Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Breach. Show all posts
Hackers
AI AI Assistant Amazon Q coding Data Breach Hackers

Amazon’s Coding Tool Hacked — Experts Warn of Bigger Risks

 



A contemporary cyber incident involving Amazon’s AI-powered coding assistant, Amazon Q, has raised serious concerns about the safety of developer tools and the risks of software supply chain attacks.

The issue came to light after a hacker managed to insert harmful code into the Visual Studio Code (VS Code) extension used by developers to access Amazon Q. This tampered version of the tool was distributed as an official update on July 17 — potentially reaching thousands of users before it was caught.

According to media reports, the attacker submitted a code change request to the public code repository on GitHub using an unverified account. Somehow, the attacker gained elevated access and was able to add commands that could instruct the AI assistant to delete files and cloud resources — essentially behaving like a system cleaner with dangerous privileges.

The hacker later told reporters that the goal wasn’t to cause damage but to make a point about weak security practices in AI tools. They described their action as a protest against what they called Amazon’s “AI security theatre.”


Amazon’s response and the fix

Amazon acted smartly to address the breach. The company confirmed that the issue was tied to a known vulnerability in two open-source repositories, which have now been secured. The corrupted version, 1.84.0, has been replaced with version 1.85, which includes the necessary security fixes. Amazon stated that no customer data or systems were harmed.


Bigger questions about AI security

This incident highlights a growing problem: the security of AI-based developer tools. Experts warn that when AI systems like code assistants are compromised, they can be used to inject harmful code into software projects or expose users to unseen risks.

Cybersecurity professionals say the situation also exposes gaps in how open-source contributions are reviewed and approved. Without strict checks in place, bad actors can take advantage of weak points in the software release process.


What needs to change?

Security analysts are calling for stronger DevSecOps practices — a development approach that combines software engineering, cybersecurity, and operations. This includes:

• Verifying all updates through secure hash checks,

• Monitoring tools for unusual behaviour,

• Limiting system access permissions and

• Ensuring quick communication with users during incidents.

They also stress the need for AI-specific threat models, especially as AI agents begin to take on more powerful system-level tasks.

The breach is a wake-up call for companies using or building AI tools. As more businesses rely on intelligent systems to write, test, or deploy code, ensuring these tools are secure from the inside out is no longer optional, it’s essential.

Read more »
Indian agriculture cyber threat
agricultural research India Data Breach data loss ICAR government cyberattack ICAR data breach ICAR website hacked Indian agriculture cyber threat

ICAR Suffers Major Cyberattack: Recruitment and Research Data Compromised in National Breach

 

In a major cybersecurity incident this April, the Indian Council of Agricultural Research (ICAR) — the apex body managing agricultural education and research nationwide — fell victim to a serious data breach. The cyberattack targeted ICAR’s central website, its primary server located in Delhi, and a replication server based in Hyderabad, resulting in what officials have described as the loss of "crucial data."

The breach has severely disrupted multiple core functions across ICAR. Among the most affected is sensitive recruitment-related information, covering roles ranging from Technical Officers to Deputy Directors General. 

Confidential job applications, critical research project records, and submissions from scientists were also compromised. Alarmingly, internal email correspondences were accessed, raising significant concerns about the breach’s impact on institutional collaboration and knowledge continuity.

Key wings of ICAR bore the brunt of the hack, including the Agricultural Scientists Recruitment Board (ASRB), which manages hiring for agricultural research roles; the Indian Agricultural Statistics Research Institute (IASRI), which handles vital agricultural data analytics; and the National Academy of Agricultural Research Management (NAARM), which plays a central role in agricultural HR development. The disruption could pose long-term challenges for India’s agricultural progress, given how dependent the sector is on ICAR’s capabilities.

In a swift response, ICAR has constituted a six-member expert committee. The panel has been tasked with investigating why both the Data Centre and the Disaster Recovery Centre failed to function effectively. In addition, the team is expected to recommend strong cybersecurity protocols to avoid future breaches. The outcome of this review could play a pivotal role in reinforcing the digital resilience of ICAR and potentially setting new standards for other public institutions.
Read more »
User Data
Courier Scam Data Breach Data Leaks EC-Ship Hong Kong mailing system User Data

Cyberattack on EC-Ship Platform Exposes Personal Data of Thousands

 



Hong Kong, China — A recent cyberattack on Hongkong Post’s online mailing system has resulted in a major data breach affecting tens of thousands of users. According to officials, the hacker managed to access sensitive contact information from the EC-Ship platform, which is widely used for managing and sending mail.

