breach

UK Fines LastPass £1.2 Million for Data Breach Affecting 1.6 Million People

UK fines LastPass £1.2 million for 2022 data breach affecting 1.6 million users. Two attacks compromised employee data, leading to access of encrypted user information. ICO criticized LastPass for inadequate security measures. No evidence passwords unencrypted but concerns remain about hackers cracking vaults. LastPass acknowledges shortcomings, focusing on enhancing data security.

https://therecord.media/uk-fines-lastpass-over-1-million-data-breach

New ConsentFix Attack Hijacks Microsoft Accounts Via Azure CLI

ConsentFix attack hijacks Microsoft accounts via Azure CLI without passwords or MFA. It tricks users into submitting OAuth codes through a fake CAPTCHA on compromised sites, giving attackers full access to accounts using Azure authentication. Monitoring for unusual Azure CLI activity is recommended to detect this threat.

https://www.bleepingcomputer.com/news/security/new-consentfix-attack-hijacks-microsoft-accounts-via-azure-cli/

The Hidden Cascade: Why Law Firm Breaches Destroy More Than Data

Law firms face significant cyberattack risks, with 20% targeted in the past year and average breach costs exceeding $5 million. Attackers are increasingly sophisticated, using tactics that can undermine client privilege and expose sensitive data, especially relating to M&A deals. Current security assessments overlook law firms, leaving businesses vulnerable. The article advocates treating these firms like high-risk technology vendors, proposing specific security measures to mitigate risks associated with data breaches in professional services.

https://www.recordedfuture.com/blog/the-hidden-cascade

OpenAI Discloses API Customer Data Breach Via Mixpanel Vendor Hack

OpenAI reported a data breach affecting some API customers due to a Mixpanel hack, disclosing limited identifying information such as names and email addresses. No sensitive data like passwords or payment details were compromised. OpenAI has removed Mixpanel from its services and is investigating the incident, advising affected users to be cautious of potential phishing attempts.

https://www.bleepingcomputer.com/news/security/openai-discloses-api-customer-data-breach-via-mixpanel-vendor-hack/

Logitech Data Breach — What We Know As 0-Day Hack Attack Confirmed

Logitech experienced a data breach after a Clop ransomware group attack that used a zero-day flaw in a third-party platform. The attack did not directly affect Logitech’s products or business operations, but it may have exposed limited employee, consumer, and supplier data. Logitech believes sensitive personal data was not compromised and has since patched the vulnerability. The firm is working with cybersecurity experts and believes that this incident won’t materially affect its finances due to insurance coverage. Experts stress that the incident highlights the risks associated with zero-day exploits and underscores the need for stronger security measures.

https://www.forbes.com/sites/daveywinder/2025/11/15/logitech-data-breach—what-we-know-as-0-day-hack-attack-confirmed/

How Massive Data Breaches Flood Illicit Markets While Personal Information Fuels Cybercrime Economy

Massive data breaches expose sensitive personal information, fueling a cybercrime economy where stolen data is sold for illicit purposes. Criminals exploit breaches from various targets, leading to identity theft and fraud. The sheer volume of stolen data creates a market for scammers, with various vendors and platforms facilitating sales, often using cryptocurrencies for transactions. As demand grows, so do data breaches, making the issue persistent and profitable for cybercriminals.

https://www.milwaukeeindependent.com/syndicated/massive-data-breaches-flood-illicit-markets-personal-information-fuels-cybercrime-economy/

Databroker Files: Targeting the EU

Mobile phone location data of millions in the EU is being sold for advertising, posing serious privacy and security risks, including potential espionage. This data can reveal sensitive patterns of movement for EU officials, despite GDPR regulations meant to protect personal information. Investigations show that data brokers can easily target political figures, with significant implications for national security amid rising geopolitical tensions. EU leaders and NATO express concern over the situation but effective protective measures remain inadequate. Comprehensive regulation to curb data trading and enhance privacy rights is urgently needed, with calls for a ban on advertising tracking.

https://netzpolitik.org/2025/databroker-files-targeting-the-eu/

Google Disputes False Claims of Massive Gmail Data Breach

Google denies recent claims of a massive Gmail data breach affecting 183 million accounts, clarifying that compromised credentials result from various past attacks, not a new breach. The misinformation originated from misinterpretations of credential databases compiled over years. Google emphasizes strong defenses and offers advice for users concerned about past credential exposure.

https://www.bleepingcomputer.com/news/security/google-disputes-false-claims-of-massive-gmail-data-breach/

Oracle Says “obsolete Servers” Hacked, Denies Cloud Breach

Oracle confirmed hacking of “obsolete servers,” denying any impact on its cloud services or customer data. Hackers accessed and leaked user credentials from outdated infrastructure, asserting no usability of exposed passwords. Cybersecurity experts question Oracle's terminology, suggesting the breach pertains to legacy systems still managed by the company, which has not clarified server specifics. Recent breaches include compromised patient data from Oracle Health.

https://www.bleepingcomputer.com/news/security/oracle-says-obsolete-servers-hacked-denies-cloud-breach/

Oracle Privately Confirms Cloud Breach to Customers

Oracle confirmed to customers a breach involving the theft of old client credentials from a legacy system last used in 2017. Despite Oracle's claim that the data isn't sensitive, it appears the attacker accessed more current data and sold it online. Investigations are ongoing with the FBI and CrowdStrike. Additional data breaches at Oracle Health impacted U.S. healthcare organizations, with extortion threats against hospitals for acquired patient data. Oracle has consistently denied any breach in its current cloud services, focusing instead on older, legacy platforms.

https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/

Oracle Customers Confirm Data Stolen in Alleged Cloud Breach Is Valid

Oracle Cloud faces allegations of a breach as customers confirm that stolen data—claimed to include information from 6 million accounts—are valid. The hacker, known as ‘rose87168', asserts they exploited a vulnerability to access the data and is selling it. Despite evidence, Oracle maintains there was no breach. Multiple companies verified the authenticity of the leaked info, contradicting Oracle's claims. An email exchange between the hacker and an alleged Oracle representative has surfaced, further complicating the situation. Oracle has not responded to further inquiries.

https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/

Troy Hunt: Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

TL;DR: Troy Hunt processed 1.5TB of “ALIEN TXTBASE” stealer logs, containing 23 billion rows, impacting 284 million email addresses and introducing 244 million new passwords to “Have I Been Pwned.” Enhanced querying APIs for domain owners and website operators now allow broader searches of stealer logs, aimed at identifying compromised credentials, while a total of 493 million email-password pairs have been analyzed.

https://www.troyhunt.com/processing-23-billion-rows-of-alien-txtbase-stealer-logs/

A Breach of Gravy Analytics’ Huge Trove of Location Data Threatens the Privacy of Millions

Gravy Analytics suffered a data breach, exposing millions' location data from various smartphone apps. The hacker leaked samples on a cybercrime forum, revealing over 30 million location points, which can track users' movements and even identify vulnerable individuals, such as those in LGBTQ+ communities. Unacast, Gravy's parent company, reported the breach to data authorities after discovering unauthorized access to its cloud data. Gravy Analytics' website is down as investigations continue, raising significant privacy concerns amid existing FTC bans on their data practices.

https://techcrunch.com/2025/01/13/gravy-analytics-data-broker-breach-trove-of-location-data-threatens-privacy-millions/

Scroll to Top