Tag:

Breach

Discord customer service data breach leaks user info and scanned photo IDs
Gaming Gear

Discord customer service data breach leaks user info and scanned photo IDs

by admin


One of Discord’s third-party customer service providers was compromised by an “unauthorized party,” the company says. The unauthorized party gained access to “information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams” and aimed to “extort a financial ransom from Discord.” The unauthorized party “did not gain access to Discord directly.”

Data potentially accessed by the hack includes things like names, usernames, emails, and the last four digits of credit card numbers. The unauthorized party also accessed a “small number” of images of government IDs from “users who had appealed an age determination.” Full credit card numbers and passwords were not impacted by the breach, Discord says.

The company is notifying impacted users now over email. If your ID might have been accessed, Discord will specify that. Discord also says it revoked the support provider’s access to Discord’s ticketing system, has notified data protection authorities, is working with law enforcement, and has reviewed “our threat detection systems and security controls for third-party support providers.”



Source link

0 comments
0 FacebookTwitterPinterestEmail
Data breach
Gaming Gear

US Air Force investigating data breach caused by Microsoft SharePoint issue

by admin



  • US Air Force investigating SharePoint breach exposing PII and PHI across its systems
  • Chinese-linked groups exploited SharePoint flaws
  • Microsoft and US authorities are actively investigating the scope and impact of the breach

The US Air Force is reportedly investigating a potential data breach caused by a Microsoft SharePoint issue.

A report from The Register revealed the Air Force Personnel Center Directorate of Technology and Information issued a data breach notification shared on social media.

“This message is to inform you of a critical Personally Identifiable Information (PII) and Protected Health Information (PHI) exposure related to USAF SharePoint Permissions,” the warning reads. “As a result of this breach, all USAF SharePoints will be blocked Air Force-wide to protect sensitive information.”


You may like

Big names

The Register reported Microsoft Teams and Power BI dashboards should also be blocked since they access SharePoint, but this information is unconfirmed at this time.

“The Department of the Air Force is aware of a privacy-related issue,” an Air Force spokesperson told The Register.

Further information out there is scarce right now, with little information on who the threat actors are and what they sought to achieve.

Obviously, most fingers are now being pointed towards China, following reports in early July 2025 that Microsoft had confirmed three Chinese-affiliated hacking groups exploited vulnerabilities in on-prem SharePoint servers.

The groups, called Linen Typhoon, Violet Typhoon, and Storm-2603, targeted flaws that allowed authentication bypass and remote code execution, which enabled them to steal sensitive data such as MachineKey information.

These exploits affected at least two US federal agencies and numerous other organizations globally. The situation is being actively investigated by both Microsoft and US authorities.

However, we should also not forget Russian state-sponsored groups, who have the skills and the infrastructure to pull this kind of attack off, and have done so in the not-too-distant-past, as well.

Previously, Microsoft faced US government fire over its lax cybersecurity approach, which even forced it to change how it operated – let’s see if this time it is any different.

You might also like



Source link

0 comments
0 FacebookTwitterPinterestEmail
Red padlock open on electric circuits network dark red background
Gaming Gear

Huge theft reportedly sees 2TB of private data stolen – police files hit in major breach

by admin



  • Maida.health allegedly leaks 2.3TB of Brazilian military police medical and personal data
  • Cybercriminals advertised stolen records including diagnostics, ID cards, and healthcare contracts online
  • Healthcare remains a top target due to sensitive data and risk of identity theft or fraud

Maida.health, a Brazilian health technology company, allegedly suffered a data breach in which it lost more than 2TB of data concerning the country’s military police.

A threat actor recently posted a new thread on an underground forum advertising 2.3 terabytes of data sourced from maida.health, including the health records of Brazilian military police, identification cards and other details, as well as medical reports.

“This data includes all medical services and management of healthcare contracts in the Brazilian health system, particularly the Brazilian military police,” the post reads. “It specifically covers diagnostic and treatment services such as cardiology, neurology, gynecology, and more, including patient details, identification cards, and medical records for both personnel and their families.”


You may like

Identity theft and medical fraud

So far, there has been no confirmation on the authenticity of the claims. The attacker posted a sample that is yet to be analyzed by security researchers, which allegedly includes invoices for medical care, administrative protocols, regulatory certificates, and clinical patient data.

