Search Results for "unauthorized access"

Rinku Singh's Facebook account February 5, 2026 • [ account takeover, hacking, social media breach ] Indian media reported that cricketer Rinku Singhs Facebook account was hacked, with police stating the cybercrime unit was investigating. The report indicated it was not yet known whether the compromise resulted in financial fraud or other misuse beyond unauthorized access/control of the account. The confirmed effect is account compromise and loss of control of a social media profile; additional impacts were not established in the reporting.

Spain's Ministry of Science (Ministerio de Ciencia) February 5, 2026 • [ cyberattack, data leak, IDOR vulnerability ] Spains Ministry of Science partially shut down IT systems and suspended ongoing administrative procedures following what it called a technical incident, later reported by Spanish media as related to a cyberattack. A threat actor using the alias GordonFreeman claimed responsibility, posted samples, and offered allegedly stolen ministry data for sale. The attacker claimed an IDOR vulnerability enabled credential access and full admin-level access, but BleepingComputer noted it could not independently confirm all claims. The confirmed impact is significant service disruption for citizen/company-facing procedures, with credible indications of data compromise based on posted samples.

Flickr (via an undisclosed third-party provider) February 5, 2026 • [ data leak, third-party risk, phishing ] Flickr notified users of a potential data breach after a vulnerability in a system operated by one of its third-party email service providers may have allowed unauthorized access to member information. Flickr said it was alerted on February 5, 2026 and shut down access to the affected system within hours. The company stated that passwords and payment card numbers were not compromised. Exposed data may include real names, email addresses, usernames, account type, IP address, general location, and platform activity; Flickr urged vigilance for phishing and recommended changing passwords on other services if reused.

HubEE February 4, 2026 • [ security vulnerability, data leak, unauthorized access ] It wasn't the Service-public.gouv.fr portal itself that was directly hacked, but a key component of its infrastructure: HubEE, the platform responsible for transmitting supporting documents between users and government agencies. For several days, attackers exploited a security vulnerability, navigating the system undetected.

Iron Mountain February 3, 2026 • [ unauthorized access, extortion, compromised credentials ] Iron Mountain said a breach claim by the Everest extortion gang was limited to access to a single folder on a file-sharing server that primarily contained marketing materials. The company stated that a single compromised login credential was used, the credential was deactivated, and there was no ransomware or malware involvement beyond the unauthorized access. Iron Mountain also said no other systems were breached and that no customer confidential or sensitive information was involved.

Portland Public Schools February 3, 2026 • [ phishing, email compromise, unauthorized access ] A phishing email offering a fake part-time job opportunity was sent to students after a staff email account (reported as a teacher account) was compromised. Because the message originated from an internal staff account, it bypassed normal restrictions and reached many student inboxes across the district. The district technology department removed copies of the email from the school system and issued guidance for students who submitted information to the linked form. The confirmed effect is unauthorized use of an internal account to distribute phishing content; the report does not confirm broader system compromise or data exfiltration beyond what students may have submitted to the scam.

University of Nebraska Medical Center February 3, 2026 • [ vulnerability, unauthorized access, data leak ] University of Nebraska Medical Center learned in February 2026 that its REDCap application contained a vulnerability and took the application offline. UNMC's investigation determined that its REDCap instance was subject to unauthorized access between September 20, 2023 and February 3, 2026, though it could not determine whether personal information housed in REDCap was actually accessed. The incident potentially affected 26,937 individuals whose data varied by research study.

NationStates February 3, 2026 • [ vulnerability, remote code execution, data leak ] NationStates confirmed a data breach after taking its website offline to investigate a security incident. The operator stated that on January 27, 2026 a player reported a critical vulnerability, then exceeded authorized boundaries and obtained remote code execution on the main production server, allowing them to copy application code and user data. NationStates indicated the only way to restore confidence was to rebuild the server and determine what was accessed or copied, leading to site instability and downtime during response. The incident combines confirmed unauthorized access/data copying with operational disruption from the shutdown/rebuild.

Hosokawa Micron Corporation February 2, 2026 • [ unauthorized access, cloud storage breach, data leak ] Hosokawa Micron confirmed unauthorized access to one cloud storage account and leakage of personal data stored there.

At least one government, military, and technology entity in Ukraine January 30, 2026 • [ APT, vulnerability exploitation, state-sponsored attack ] Security researchers reported that state-sponsored advanced persistent threat groups exploited a WinRAR vulnerability in real-world attacks that successfully compromised at least one government, military, and technology organization in Ukraine, using malicious archive files to gain unauthorized access to victim systems.