Postmaster General Leonia Tai revealed that the attacker was able to view information stored in the address books of approximately 60,000 to 70,000 EC-Ship accounts. These records contained the names, addresses, email IDs, and phone numbers of both senders and recipients, as well as company names and fax numbers.

EC-Ship is a digital tool operated by the Hongkong Post, which helps individuals and businesses arrange mail deliveries locally and internationally. The platform allows users to save contact information, print shipping labels, and track parcels.

The breach began on Sunday night and continued into Monday. According to Tai, the attacker created a legitimate account on the platform and began exploring weaknesses in the system’s code. Though the system recognized unusual activity and temporarily suspended the attacker’s access, the hacker continued trying different techniques. Eventually, they discovered a flaw in the program’s code that allowed them to reach data stored in other users’ address books.

Tai stated that the issue was quickly identified and the affected programming code was patched to block further intrusions. However, the hacker had already extracted confidential information from a large number of users. The Hongkong Post has contacted affected account holders by email and asked them to alert anyone whose information may have been exposed.

Law enforcement agencies have launched an investigation into the incident. In the meantime, Hongkong Post is seeking expert advice to strengthen its digital defences.

Cybersecurity professionals have raised concerns over where the EC-Ship system is hosted. Some believe that sensitive systems like this should operate on government cloud servers, which offer more advanced protection. Tai responded that Hongkong Post follows standard security procedures and that their internal systems did detect and respond to the attack.

Efforts are now underway to migrate the EC-Ship service to a central government-managed internet platform that uses multiple layers of protection and round-the-clock monitoring. Officials hope this will reduce the chances of future incidents and better safeguard users’ data.

Read more »
Personal Information
customer data compromise customer data leak customer data privacy Data Breach Data Leak Data Privacy data security Database Leaked Fashion Retailer Personal Information

SABO Fashion Brand Exposes 3.5 Million Customer Records in Major Data Leak

 

Australian fashion retailer SABO recently faced a significant data breach that exposed sensitive personal information of millions of customers. The incident came to light when cybersecurity researcher Jeremiah Fowler discovered an unsecured database containing over 3.5 million PDF documents, totaling 292 GB in size. The database, which had no password protection or encryption, was publicly accessible online to anyone who knew where to look. 

The leaked records included a vast amount of personally identifiable information (PII), such as names, physical addresses, phone numbers, email addresses, and other order-related data of both retail and business clients. According to Fowler, the actual number of affected individuals could be substantially higher than the number of files. He observed that a single PDF file sometimes contained details from up to 50 separate orders, suggesting that the total number of exposed customer profiles might exceed 3.5 million. 

The information was derived from SABO’s internal document management system used for handling sales, returns, and shipping data—both within Australia and internationally. The files dated back to 2015 and stretched through to 2025, indicating a mix of outdated and still-relevant information that could pose risks if misused. Upon discovering the open database, Fowler immediately notified the company. SABO responded by securing the exposed data within a few hours. 

However, the brand did not reply to the researcher’s inquiries, leaving critical questions unanswered—such as how long the data remained vulnerable, who was responsible for managing the server, and whether malicious actors accessed the database before it was locked. SABO, known for its stylish collections of clothing, swimwear, footwear, and formalwear, operates three physical stores in Australia and also ships products globally through its online platform. 

In 2024, the brand reported annual revenue of approximately $18 million, underscoring its scale and reach in the retail space. While SABO has taken action to secure the exposed data, the breach underscores ongoing challenges in cybersecurity, especially among mid-sized e-commerce businesses. Data left unprotected on the internet can be quickly exploited, and even short windows of exposure can have lasting consequences for customers. 

The lack of transparency following the discovery only adds to growing concerns about how companies handle consumer data and whether they are adequately prepared to respond to digital threats.
Read more »
World Leaks
Customer Solution Centers Data Breach Dell Technologies User Security World Leaks

World Leaks Outfit Linked to Dell Test Lab Intrusion

 

Dell Technologies has acknowledged a serious security compromise affecting its Customer Solution Centers platform, the latest high-profile intrusion by the World Leaks extortion outfit. 

The breach occurred earlier this month and targeted Dell's isolated demonstration environment, which is designed to showcase commercial solutions to enterprise customers, however the company claims that critical user data and operating systems are still secure. 

