Ladies.com
July 3, 2024
•[ leak, misconfiguration, technology ]
In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation.
OVHcloud
July 2, 2024
•[ hack, ddos, technology ]
OVHcloud, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year, allegedly launched from a botnet of MilkroTik devices, which reached an unprecedented packet rate of 840 million packets per second (Mpps).
Roll20
June 29, 2024
•[ hack, technology ]
Roll20, a popular online tabletop platform for role-playing games (RPGs), reveals that its systems were breached.
Kadokawa
June 28, 2024
•[ ransomware, leak, malware ]
Japanese media giant Kadokawa confirms that some of its data was leaked in a ransomware attack early June 2024. The BlackSuit ransomware gang claims responsibility for the attack.
Telecommunication providers in Crimea
June 27, 2024
•[ hack, ddos, technology ]
Local authorities in Crimea warn of internet disruptions from distributed denial-of-service (DDoS) attacks targeting telecommunication providers.
Large business-to-business IT service providers in Southern Europe
June 25, 2024
•[ espionage, technology ]
Researchers from Sentinel One and Tinext Cyber reveal the details of Operation Digital Eye, a suspected China-nexus cyber espionage group attributed to an attacks targeting large business-to-business IT service providers in Southern Europe.
SpyX
June 24, 2024
•[ leak, malware, technology ]
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
Z-lib
June 20, 2024
•[ leak, misconfiguration, technology ]
In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses, countries of residence, Bitcoin and Monero cryptocurrency wallet addresses, purchases and bcrypt password hashes.
Undisclosed third-party of Accenture
June 20, 2024
•[ leak, misconfiguration, technology ]
A threat actor named '888' claims to have extracted contact details of 33,000 current and former employees of Accenture in a breach that involves a third-party firm.
TVP
June 16, 2024
•[ hack, ddos, technology ]
Russian threat actors could be behind the disruption to TVP, an online broadcast of the Euro 2024 soccer tournament, during the Polish national teams opening match against the Netherlands.
Singapore Telecommunications
June 15, 2024
•[ espionage, technology ]
The Chinese threat actors from Volt Typhoon reportedly breached Singapore Telecommunications (SingTel) over the summer as part of their ongoing attacks against critical infrastructure operators.
Pure Storage
June 10, 2024
•[ hack, misconfiguration, technology ]
Pure Storage, a leading provider of cloud storage systems and services, confirms that attackers breached its Snowflake workspace and gained access to what the company describes as telemetry information.
mSpy (2024)
June 9, 2024
•[ hack, leak, technology ]
In June 2024, a huge trove of data from spyware maker mSpy was obtained by hacktivists and published online. Comprising of 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos. The data was predominantly support tickets seeking help to install the spyware on target devices, whilst the attachments contained various data including screen grans of financial transactions, photos of credit cards and nude selfies.
Absolute Telecom
June 9, 2024
•[ hack, technology ]
GhostR claims to have stolen over 34 gigabytes of data belonging to Singapore-based telecom company Absolute Telecom PTE Ltd.
New York Times
June 8, 2024
•[ leak, misconfiguration, technology ]
The New York Times confirms that internal source code and data was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024.
Multiple organizations
June 3, 2024
•[ hack, malware, technology ]
A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches is added to the Have I Been Pwned data breach notification service.
Official Microsoft India account on X (formerly Twitter)
June 3, 2024
•[ financial, hack, phishing ]
The official Microsoft India account on X (formerly Twitter), with over 211,000 followers, is hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill.
Hugging Face
May 31, 2024
•[ hack, technology ]
AI platform Hugging Face says that its Spaces platform was breached, allowing threat actors to access authentication secrets for its members.
Internet Archive
May 26, 2024
•[ hack, ddos, technology ]
The Internet Archive is hit with a prolonged DDoS attack.
pcTattletale
May 25, 2024
•[ hack, sqlinjection, technology ]
In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report. The breach exposed data including membership records, infected PC names, captured messages and extensive logs of IP addresses and device information.
