AT&T
March 16, 2024
•[ leak, technology ]
Two threat actors (ShinyHunters and MajorNelson) put on sale 71 million records allegedly stolen from AT&T in 2021. However the company claims the data did not originate from its systems. Approximately one month later AT&T confirms the breach adding that the real number of impacted users is 51 million.
Roku
March 15, 2024
•[ hack, brute-force, technology ]
Roku warns that 576,000 accounts were hacked in new credential stuffing attacks after disclosing another incident that compromised 15,000 accounts in early March.
Fujitsu
March 15, 2024
•[ hack, malware, technology ]
Japanese tech giant Fujitsu discloses that several of its systems were infected by malware and warns that the hackers stole customer data.
Mintlify
March 13, 2024
•[ leak, misconfiguration, technology ]
Documentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month.
Roku
March 8, 2024
•[ hack, brute-force, technology ]
Roku says it canceled unauthorized subscriptions and refunded more than 15,000 accounts after discovering what they called suspicious activity.
WoTLabs
March 3, 2024
•[ hack, technology ]
In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.
Tyler Technologies
March 1, 2024
•[ ransomware, malware, technology ]
The LockBit ransomware operation claims to have stolen data from the D.C. Department of Insurance, Securities and Banking (DISB), however the agencies denies the claims, and states that the leaked data is from a third-party technology provider.
Telefónica
March 1, 2024
•[ leak, technology ]
Telefnica investigates the claims of a possible cyberattack occurred in March that allowed criminals to access more than 2 million records of clients and collaborators of the company.
Life360
March 1, 2024
•[ leak, misconfiguration, technology ]
In July 2024, data scraped from a misconfigured Life360 API was posted online after being obtained several months earlier. The records included 443k unique email addresses and in most cases, corresponding names and phone numbers (some records were null or obfuscated). Life360 promptly notified impacted users after the incident was discovered.
Mr. Green Gaming
March 1, 2024
•[ leak, technology ]
In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.
Chunghwa Telecom
February 29, 2024
•[ espionage, leak, government ]
The Taiwan ministry of national defense says that threat actors stole sensitive information including military and government documents from Chunghwa Telecom, Taiwans largest telecom company and sold it on the dark web.
SurveyLama
February 29, 2024
•[ leak, technology ]
SurveyLama suffers a data breach in February 2024, which exposes the sensitive data of 4.4 million users.
Organizations in Japan
February 28, 2024
•[ espionage, malware, technology ]
Japan's Computer Security Incident Response Team (JPCERT/CC) warns that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware.
Cutout.Pro
February 26, 2024
•[ hack, misconfiguration, technology ]
In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels.
medQ
February 23, 2024
•[ ransomware, malware, technology ]
medQ files a notice of data breach after discovering that hackers accessed and encrypted a software platform used by medQ.
Organization in the defense sector
February 19, 2024
•[ espionage, malware, technology ]
Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn that Lazarus group's "Operation Dream Job," was also used against the defense sector.
Tangerine
February 18, 2024
•[ leak, misconfiguration, technology ]
In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine login process involves sending a one-time password after entering an email address and phone number, it previously used a traditional password which was also exposed as a bcrypt hash.
PSI Software SE
February 15, 2024
•[ ransomware, malware, technology ]
PSI Software SE, a German software developer for complex production and logistics processes suffers a ransomware attack that impacts its internal infrastructure.
OpenAI
February 14, 2024
•[ hack, ddos, technology ]
Anonymous Sudan claims responsibility for targeting ChatGPT and its parent company, OpenAI, with a series of DDoS attacks.
Undisclosed Meta contractor
February 13, 2024
•[ leak, hack, technology ]
The IntelBroker threat actor leals 200,000 records on a hacker forum, claiming they contain the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users.
