Breaches and leaks

  • SBI: India's biggest bank had an unsecured database showing detailed financial information of millions of customers.
  • Rubrik: a large data security company had, ironically, an unsecured Elasticsearch instance with customer information.
  • Huddle House: US-based restaurant chain, had its POS system compromised and credit card data leaked.
  • Houzz: interior decoration website, had user data including hashed passwords leaked.
  • Jack'd: dating app, exposes all of its users' private pictures.
  • Visma: large Norwegian-based cloud provider, suffered a large hack back in August of last year, reportedly by the Chinese backed APT10.
  • There are now a total of 5 large Collection data dumps available, with a total of over 900GB of records. It's unclear right now how much of these are new, they are still being analysed: link
  • A data dump of 175GB containing documents belonging to the Russian governement has been published online: link
  • Australian governement: had a "security incident" affecting everyone with a Parliament House email address. Not a lot of details available.
  • Eskom: largest energy supplier in South Africa, was breached both through a malware infection and an unsecured server.
  • An employee at a Chinese bank found a loophole in their ATM system that allowed him to withdraw about $1 million over the course of a year: link
  • Basecamp: More of a positive story really, which is refreshing. They defended succesfully against a credential stuffing attack by blocking IP's and enabling CAPTCHA's. They then reset the passwords of the 124 account that were breached.
Dieter Van der Stock

Sponsorship slot available

One slot is taken by the amazing 1Password, but the other is currently available. If your company wants to support this newsletter and reach nearly 4000 security-minded people, hit reply and let me know :-)

Dieter Van der Stock