Data Breach

Pierluigi Paganini November 03, 2023
Okta customer support system breach impacted 134 customers

Threat actors who breached the Okta customer support system also gained access to files belonging to 134 customers. Threat actors who breached the Okta customer support system in October gained access to files belonging to 134 customers, the company revealed. Some of the files accessed by the attackers are HAR files that contained session tokens. […]

Pierluigi Paganini November 02, 2023
Clop group obtained access to the email addresses of about 632,000 US federal employees

Clop ransomware gang gained access to the email addresses of more than 632K US federal employees at the departments of Defense and Justice. Russian-speaking Clop ransomware group gained access to the email addresses of about 632,000 US federal employees at the departments of Defense and Justice. The security breach is the result of the MOVEit […]

Pierluigi Paganini November 02, 2023
Okta discloses a new data breach after a third-party vendor was hacked

Okta warns approximately 5,000 employees that their personal information was compromised due to a third-party vendor data breach. Cloud identity and access management solutions provider Okta warns nearly 5,000 employees that their personal information was exposed due to a data breach suffered by the third-party vendor Rightway Healthcare. According to the data breach notification, Rightway […]

Pierluigi Paganini November 02, 2023
Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India

Data leaks containing Aadhaar IDs in India were caused by the insecurity of 3rd parties while aggregating such information for KYC. According to Resecurity, a global cybersecurity provider protecting Fortune 500 companies and governments globally, one of the key issues leading to data leaks containing Aadhaar IDs in India is the insecurity of 3rd parties […]

Pierluigi Paganini October 27, 2023
Hello Alfred app exposes user data

Hello Alfred, an in-home hospitality app, left a database accessible without password protection, exposing almost 170,000 records containing private user data. Hello Alfred is a one-stop application allowing real estate developers and property managers to provide in-home services and maintenance to residents. It also enables landlords to collect rent in-app. Residents using the platform get an […]

Pierluigi Paganini October 26, 2023
Seiko confirmed a data breach after BlackCat attack

Japanese watchmaker Seiko revealed that the attack that suffered earlier this year was carried out by the Black Cat ransomware gang. On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber attack. “Seiko Group Corporation (hereinafter referred to as “the Company” or “we”) has confirmed that on July […]

Pierluigi Paganini October 25, 2023
New England Biolabs leak sensitive data

On September 18th, the Cybernews research team discovered two publicly hosted environment files (.env) attributed to New England Biolabs. Leaving environment files open to the public is one of the simplest mistakes that web admins can make, but it can have disastrous consequences. Despite leaving some of its sensitive credentials exposed, New England Biolabs seems […]

Pierluigi Paganini October 23, 2023
City of Philadelphia suffers a data breach

The City of Philadelphia discloses a data breach that resulted from a cyber attack that took place on May 24 and that compromised City email accounts. The City of Philadelphia announced it is investigating a data breach after attackers that threat actors broke some of City email accounts containing personal and protected health information. The […]

Pierluigi Paganini October 21, 2023
A threat actor is selling access to Facebook and Instagram’s Police Portal

A threat actor is selling access to Facebook and Instagram’s Police Portal used by law enforcement agencies to request data relating to users under investigation. Cyber security researcher Alon Gal, co-founder & CTO of Hudson Rock, first reported that a threat actor is selling access to Facebook and Instagram’s Police Portal. The portal allows law […]

Pierluigi Paganini October 21, 2023
Threat actors breached Okta support system and stole customers’ data

Okta revealed that threat actors breached its support case management system and stole sensitive data that can be used in future attacks. Okta says that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valide users. Okta […]