Breaches and leaks

Personal note: I feel like this section is becoming too overwhelming. My aim with this newsletter is to digest news, not flood you with it.

I'm going to curate these more strictly, like I do with the other articles. So know that this isn't an exhaustive list of this week's breaches, but rather a selection.

  • Chinese city of Xinjiang: Exposed an unsecured MongoDB instance holding real-time tracking information of the Muslim population of the city. Ffs.
  • VFEmail: An e-mail provider. The attackers just plain wiped everything, including backups. All emails for US-based customers are lost.
  • A collection of 620 million credentials is being sold, with databases from 500px (with md5 passwords), MyFitnessPall, DataCamp, and many more. The same people are also selling a second collection with 127 million records.
  • Bank of Malta: attackers got in and wired €13 million.
Dieter Van der Stock