Threat Actor: Unknown | Unknown Victim: Dropbox | Dropbox Price: N/A Exfiltrated Data Type: Email addresses, usernames, phone numbers, hashed passwords, API keys, OAuth tokens, authentication information
Additional Information:
The security breach occurred within Dropbox Sign (formerly HelloSign) service. The breach exposed customer data including email addresses, usernames, phone numbers, and hashed passwords.…Threat Actor: Czech Republic’s Office for Personal Data Protection (ÚOOÚ) | ÚOOÚ Victim: Avast | Avast Price: $14.8 million Exfiltrated Data Type: Sensitive personal data, including browsing habits, interests, location, and financial status
Additional Information:
The fine was imposed by the Czech Republic’s Office for Personal Data Protection (ÚOOÚ) on Avast for alleged violations of the European Union’s General Data Protection Regulation (GDPR).…Threat Actor: Hackers | Hackers Victim: Postman | Postman Price: N/A Exfiltrated Data Type: API keys, authentication tokens, sensitive data
Additional Information :
The leak was discovered by security firm Truffle Security. Over 4,000 live credentials were found to be accessible on Postman’s Public API Network.…Threat Actor: Chinese keyboard apps | Chinese keyboard apps Victim: Users of Baidu, Tencent, iFlytek, Honor, Huawei, OPPO, Vivo, Samsung, Xiaomi | users of Chinese keyboard apps Price: Not specified Exfiltrated Data Type: Keystrokes
Additional Information:
Massive Impact: Up to a billion users could be affected by the security flaws in Chinese keyboard apps from Baidu, Tencent, iFlytek, and popular phone brands used across China (Honor, Huawei, OPPO, Vivo, Samsung, Xiaomi).…Threat Actor: Credential Stuffing | Credential Stuffing Victim: Roku | Roku Price: N/A Exfiltrated Data Type: User account information
Additional Information :
Roku experienced a second data breach incident, affecting over 500,000 user accounts. The breach was attributed to credential stuffing, where stolen user credentials from other platforms were used to breach Roku accounts.…Fujitsu, the Japanese multinational technology giant, has revealed a data breach resulting from a malware infection within its corporate network. The company disclosed that sensitive files containing both personal and customer information were exposed to the attackers.
Swift Response, Ongoing Investigation
Fujitsu reports that they detected the malware during an internal investigation.…
Microsoft has confirmed a new, significant intrusion by the persistent Russia-based hacking group Midnight Blizzard (NOBELIUM). The threat actors leveraged information exfiltrated during a January cyberattack to gain recent, unauthorized access to Microsoft’s internal network, including source code repositories.
Microsoft traced the breach back to a January cyberattack where Midnight Blizzard leveraged a common but dangerous method – a password spray attack.…
The fallout from the devastating hacker attack on IT provider Xplain continues as the Swiss National Cyber Security Centre (NCSC) publishes a detailed report on the leaked data. The report reveals both the scope of the breach and the complex challenges faced by authorities in analyzing the massive trove of stolen information.…
Japanese school uniform retailer Kanko Online Shop has disclosed a significant data breach affecting its “Kanko Online Shop Harajuku Select Square” e-commerce site. Up to 3,827 customers who made purchases between April 2021 and August 2023 may have had their credit card information compromised.
What Happened?…
Daikin Industries, a global leader in air conditioning systems, recently faced a challenging situation – a data breach compromising the personal data of its suppliers. The incident highlights the intricate web of business relationships that characterize modern supply chains and the inherent risks that come with them.…
Creates, a popular online retailer of hair styling tools, has suffered a significant data breach that exposed credit card details, names, addresses, and possibly even more sensitive personal information belonging to thousands of customers. An investigation revealed that attackers found weaknesses in the company’s old e-commerce platform to steal data during the checkout process.…
In a worrisome turn of events, messaging app giant Line Yahoo Corporation has revised the scope of its previously reported data breach. A deeper investigation uncovered additional compromises, significantly boosting the number of potentially leaked data points. This incident underscores the far-reaching consequences of a single infection and the challenges of securing interconnected systems.…
On February 2, 2024, AnyDesk, a popular remote desktop software provider, announced that it had fallen victim to a cyberattack that compromised its production systems. The breach, orchestrated by malicious actors, has far-reaching implications for AnyDesk customers.
The incident came to light when AnyDesk released a public statement about possible security breaches on some of its systems.…
AnyDesk, a widely used remote desktop software, recently announced a significant breach within its production environment. Despite the unsettling access gained by hackers, AnyDesk assured its user base that no authentication tokens were compromised, as these crucial elements reside solely on the user’s device, tethered to its unique fingerprint.…
Ofuji Fishing Tackles, a renowned fishing tackle wholesaler and manufacturer in Japan has recently faced a severe cyber threat. The company disclosed a potential data breach involving personal customer information, a consequence of a ransomware attack targeting their systems. This incident, confirmed on December 13, 2023, has raised concerns about the leakage of customer data, including membership numbers, names, addresses, dates of birth, and phone numbers, affecting approximately 200,000 individuals.…
A colossal wave of stolen personal identifiable information (PII) from Thailand has crashed onto the shores of the dark web, marking a disturbing escalation in cybercriminal activities. This massive leak, unprecedented in its scale and audacity, has exposed the personal data of millions, casting a long shadow over the digital safety and privacy of Thai citizens.…
Ateam Inc., a developer of content for smartphones, disclosed that 935,779 personal data records stored in their cloud service were accessible over the Internet.
The company stated that they use the cloud service ‘Google Drive’ across their group. However, they discovered permission-setting errors in 1,369 files containing personal information.…
Panasonic Avionics Corporation (PAC), revealed that they suffered a cyberattack at the end of 2022, which may have led to the leak of personal information related to employees.
According to Panasonic, the internal network systems of PAC were compromised in a cyberattack. The breach was discovered approximately a year ago, on December 30, 2022, and an investigation ensued with external assistance.…
As the world adorned its festive attire, the cybercriminal community in the shadowy realms of the Dark Web orchestrated their chilling celebration – “Leaksmas.” This event, coinciding with the Christmas season, unfolded as a sinister display of data sharing among hackers, as observed by Resecurity.
The “Free Leaksmas” tag, a twisted token of gratitude, marked the substantial data dumps resulting from breaches and intrusions across a diverse range of companies and government agencies.…
The ransomware group Akira has declared responsibility for the recent cyberattack on the systems of Nissan in Australia and New Zealand. The hackers claim to have exfiltrated over 100 GB of documents from the automaker.
Now, the malefactors are threatening to release confidential business and client data online, as negotiations with Nissan regarding a ransom have been unsuccessful—either due to the company’s refusal to engage with the hackers or its unwillingness to pay the demanded sum.…