the incident was listed by Have I Been Pwned on 21 January. Compromised data is reported to include names, dates of birth, genders, geographic locations, purchase history and possibly phone numbers and some employee contact information. Under Armour says there is no evidence UA.com, payment processing systems or customer passwords were affected, and the company is working with external cybersecurity experts to investigate.

🔒 A growing body of evidence shows insider threats are a systemic and underestimated risk: a Bitkom survey found 48% of German companies attribute data theft, espionage or sabotage to employees. Insiders hold legitimate access and institutional knowledge, enabling subtle misuse that often evades technical controls. Effective protection requires shifting from isolated tools to a holistic, human-centred approach that combines culture, governance and clear ownership of risk.

🔍 Cyber Centaurs conducted a forensic investigation after a client reported ransomware activity and found a RainINC variant executed from the PerfLogs directory. Analysts discovered artifacts tied to Restic — renamed binaries, PowerShell scripts (notably new.ps1 with Base64-encoded commands) and hardcoded S3 credentials — indicating long-lived attacker-controlled backup repositories. Using a controlled, non-destructive enumeration they recovered encrypted backups for 12 unrelated U.S. organizations across healthcare, manufacturing, technology, and services, preserved copies, and notified law enforcement. The team published findings, a list of tools observed in INC infrastructure, and YARA/Sigma rules to help defenders detect suspicious Restic usage and renamed binaries.

🔒 PcComponentes has denied claims by an online actor using the alias 'daghetiaw' that it stole personal data for 16.3 million people. Security platform Hackrisk.io reported the claim and a shared 500,000-line sample, while PcComponentes says there was no unauthorized access to its databases. The retailer attributes the activity to credential stuffing, stresses that raw payment card data were not stored, and says it has implemented measures to strengthen account protection.

🔒 LastPass has warned users of an ongoing phishing campaign that began on January 19 and attempts to harvest master passwords by directing recipients to a fake LastPass login page. The fraudulent emails pressure users with a 24-hour "backup your vault" deadline to increase clicks. If credentials are entered, attackers can access the vault and any stored account logins. LastPass is working with partners to take down malicious domains and reiterated it will never request a master password.

📈 The number of organisations reporting GDPR breaches rose 22% in 2025 to a daily average of 443, according to DLA Piper, making this the first year since 2018 that notifications topped 400. Germany, the Netherlands and Poland recorded the most reports, and analysts pointed to geopolitical unrest and emerging AI-enabled threats as contributors. Annual GDPR fines remained stable at €1.2bn, with Ireland issuing the largest share, including a €530m penalty for TikTok over international data transfers.

⚠️ The European Space Agency (ESA) has suffered a further significant cybersecurity breach after a December incident, with the Scattered Lapsus$ Hunters group claiming to exfiltrate roughly 500GB of additional data. The stolen material reportedly includes operational procedures, spacecraft and mission documentation, and proprietary contractor data from partners such as SpaceX, Airbus Group, and Thales Alenia Space. ESA has confirmed a criminal investigation is underway amid concerns about systemic security weaknesses.

🔒 PcComponentes says it found no evidence of unauthorized access after investigating claims that a threat actor leaked a 16.3 million‑record customer dataset, but confirmed its platform was targeted in a credential stuffing campaign. The actor posted a 500,000‑record sample and offered the remainder for sale. The company asserts no payment details or passwords are stored and that only a small number of accounts showed exposure of personal data. PcComponentes has deployed CAPTCHA, mandated two‑factor authentication and invalidated active sessions.

🔓 In July 2025, Ingram Micro confirmed a ransomware incident that resulted in the exposure of data for more than 42,000 people. The company told US regulators that attackers accessed records for current and former employees and job applicants, including names, contact details, birth dates, ID numbers and Social Security numbers, plus application materials and employee evaluations. The gang Safepay, active since September 2024, claimed to have stolen about 3.5 terabytes of files. The attack also paralyzed logistics for a week at the global IT distributor, which employs roughly 23,500 people.

🔒 In July 2025 a ransomware attack on distributor Ingram Micro disrupted the company's logistics for about a week, impacting its U.S. headquarters and a German site. The company notified U.S. authorities that more than 42,000 people—current and former employees and job applicants—had personal data stolen, including names, contact details, dates of birth, identity document numbers and Social Security numbers. Documents from hiring processes and employee performance reviews were also exfiltrated, and the ransomware group Safepay, active since September 2024, claimed roughly 3.5 terabytes of data.

🔒 Researchers at Socket uncovered a coordinated campaign in which five Chrome extensions, marketed as productivity tools, clandestinely stole session authentication tokens and enabled full account takeover. More than 2,300 users installed the malicious add-ons, which targeted enterprise HR and ERP platforms such as Workday, NetSuite and SuccessFactors. Some extensions exfiltrated cookies every 60 seconds, while others blocked admin and security pages to prevent incident response. Removal requests have been filed with the Chrome Web Store security team.

🔓 Nicholas Moore, 24, pleaded guilty to hacking the U.S. Supreme Court's restricted electronic filing system and breaching AmeriCorps and VA accounts. Prosecutors say Moore used stolen credentials to access the Court's system at least 25 times between August and October 2023, sometimes logging in multiple times per day, and posted screenshots and victims' data to an Instagram account, @ihackedthegovernment. He also accessed an AmeriCorps account seven times and a VA My HealtheVet account five times, viewing sensitive personal and health information. Moore admitted to one count of computer fraud.