In its writeup, Cybernews explained how the data might be abused: “When this kind of data is leaked, it could often lead to identity theft or medical fraud. For example, criminals may try to impersonate the victim to receive medical care or try to get prescription drugs in the victim’s name,” the researchers said.

This is not the first time the citizens of Brazil had their sensitive data leaked. In fact, at one point in early 2024, the entire Brazilian population was potentially put at risk, when researchers found an unprotected database that held personal information on approximately 223 million Brazilians.

Given that by 2021 data, Brazil has 214 million people, it could be that information on the entire population of Brazil was contained in that database.

Due to the sensitivity of the information generated, the healthcare industry is widely considered as among the most targeted ones.

Via Cybernews

You might also like



Source link

0 comments
0 FacebookTwitterPinterestEmail
An image of network security icons for a network encircling a digital blue earth.
Gaming Gear

Car giant Stellantis confirms data breach after third-party hit by cyberattack

by admin



  • Stellantis confirms data breach via third-party platform supporting North American customer services
  • Attack linked to ShinyHunters, part of broader Salesforce-related data theft campaign
  • Customers warned to avoid suspicious emails and remain alert for phishing attempts

Stellantis, one of the world’s largest automakers, confirmed suffering a cyberattack and losing sensitive customer data.

In a short announcement, Stellantis said the breach did not occur within its infrastructure, but rather in a third party service provider’s platform that supports its North American customer service operations.

“Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation,” the company said in the report. “We are also notifying the appropriate authorities and directly informing affected customers.”


You may like

ShinyHunters strike again

The report offered little details, as Stellantis noted the personal information involved was “limited to contact information” and that financial, or “sensitive personal information” was not accessed, since it wasn’t stored on company servers in the first place.

It did not detail who the threat actors were, or what they sought out to achieve, but BleepingComputer claims the attack was carried out by ShinyHunters, and that it was part of a recent wave of Salesloft data breaches.

The threat actors reprotedly claimed responsibility for the attack, telling the publication it stole more than 18 million Salesforce records, including names, and contact details.

Stellantis is yet to confirm or deny these claims, but if they turn out to be true, the automotive giant will be added to a long list of major companies that had their data compromised in the Salesloft issues.

Other companies that suffered the same fate include Google, Cloudflare, Zscaler, Palo Alto Networks, Proofpoints, Cato Networks, and many others.

In the meantime, Stellantis urged its customers to remain vigilant against potential phishing attempts, and to be particularly wary of incoming communication claiming to come from the automaker.

Furthermore, it warned the customers not to click on any links in emails, or other forms of communication, especially in those demanding urgent activity or response.

You might also like



Source link

0 comments
0 FacebookTwitterPinterestEmail
Decrypt logo
NFT Gaming

Amended Lawsuit Accuses TaskUs of Concealing Coinbase Data Breach

by admin



In brief

  • The amended complaint claims TaskUs’s India operations were at the center of a coordinated bribery scheme to steal customer information.
  • Plaintiffs allege the company concealed the breach, firing investigators and failing to disclose details in securities filings before a $1.6 billion Blackstone buyout.
  • Coinbase reimbursed affected users, tightened controls, and ended its relationship with TaskUs, Decrypt was told.

Amendments to a class action in New York against TaskUs have added new claims of systemic security failures and concealment in a breach tied to Coinbase customer data.

The amended complaint, filed on Tuesday at the Southern District of New York, adds key elements to earlier disclosures about how Coinbase’s customer data was handled across the timeline of the massive breach, from its origins in late 2024 to Coinbase’s eventual disclosure in May, with losses estimated to reach as much as $400 million.

“This was a criminal bribery scheme beginning in late 2024 that exploited both external vendors and a small number of Coinbase CX staff outside the U.S., enabling social-engineering scams against less than 1% of monthly transacting users,” a Coinbase spokesperson told Decrypt.



The crypto exchange said it notified affected users and regulators immediately, and reimbursed impacted customers as it tightened vendor and insider controls.

Coinbase has since ended its relationship with TaskUs, refusing to “pay the criminals” instead creating “a $20 million reward for information leading to arrests and convictions,” the spokesperson confirmed with Decrypt.

TaskUs did not immediately return Decrypt’s requests for comment.

Key changes to the complaint describe a coordinated scheme inside TaskUs’s India operations, where employees were allegedly bribed to photograph sensitive account information and pass it to criminals. Plaintiffs say the conspiracy spread beyond front-line staff, prompting TaskUs to dismiss around 300 employees in January.

