Cutout.Pro
February 26, 2024
•[ hack, misconfiguration, technology ]
In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels.
medQ
February 23, 2024
•[ ransomware, malware, technology ]
medQ files a notice of data breach after discovering that hackers accessed and encrypted a software platform used by medQ.
Organization in the defense sector
February 19, 2024
•[ espionage, malware, technology ]
Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn that Lazarus group's "Operation Dream Job," was also used against the defense sector.
Tangerine
February 18, 2024
•[ leak, misconfiguration, technology ]
In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine login process involves sending a one-time password after entering an email address and phone number, it previously used a traditional password which was also exposed as a bcrypt hash.
PSI Software SE
February 15, 2024
•[ ransomware, malware, technology ]
PSI Software SE, a German software developer for complex production and logistics processes suffers a ransomware attack that impacts its internal infrastructure.
OpenAI
February 14, 2024
•[ hack, ddos, technology ]
Anonymous Sudan claims responsibility for targeting ChatGPT and its parent company, OpenAI, with a series of DDoS attacks.
Undisclosed Meta contractor
February 13, 2024
•[ leak, hack, technology ]
The IntelBroker threat actor leals 200,000 records on a hacker forum, claiming they contain the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users.
Elector
February 12, 2024
•[ government, leak, technology ]
Researchers from Resecurity identify a data leak of 6,453,254 Israeli voter records due to the breach of Elector, an Israeli software application used to manage political campaigns.
iTITAN Hosting
February 6, 2024
•[ hack, technology ]
iTITAN Hosting, another hosting provider in Romania, suffers a data breach.
Telecommunications organizations in Southeast Asia
February 1, 2024
•[ espionage, technology ]
Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.
Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024.
SurveyLama
February 1, 2024
•[ leak, technology ]
In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or argon2 hashes. When contacted about the incident, SurveyLama advised that they had already "notified the users by email".
Hewlett Packard Enterprise
February 1, 2024
•[ leak, technology ]
Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information.
Spoutible
January 31, 2024
•[ leak, misconfiguration, technology ]
In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens.
OpenAI
January 29, 2024
•[ hack, technology ]
OpenAI officials say that the ChatGPT histories a user reported result from his ChatGPT account being compromised.
Hewlett Packard Enterprise (HPE)
January 23, 2024
•[ hack, espionage, malware ]
Hewlett Packard Enterprise (HPE) discloses that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments.
Trello
January 22, 2024
•[ leak, misconfiguration, technology ]
A threat actor with the moniker of 'emo' leaks the private emails of 15,115,516 Trello members, using an exposed Trello API to link private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.
Unknown Job Seeking Platform in Thailand
January 22, 2024
•[ leak, technology ]
A threat actor named Milw0rm leaks 61,000 rows of records related to Thai job seekers and includes an extensive range of personal information.
Tietoevry
January 20, 2024
•[ ransomware, malware, technology ]
Finnish IT services and enterprise cloud hosting provider Tietoevry suffers an Akira ransomware attack impacting cloud hosting customers in one of its data centers in Sweden.
mpl.live
January 20, 2024
•[ leak, technology ]
The same threat actor roshtosh' leaks data from mpl.live (Mobile Premier League) another gambling platform in India.
Loïc Lawson and Anani Sossou
January 16, 2024
•[ espionage, malware, technology ]
Reporters Without Borders (RSF) announces to have found traces of spyware resembling NSO groups Pegasus surveillance tool on the phones of two journalists in Togo (Loc Lawson and Anani Sossou).
