All news with #data breach tag

🔒 SoundCloud confirmed a security breach that triggered recent outages and prevented many users from accessing the site via VPN, producing 403 "forbidden" errors. The company says a threat actor accessed an ancillary service dashboard and stole a database containing limited data—primarily email addresses and information already visible on public profiles—and that no passwords or financial data were taken. SoundCloud says it has blocked unauthorized access, engaged outside security experts, and implemented additional controls; however, a configuration change disrupted VPN connectivity and the platform also experienced denial-of-service attacks during the response.

🔓 PornHub says it is being extorted after threat actors claiming to be ShinyHunters said they stole analytics records from vendor Mixpanel, which suffered a smishing-driven breach on November 8, 2025. PornHub stated the incident affects only select Premium users and emphasized that passwords and payment details were not exposed. The company also said it has not worked with Mixpanel since 2021, indicating the records are historical analytics data.

🔒 Pornhub says it is being extorted by the ShinyHunters gang after the group claimed to have stolen 201,211,943 historical analytics records tied to Premium members. The sample data reportedly includes email addresses, search and watch activity, video URLs, video names, keywords, locations and timestamps. Pornhub says passwords and payment details were not exposed and that it has not worked with Mixpanel since 2021. Mixpanel disputes that the files were taken during its November 2025 incident.

🔒 700Credit is notifying more than 5.8 million individuals after a threat actor exploited an exposed API to obtain customer records tied to dealership clients. The company detected suspicious activity on October 25 and, with third-party forensic assistance, confirmed unauthorized copying of web application records. Exposed data includes full names, addresses, dates of birth, and Social Security numbers. 700Credit is offering 12 months of complimentary identity protection through TransUnion and has filed breach notifications with the FTC and affected dealer clients.

🔒 The French Interior Ministry confirmed a cyberattack detected overnight between December 11 and 12 that compromised its e-mail servers and allowed attackers to access a number of document files. Officials say they have reinforced access controls and implemented additional security measures while an investigation is underway. Authorities are exploring motives including foreign interference, activist demonstration, or organized cybercrime.

🔓 A security researcher reported that a Home Depot employee accidentally published a private GitHub access token in early 2024, which granted access to private repositories and cloud infrastructure. When tested, the token allowed write permissions to Home Depot repos and access to order fulfillment and inventory systems. The researcher said multiple disclosure emails went unanswered; the token was removed after TechCrunch contacted the company.

🔍 Coupang has tied a major data breach exposing 33.7 million customers to a former employee who retained access after leaving the company. The intrusion occurred on June 24, 2025 and was discovered by Coupang on November 18; the company disclosed the incident on December 1 and later said the stolen data had not been published online. Police raided Coupang offices to collect logs, credentials and other records during an independent probe, and the CEO resigned amid the fallout. Authorities warn the firm could face liability if negligence or other violations are found, while the breach has prompted widespread phishing and impersonation reports across South Korea.

🔒 Kaspersky examines the lifecycle of personal data stolen through phishing, showing how information is harvested, traded, verified and repeatedly reused across the shadow market. Stolen records are collected via forms and transmitted by email, Telegram bots or specialized admin panels before being bundled into bulk dumps, analyzed and resold. The report highlights targeted categories, average resale values for different account types and practical protections such as using 2FA, passkeys and a password manager, plus immediate steps to take if your data has been exposed.

🔒 In mid-October the Untereisesheim town hall was hit by a cyberattack that encrypted IT systems and led to data theft from servers. Investigations indicate portions of the stolen material, including older personnel files and employee image drives, have appeared on the darknet, while the municipality stresses that sensitive citizen data and central document systems were not affected. No ransom was paid; the town is working with Cybersecurity Agency Baden-Württemberg (CSBW) and the State Criminal Police Office, has rebuilt and secured systems, and informed supervisory and data protection authorities.

🔒 The UK Information Commissioner’s Office has fined LastPass £1.2m after concluding insufficient technical and organisational measures contributed to a major 2022 breach. The ICO said there is no evidence that vault master passwords were decrypted, but around 1.6 million users had personal data exposed, including names, emails, phone numbers and stored URLs. The regulator reiterated that password managers remain recommended but vendors must restrict access and harden internal controls.

🔍 Seoul police raided Coupang’s headquarters after the e‑commerce firm disclosed that a massive data leak impacted 33.7 million users. CEO Park Dae‑jun resigned and was replaced by US‑based interim chief Harold Rogers to lead remediation, strengthen information security and restore customer trust. Authorities have issued a search warrant for a suspected ex‑employee and are investigating potential criminal violations. South Korea’s data regulator has also ordered changes to Coupang’s terms, simplified account cancellation and a specialist task force to limit further harm.

