RailYatri
December 26, 2022
•[ leak, misconfiguration, technology ]
In December 2022, Indias government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.
Astro
December 25, 2022
•[ leak, misconfiguration, technology ]
A website had listed details of 3.5 million Astro customers.
Twitter
December 23, 2022
•[ hack, misconfiguration, technology ]
A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability.
Youdo
December 22, 2022
•[ hack, ddos, technology ]
IT Army of Ukraine has conducted a DDoS attack against the servers of a Russian freelancing platform.
Spotify
December 19, 2022
•[ hack, ddos, technology ]
Mirai, a KillNet-affiliated collective, claims to have conducted a DDoS attack against the support webpage of a Swedish audio streaming and media services provider.
Level Travel
December 15, 2022
•[ leak, technology ]
NLB, a Ukrainian-affiliated threat actor, has leaked information of 1.5 million clients of a Russian online platform providing travel services.
Profi
December 15, 2022
•[ hack, ddos, technology ]
IT Army of Ukraine claims to have conducted a DDoS attack against the servers of a Russian freelancing platform.
SevenRooms
December 15, 2022
•[ leak, technology ]
Restaurant customer management platform SevenRooms confirms it suffered a data breach after a threat actor began selling stolen data on a hacking forum.
Advego
December 14, 2022
•[ hack, ddos, technology ]
IT Army of Ukraine has conducted a DDoS attack against the servers of a Russian freelancing platform.
TPG Telecom
December 14, 2022
•[ hack, technology ]
Australia's TPG Telecom this week announced that a threat actor has gained unauthorized access to a service hosting the email accounts of 15,000 customers.
Grafana
December 14, 2022
•[ hack, ddos, technology ]
Mirai, a KillNet-affiliated collective, claims to have conducted a DDoS attack against the cloud service of a US multinational technology company.
FuboTV
December 14, 2022
•[ hack, technology ]
FuboTV says World Cup streaming outage caused by a cyberattack
Social Blade
December 14, 2022
•[ hack, technology ]
Social media analytics platform Social Blade has confirmed they suffered a data breach after its database was breached and put up for sale on a hacking forum.
Uklon
December 11, 2022
•[ hack, ddos, technology ]
The Russian-affiliated People's CyberArmy claims to have conducted a DDoS attack against the website of a Ukrainian company providing ride-hailing services.
Teleperformance USA
December 8, 2022
•[ hack, misconfiguration, technology ]
On December 8, 2022, Teleperformance USA reported a data breach with the Texas Attorney General after learning that an unauthorized party had accessed confidential consumer information that was entrusted to the company.
CloudSEK
December 7, 2022
•[ hack, misconfiguration, technology ]
Indian cybersecurity firm CloudSEK says a threat actor gained access to its Confluence server using stolen credentials for one of its employees' Jira accounts.
Activision
December 4, 2022
•[ social, phishing, technology ]
In December 2022, attackers socially engineered an Activision HR employee into disclosing information which led to the breach of almost 20k employee records. The data contained 16k unique email addresses along with names, phone numbers, job titles and the office location of the employee. Activision advised that no sensitive employee information was included in the breach.
Teqtivity
December 2, 2022
•[ leak, technology ]
Uber staff info leaks after supplier Teqtivity gets pwned
Intrado
December 1, 2022
•[ ransomware, malware, technology ]
Royal Ransomware gang claimed responsibility for a cyber attack against telecommunications company Intrado
West Technology Group (WTG)
December 1, 2022
•[ hack, technology ]
West Technology Group (WTG) files a notice of data breach after confirming that an unauthorized party was able to access and remove confidential employee information from the company's computer network.