The attack targeted Dell's Customer Solution Centres infrastructure, which is a controlled environment used for product presentations and proof-of-concept testing for commercial users. Threat actors were able to successfully breach this platform, which follows stringent network segmentation guidelines to keep it isolated from production systems, according to Dell's official statement. 

The platform "is intentionally separated from customer and partner systems, as well as Dell's networks and is not used in the provision of services to Dell customers," according to Dell, which underlined the purposeful isolation of the compromised environment. Multiple isolation levels and clear warnings that forbid users from uploading private or sensitive data to the demonstration environment are features of the company's security architecture. 

The breach investigation discovered that the stolen data mostly consisted of fake test information, publicly available datasets used for demonstrations, Dell scripts, system data, and testing results. The only authentic data exposed appears to be an out-of-date contact list with little operational value, severely limiting the possible impact on Dell's company operations and customer relationships. 

Security review 

Report claims that Dell's thorough security response shows how well their multi-layered defence architecture can limit the potential harm caused by advanced cyberattacks. While ensuring that partner systems, production networks, and customer data repositories are unaffected by the incident, the company's security team is still looking into the breach vectors. 

The breach's limited scope shows Dell's strong data management processes and network segmentation strategies, which effectively prevented lateral movement into vital company systems. Dell's emphasis on using synthetic data for demonstration reasons was critical in limiting the breach's potential damage, as attackers accessed created information rather than sensitive consumer or company data.

This incident shows the expanding landscape of cyber threats, as attackers increasingly target demonstration and testing environments as potential entry points into larger corporate networks, making robust security architecture vital for organisational protection.
Read more »
protecting sensitive data
Data Breach Data Sale data security Data Stolen Data Theft Database Leaked Database Security Infostealer Personal Data Personal Information protecting sensitive data

Startup Sells Stolen Personal Data Online for $50, Raising Alarms Over Privacy and Ethics

 

A new controversy is brewing over a U.S.-based startup accused of making stolen personal data widely accessible—for as little as $50. Farnsworth Intelligence, founded by 23-year-old Aidan Raney, is openly marketing a product called “Infostealers,” which allows customers to search a massive database of sensitive information, including passwords, browser autofill data, and private account credentials. 

According to investigative reporting by 404 Media, this information isn’t simply scraped from public directories or legally collected sources. Instead, it appears to come directly from major data breaches—information illegally obtained from hacked websites and platforms. Users can buy access through the company’s online portal, Infostealers.info, raising serious questions about the legality and ethics of such transactions. 

While services like people-search websites have long existed, Farnsworth’s platform seems to go far beyond what’s commonly available. Some of the information for sale includes usernames, passwords, browser history, addresses saved in auto-fill fields, and more—data types typically leaked only after breaches. Their advanced offering, the Infostealer Data Platform, promises even deeper access. Although not available to everyone, it can be granted upon request for uses like journalism, cybersecurity, private investigations, or law enforcement. The company doesn’t appear to require a court order or warrant for access. 

Farnsworth Intelligence makes bold claims about its reach and capabilities. Its website boasts about human intelligence operations and even claims to have infiltrated a North Korean laptop farm via social engineering. It promotes use cases like “corporate due diligence,” “background checks,” and “asset searches,” without clearly explaining how it acquires its “trillions” of data points. The lack of transparency, coupled with the open sale of sensitive data, is alarming. 

Experts argue that while security researchers and cybersecurity firms often monitor breach data to help protect users, monetizing it so brazenly is a different matter entirely. As Cooper Quintin from the Electronic Frontier Foundation notes, “It would be illegal and unethical to sell stolen cell phones even if you didn’t steal them yourself, and I don’t see how this is any different.”  

Even more concerning is the potential for abuse. With no real verification or oversight, bad actors—including stalkers or authoritarian agencies—could exploit this platform to target individuals, especially those already at risk. The implications for personal safety, privacy rights, and digital ethics are profound. 

This development underscores how data breaches don’t just disappear—they become weapons for profit in the wrong hands.
Read more »
protecting sensitive data
Army British Army Data Breach Data Leak Data protection data security Information Security protecting sensitive data

UK Army Probes Leak of Special Forces Identities in Grenadier Guards Publication

 

The British Army has initiated an urgent investigation following the public exposure of sensitive information identifying members of the UK Special Forces. General Sir Roly Walker, Chief of the General Staff, has directed a comprehensive review into how classified data was shared, after it was found that a regimental newsletter had published names and postings of elite soldiers over a period of more than ten years. 