Bumble Inc. (dating app) January 28, 2026 • [ unauthorized access, internal network, compromised account ] A contractor account at Bumble was compromised, granting limited unauthorized access to part of the internal network. Bumble stated that no user accounts, profile data, messages, or member databases were accessed.

Viafier January 22, 2026 • [ malware, data leak, unauthorized access ] The Swiss rail operator Viafier Retica shut down its Vereina car-shuttle online ticket shop after discovering malware on the system. The organization stated that attackers likely accessed the web shop database, which may contain customer and employee contact details and hashed passwords. Users were advised to change passwords used on other services. The incident caused service disruption to online ticket sales while containment and investigation actions were undertaken.

At least one blockchain developer January 22, 2026 • [ phishing, blockchain, credential theft ] IT technicians and blockchain developers were targeted in a phishing campaign attributed to the NGB 3rd Technical Surveillance Bureau (KONNI/APT37), resulting in unauthorized access to end-user systems and the compromise of stored development and infrastructure credentials.

Cloud Imperium Games (CIG) January 21, 2026 • [ unauthorized access, data breach, personal information ] Cloud Imperium Games disclosed that on January 21, 2026 it was targeted by a sophisticated attack that resulted in unauthorized access to some backup systems with limited access to users basic account details. The company said impacted data included metadata, contact details, username, date of birth, and name. It stated the access was read-only and that no passwords or financial/payment information were stored in or accessible from the affected systems, and it had no indication the data had been leaked publicly at the time of disclosure.

French national bank accounts database (FICOBA) / Ministry of Economy and Finance January 18, 2026 • [ data leak, stolen credentials, unauthorized access ] Frances Ministry of Economy and Finance stated that part of the national database listing bank accounts in France was illegally accessed, exposing information linked to about 1.2 million accounts. The ministry said that starting in late January 2026, a malicious actor used stolen credentials belonging to an official to access part of the database. The exposed data includes bank details (RIB/IBAN), identity and address of the account holder, and in some cases a tax identification number. Authorities said they restricted access, stopped the intrusion, and notified banks to warn customers to be vigilant.

Nacogdoches Memorial Hospital January 15, 2026 • [ unauthorized access, personal health information, internal network breach ] A threat actor accessed Nacogdoches Memorial Hospitals internal network and information systems between January 15 and January 31, 2026, likely accessing personal and health information of 257,073 individuals.

Daniel L Kaler DDS PC January 15, 2026 • [ data leak, unauthorized access, medical information ] Attackers gained unauthorized access to systems at a Dakota Dunes dental practice and exfiltrated patient records from its databases. The breach exposed personal, medical, and financial information belonging to approximately 27000 individuals.

Victorian Government Schools January 14, 2026 • [ unauthorized access, data breach, student information ] The Department of Education in Victoria, Australia notified parents that an unauthorized third party accessed a database holding student account information. According to disclosure reporting, attackers accessed current and former students personal and school-related fields including names, school names, year levels, school-issued email addresses, and encrypted passwords associated with those accounts. The department stated that more sensitive details such as birth dates, home addresses, and phone numbers were not exposed. Authorities and cyber experts were involved, and the department reset student passwords as a precaution, temporarily restricting access until new credentials were issued. At the time of reporting, investigators had not found evidence that the accessed data had been publicly released or shared onward.

Choice Hotels International January 14, 2026 • [ social engineering, unauthorized access, PII leak ] An unauthorized person used social engineering to gain access to a Choice Hotels application containing records on franchisees and franchise applicants, exposing names and Social Security numbers.

Town of La Hague January 13, 2026 • [ intrusion, email compromise, unauthorized access ] The municipality of La Hague (France) announced it was the victim of an intrusion into its information system that impacted internal email accounts. Upon learning of the incident, the commune reported immediate actions including changing passwords for affected and administrator accounts, temporarily suspending email sending for impacted users, notifying relevant authorities (including ANSSI, CERT-FR, DINUM, CNIL, and local digital authorities), informing partners, and filing a formal complaint with the gendarmerie. Specialized law enforcement units began investigating the incident and its consequences while technical teams and service providers conducted parallel analysis. The announcement emphasized heightened vigilance against suspicious links/attachments and stated the municipality was working to restore system security.

Search Results (unauthorized access)