‘Coordinated criminal campaign’

The outsourcing firm’s public statements allegedly “belie a far broader and coordinated criminal campaign that involved dozens, if not hundreds of TaskUs employees,” the complaint reads.

The filing also accuses TaskUs of concealing the scope of the breach. According to plaintiffs, the company “ took steps to silence those with knowledge of the breach” and fired its own human resources personnel tasked with investigating the breach in February.

It later continued to tell regulators it had suffered no material breach, and moved ahead with a $1.6 billion buyout through Blackstone before Coinbase acknowledged the incident in May.

A Form 10-K filing from TaskUs in February did not cite any factors pertaining to the Coinbase breach, which meant that it was effectively claiming it “was not aware of any material data breach impacting the company,” before Coinbase acknowledged the incident in May, the amended complaint alleged.

The amended complaint also expands on claims that TaskUs ignored Section 5 of the FTC Act, framing the lapses as systemic rather than isolated.

Those standards guide “what businesses should do to avoid ‘unfair’ or ‘deceptive’ practices, Andrew Rossow, public affairs attorney and CEO of AR Media Consulting, told Decrypt. “While not all guidance is legally binding, ignoring it can show that a company was careless or misleading.”

Courts and regulators are weighing whether the compromised data was sensitive enough to expose people to identity theft or financial loss, Rossow explained. 

They will also examine whether safeguards such as encryption or multi-factor authentication were employed, whether the risks were foreseeable, whether security promises aligned with reality, and whether consumers had any means to protect themselves.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Swissborg Crypto Platform Loses $41M Solana In Major Security Breach
Crypto Trends

SwissBorg Crypto Platform Loses $41M Solana in Major Security Breach

by admin



SwissBorg, a Switzerland-based crypto wealth management platform, confirmed hackers stole over $40 million in Solana after exploiting a vulnerability in its staking partner Kiln’s API. The attack drained around 193,000 SOL tokens, worth $41 million at the time of writing.

The attack was on Kiln, a staking infrastructure company that supports yield products on blockchains such as Solana (SOL) and Ethereum (ETH). Hackers have broken the API of Kiln, the interface that links the app of SwissBorg to the staking network of Solana. 

Attackers could use API requests to siphon funds directly out of the Solana Earn program at SwissBorg. Importantly, SwissBorg said its app and other Earn products such as Bitcoin (BTC) and ETH staking were not affected. The company also assured users that its financial health remains strong and that only about 1% of its customer base was impacted.

SwissBorg Promises Reimbursement

CEO Cyrus Fazel called it “a bad day but not a fatal blow.” Speaking in a video posted on X, he confirmed the hack only affected Solana deposits and pledged full reimbursement for impacted users. “With the current treasury we have, we could already do that,” Fazel said.

SwissBorg added it is working with exchanges, international agencies, and white-hat hackers to track the stolen funds. Some transactions have already been blocked. Blockchain data shows the stolen tokens were moved to a wallet now labeled “SwissBorg Exploiter” on Solscan.

Despite the setback, Fazel emphasized the incident would serve as a learning experience, strengthening SwissBorg’s security going forward.

Also Read: Kinto Token Crashes 91% as Ethereum L2 Project Shuts Down After Hack





Source link

0 comments
0 FacebookTwitterPinterestEmail
Google Investors Surprisingly Chill About Major Data Breach
Product Reviews

Google Investors Surprisingly Chill About Major Data Breach

by admin


The stock of Google’s parent company ended Friday’s trading session relatively unchanged, as investors digested news of a major data leak and broader market developments.

Alphabet Inc. (GOOG)’s shares closed at $213.53, up slightly from the day’s prior end price, despite Google‘s global security alert advising its 2.5 billion Gmail users to update their information following a data breach involving one of its Salesforce databases.

The company immediately issued a network-wide alert telling users to change their password immediately.

Despite all that, investors in Google had either not fully digested the news during Friday trade, or were watching see what fallout might continue over the weekend, before pricing in any hit to the company’s value.

So what was affected in the breach?

Though consumer Gmail and Cloud accounts were not directly compromised, the incident has triggered an aggressive wave of phishing and impersonation attacks targeting users across the platform.

The leak, which exposed hundreds of thousands of sensitive documents and personal data, has underscored growing concerns about cybersecurity risks facing major tech firms.