The internal publication, created by the Grenadier Guards Regimental Association, is believed to have revealed the identities and current assignments of high-ranking officers serving in confidential roles. Several names were reportedly accompanied by the abbreviation “MAB,” a known military code linked to Special Forces. Security experts have expressed concern that such identifiers could be easily deciphered by hostile actors, significantly raising the risk to those individuals. 

The revelation has triggered backlash within the Ministry of Defence, with Defence Secretary John Healey reportedly outraged by the breach. The Ministry had already issued warnings about this very issue, yet the publication remained online until it was finally edited last week. The breach adds to growing concern over operational security lapses in elite British military units.  

This latest disclosure follows closely on the heels of another incident in which the identities of Special Forces soldiers involved in missions in Afghanistan were exposed through a separate data leak. That earlier breach had been shielded by a legal order for nearly two years, emphasizing the persistent nature of such security vulnerabilities. 

The protection of Special Forces members’ identities is a critical requirement due to the covert and high-risk nature of their work. Publicly exposing their names can not only endanger lives but also jeopardize ongoing intelligence missions and international collaborations. The leaked material is also said to have included information about officers working within the Cabinet Office’s National Security Secretariat—an agency that advises the Prime Minister on national defence—and even a soldier assigned to General Walker’s own operational staff. 

While the Grenadier Guards’ publication has now removed the sensitive content, another regiment had briefly published similar details before promptly deleting them. Still, the extended availability of the Grenadier data has raised questions about oversight and accountability in how military associations manage sensitive information.  

General Walker, a former commander of the Grenadier Guards, announced that he has mandated an immediate review of all information-sharing practices between the army and regimental associations. His directive aims to ensure that stronger protocols are in place to prevent such incidents in the future, while still supporting the positive role these associations play for veterans and serving members alike. 

The Defence Ministry has not released details on whether those named in the leak will be relocated or reassigned. However, security analysts say the long-term consequences of the breach could be serious, including potential threats to the personnel involved and operational risks to future Special Forces missions. As investigations continue, the British Army is now under pressure to tighten internal controls and better protect its most confidential information from digital exposure.
Read more »
phishing risks
AI Artificial Intelligence Cybersecurity Threats Data Breach gambling accounts online betting platforms phishing risks

AI-Driven Phishing Threats Loom After Massive Data Breach at Major Betting Platforms

 

A significant data breach impacting as many as 800,000 users from two leading online betting platforms has heightened fears over sophisticated phishing risks and the growing role of artificial intelligence in exploiting compromised personal data.

The breach, confirmed by Flutter Entertainment, the parent company behind Paddy Power and Betfair, exposed users’ IP addresses, email addresses, and activity linked to their gambling profiles.

While no payment or password information was leaked, cybersecurity experts warn that the stolen details could still enable highly targeted attacks. Flutter, which also owns brands like Sky Bet and Tombola, referred to the event as a “data incident” that has been contained. The company informed affected customers that there is, “nothing you need to do in response to this incident,” but still advised them to stay alert.

With an average of 4.2 million monthly users across the UK and Ireland, even partial exposure poses a serious risk.

Harley Morlet, chief marketing officer at Storm Guidance, emphasized: “With the advent of AI, I think it would actually be very easy to build out a large-scale automated attack. Basically, focusing on crafting messages that look appealing to those gamblers.”

Similarly, Tim Rawlins, director and senior adviser at the NCC Group, urged users to remain cautious: “You might re-enter your credit card number, you might re-enter your bank account details, those are the sort of things people need to be on the lookout for and be conscious of that sort of threat. If it's too good to be true, it probably is a fraudster who's coming after your money.”

Rawlins also noted that AI technology is making phishing emails increasingly convincing, particularly in spear-phishing campaigns where stolen data is leveraged to mimic genuine communications.

Experts caution that relying solely on free antivirus tools or standard Android antivirus apps offers limited protection. While these can block known malware, they are less effective against deceptive emails that trick users into voluntarily revealing sensitive information.

A stronger defense involves practicing layered security—maintaining skepticism, exercising caution, and following strict cyber hygiene habits to minimize exposure
Read more »
Subscribe to: Posts (Atom)