🔒 The UK Information Commissioner's Office (ICO) fined LastPass £1.2 million after a 2022 breach that exposed account metadata and encrypted vault backups for up to 1.6 million UK users. The attacker first compromised an employee laptop and development credentials, then exploited a vulnerability in a third‑party streaming app on a senior employee's device to deploy malware, capture a master password, and bypass MFA. Those keys enabled access to cloud backups at GoTo containing customer data. The ICO said vaults were not decrypted but warned weak master passwords are at risk and urged stronger passwords and tighter controls.

📷 South Korean authorities arrested four suspects after roughly 120,000 internet-connected IP cameras in homes and businesses were breached and sexually explicit footage was sold on an overseas adult site. Investigators indicate attackers likely exploited weak or default credentials and unpatched device software. Owners should replace factory passwords, use unique credentials and enable two-factor authentication; consider a reputable password manager such as Kaspersky Password Manager to generate and store strong, random passwords and one-time codes.

🔔 This week's ThreatsDay Bulletin highlights a packed week of cross-cutting threats: a Mirai variant dubbed Broadside exploiting TBK DVRs (CVE-2024-3721), widespread exploitation of React2Shell (CVE-2025-55182), and the leak of a ValleyRAT builder that includes a signed kernel-mode rootkit. Law enforcement actions ranged from Europol's 193 arrests in a VaaS crackdown to multiple national detentions, while Apple and Google issued broad spyware alerts. Researchers flagged >10,000 Docker Hub images leaking secrets and 19 malicious VS Code extensions that used a PNG disguise to deliver trojans, underscoring persistent supply-chain and user-facing risks.

🔔 The Identity Theft Resource Center's 2025 Business Impact Report found that 81% of US small businesses experienced a data or security breach in the past year, and 38% raised prices as a result. Respondents attributed 41% of incidents to AI-enabled attacks, while external actors and malicious insiders were cited by 43% and 42% respectively. The ITRC warns that adoption of protections such as MFA is falling and advises SMBs to focus on people, process and technology defenses including out-of-band verification and AI-driven detection tools.

🔒 The Health Service Executive (HSE) has offered €750 to individuals whose personal data was exposed in the May 2021 Conti ransomware attack, plus an additional €650 toward legal costs. The intrusion began with a malicious Microsoft Excel file that bypassed outdated anti‑malware defenses, forcing a full IT shutdown and widespread disruption to hospital services. A later PwC review criticised the HSE's unpatched systems and frail infrastructure, while the organisation says it has found no evidence of fraud stemming from the breach after more than four years.

🔒 UpGuard's analysis found thousands of publicly accessible Streamlit applications exposing PII and confidential business data due to default public hosting and common misconfiguration. Using internet scans in October 2025, researchers identified nearly 15,000 IPs running Streamlit and more than ten thousand self-hosted apps reachable without authentication, while Community Cloud counts were substantially larger. The report warns that shadow AI—unsanctioned, persistent apps—can massively expand the attack surface and recommends inventory, access controls, authentication by default, and continuous monitoring.

🔒 A 19-year-old suspect in Igualada, Barcelona, was arrested after authorities linked him to breaches at nine companies and the theft of 64 million private records. Police say the dataset included full names, home addresses, email addresses, phone numbers, DNI numbers and IBAN codes that the suspect attempted to sell on hacker forums using multiple accounts and pseudonyms. Officers seized computers and cryptocurrency wallets believed to hold proceeds from the sales; the investigation began in June. Separately, Ukrainian police arrested a 22-year-old who used custom malware and a 5,000-account bot farm to compromise and sell social media access.

🛡️ Sophos links nearly 40 intrusions from Feb 2024 to Aug 2025 to STAC6565, a cluster assessed to overlap the criminal group Gold Blade (aka RedCurl/Red Wolf). The campaign shows an unusually narrow geographic focus — almost 80% of attacks targeted Canadian organizations — and combines targeted data theft with selective ransomware deployment using QWCrypt. Attack chains abuse recruitment platforms to deliver multi‑stage loaders such as RedLoader and tools designed to evade AV and disable recovery, often leveraging WebDAV, Cloudflare Workers and program‑compatibility execution paths.

🔒 Marquis Software Solutions confirmed a breach affecting more than 780,000 individuals after attackers exploited a SonicWall firewall vulnerability on 14 August. The company shut down affected systems and engaged external cybersecurity specialists; a late-October review found unauthorized actors copied files containing personal and financial data from certain business customers. Marquis is offering free credit monitoring and has implemented multiple security controls while its investigation continues, and it reports no evidence so far that the stolen data has been posted online.