Still, despite major data breaches at all the tech giants, seemingly in an endless game of round robin, investors continue to believe the potential of these companies outweighs most security concerns.

Alphabet said in a statement it is investigating the breach and implementing additional security measures, but the incident has added to scrutiny of data management practices across the industry.

“The safety and privacy of user data are paramount,” it read. “We are working diligently to address these issues and prevent future incidents.”

Cybersecurity concerns ramp up

Meanwhile, investors are still nervously cautious about signs of economic slowdown and Federal Reserve signals hinting at future interest rate cuts.

Despite the turbulence, Alphabet’s stock maintained its position, reflecting investors’ ongoing confidence in the company’s core advertising and cloud businesses. But questions about data security continue to cloud its outlook.

As the debate over digital privacy and cybersecurity intensifies, Alphabet’s response and its ability to restore trust will be closely watched by shareholders and regulators alike. Google sought this week to reassure consumers and investors.

The breach exposed thousands of sensitive records, including personal details, corporate documents, and government information.

The leaked data spread across multiple sources and was easily accessible via search engines. It includes confidential information such as legal files, financial records, and private communications.

Company data policies under new scrutiny

Experts warn that such exposure not only jeopardizes individual privacy but also heightens the risk of corporate espionage, identity theft, and national security threats.

In its statement, Google emphasized that it is actively investigating the incident and has deployed additional security measures to identify and mitigate the breach’s impact.

Cybersecurity analysts warn that the proliferation of data leaks reflects broader systemic issues in how companies handle sensitive information, as the industry remains largely unregulated and prone to cyberattacks. The incident serves as a stark reminder of the urgent need for stronger data protection standards and increased transparency around data management practices.

As consumers and businesses grapple with the potential fallout, authorities worldwide are calling for stricter oversight of data security protocols to mitigate the risks posed by such breaches in an increasingly interconnected world.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Unknown Worlds sues former leadership team for breach of employment and "fiduciary duty of care"
Esports

Unknown Worlds sues former leadership team for breach of employment and “fiduciary duty of care”

by admin


Unknown Worlds is suing its former leaders Charlie Cleveland, Adam McGuire, and Ted Gill for breach of equity purchase agreement, breach of implied covenant of good faith and fair dealing, breach of employment agreement, and breach of “fiduciary duty of care” in their capacity as directors.

Parent company Krafton sent GamesIndustry.biz a link to a heavily redacted copy of the filing in which the three former leaders of Unknown Worlds are accused of “openly threaten[ing] Krafton with litigation, and expressly demanding and prioritizing a release date for Subnautica 2, writing: “they demanded the Earnout, not the early access release that would best entice the gaming community into the Subnautica 2 world. Personal (not Company) goals were the priority for [them].”

Details of the legal complaint against Krafton, Inc. by the former leadership of Subnautica 2 developer Unknown Worlds became public last month. The complaint concerns a $250 million bonus payout tied to revenue targets for the 2025 Early Access release of Subnautica 2, which the former shareholders of Unknown Worlds Entertainment, represented by Fortis Advisors LLC – allege owners Krafton, Inc. sought to avoid paying out by delaying the game using “pressure tactics”. The publisher said it had “requested a delay” in releasing the highly-anticipated sequel in early access to “safeguard the quality of Subnautica 2 and maintain player trust.”

This subsequent lawsuit accuses the three former leaders of then threatening to self-publish Subnautica 2, “releasing it without Krafton’s backing, marketing, promotion, or distribution.” This, Krafton claims, left it with “no choice but to terminate their employment.”

The company also alleges that McGuire, Gill, and Cleveland downloaded tens of thousands of “company files” and emails in the lead up to these terminations. “These downloads were, by far, the largest downloads for each of the three Key Employees at any time since at least 2022,” Krafton added, and said the former leadership “refused” to return “or at the very least confirm” what devices and confidential information remained in their possession.

“When pushed, the Key Employees threatened to delete files and again refused to provide access to their devices containing Confidential Information for inspection,” the publisher added.

The 74-page complaint also reiterates Krafton’s former position that Cleveland and McGuire had “checked out” of developing Subnantica 2, leaving Gill unable to “overcome to complete abdication of the Subnautica 2 creative and technical leadership team.”

Read our timeline of the former Subnautica 2 leads versus Krafton here.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Close