The leaked database, which reportedly contains 6 million records, has been compressed to a file size of 1.59 gigabytes. While the full extent of the exposed information is unknown, the leaked data includes email addresses, usernames, user IDs, and IP addresses.
The first and most obvious action is changing your Pinterest password and the related email address. Knowing even a few of your details can allow hackers to piece together information and cause you major difficulties.
Of course, you know not to use the same password for many things, right? If you are guilty of that cardinal sin, change your password everywhere and use one of the best password organizers to create a safe password that you will not forget. Use two-factor authentication to provide maximum security.
If your data has been hacked, you are likely to become the victim of other phishing efforts. Be cautious when clicking dodgy links, and not simply in messages on your Pinterest account.
When using your email account, use caution; any communication that does not appear to come from a known source may be a hoax. Attachments should be treated with caution since they could contain malware.
One of the best VPNs might help you protect yourself from phishing frauds. Nord and Surfshark offer built-in anti-virus with their memberships, while Nord's Threat Protection Pro product is a proven anti-phishing champion.
Currently, Pinterest has not issued an official statement regarding the reported hack. The Cyber Press team has contacted Pinterest to warn them of the data leak and is awaiting their response.
If proven, this data leak might have serious ramifications for Pinterest. The company may incur significant operating costs in investigating the hack and alerting affected users.
As the issue evolves, users should actively check their accounts and look for any formal statements from Pinterest regarding the potential data loss.
The greatest method to avoid becoming a victim of a data breach is to use extreme caution while disclosing your personal information. Give websites only what they need; having a VPN enabled prevents many trackers and encrypts your data on both ends, preventing hackers from making sense of it. VPN services frequently have zero-logs policies, which means hackers have nothing to work with.
A recent security incident at OpenAI serves as a reminder that AI companies have become prime targets for hackers. Although the breach, which came to light following comments by former OpenAI employee Leopold Aschenbrenner, appears to have been limited to an employee discussion forum, it underlines the steep value of data these companies hold and the growing threats they face.
The New York Times detailed the hack after Aschenbrenner labelled it a “major security incident” on a podcast. However, anonymous sources within OpenAI clarified that the breach did not extend beyond an employee forum. While this might seem minor compared to a full-scale data leak, even superficial breaches should not be dismissed lightly. Unverified access to internal discussions can provide valuable insights and potentially lead to more severe vulnerabilities being exploited.
AI companies like OpenAI are custodians of incredibly valuable data. This includes high-quality training data, bulk user interactions, and customer-specific information. These datasets are crucial for developing advanced models and maintaining competitive edges in the AI ecosystem.
Training data is the cornerstone of AI model development. Companies like OpenAI invest vast amounts of resources to curate and refine these datasets. Contrary to the belief that these are just massive collections of web-scraped data, significant human effort is involved in making this data suitable for training advanced models. The quality of these datasets can impact the performance of AI models, making them highly coveted by competitors and adversaries.
OpenAI has amassed billions of user interactions through its ChatGPT platform. This data provides deep insights into user behaviour and preferences, much more detailed than traditional search engine data. For instance, a conversation about purchasing an air conditioner can reveal preferences, budget considerations, and brand biases, offering invaluable information to marketers and analysts. This treasure trove of data highlights the potential for AI companies to become targets for those seeking to exploit this information for commercial or malicious purposes.
Many organisations use AI tools for various applications, often integrating them with their internal databases. This can range from simple tasks like searching old budget sheets to more sensitive applications involving proprietary software code. The AI providers thus have access to critical business information, making them attractive targets for cyberattacks. Ensuring the security of this data is paramount, but the evolving nature of AI technology means that standard practices are still being established and refined.
AI companies, like other SaaS providers, are capable of implementing robust security measures to protect their data. However, the inherent value of the data they hold means they are under constant threat from hackers. The recent breach at OpenAI, despite being limited, should serve as a warning to all businesses interacting with AI firms. Security in the AI industry is a continuous, evolving challenge, compounded by the very AI technologies these companies develop, which can be used both for defence and attack.
The OpenAI breach, although seemingly minor, highlights the critical need for heightened security in the AI industry. As AI companies continue to amass and utilise vast amounts of valuable data, they will inevitably become more attractive targets for cyberattacks. Businesses must remain vigilant and ensure robust security practices when dealing with AI providers, recognising the gravity of the risks and responsibilities involved.
GitLab is a prominent web-based open-source software project management and task tracking tool. There are an estimated one million active license users.
The security problem resolved in the most recent update is identified as CVE-2024-5655 and has a severity level of 9.6 out of 10. Under some conditions, which the vendor did not specify, an attacker might exploit it to execute a pipeline as another user.
GitLab pipelines are a component of the Continuous Integration/Continuous Deployment (CI/CD) system that allows users to build, test, and deploy code changes by running processes and tasks automatically, either in parallel or sequentially.
The vulnerability affects all GitLab CE/EE versions, including 15.8 through 16.11.4, 17.0.0 to 17.0.2, and 17.1.0 to 17.1.0.
GitLab has resolved the vulnerability by releasing versions 17.1.1, 17.0.3, and 16.11.5, and users are encouraged to install the patches as soon as possible.
The vulnerability allows an attacker to trigger a pipeline as any user within the GitLab environment. In other words, an unauthorized individual can execute code within a project’s pipeline, even if they don’t have the necessary permissions. This could lead to several serious consequences:
Unauthorized Access to Sensitive Code: An attacker gains access to private repositories and sensitive code by exploiting this vulnerability. This compromises the confidentiality of intellectual property, proprietary algorithms, and other valuable assets stored in GitLab.
Data Leakage: The ability to run pipelines as any user means that an attacker can potentially leak data, including credentials, API keys, and configuration files. This information leakage could have severe implications for an organization’s security posture.
Malicious Code Execution: An attacker could inject malicious code into pipelines, leading to unintended actions. For instance, they might introduce backdoors, modify code, or execute arbitrary commands.
The vulnerability impacts specific versions of GitLab:
GitLab promptly addressed this issue by releasing updates that fix the vulnerability:
Upgrade GitLab: Update your GitLab installation to a patched version. GitLab has provided patches for the affected releases, so ensure you apply them promptly.
Review Permissions: Audit user permissions within your GitLab projects. Limit pipeline execution rights to authorized users only.
Monitor Pipelines: Keep an eye on pipeline activity. Unusual or unexpected pipeline runs should be investigated promptly.
UnitedHealth has disclosed for the first time what types of medical and patient data were stolen in the huge Change Healthcare ransomware assault, claiming that data breach notifications will be sent out in July.
On Thursday, UnitedHealth issued a data breach notification, saying that the ransomware attack exposed a "substantial quantity of data" to a "substantial proportion of people in the US."
While UnitedHealth has not disclosed how many people were affected, CEO Andrew Witty indicated during a congressional hearing that "maybe a third" of all Americans' health data was compromised in the hack.
Personal Details: The stolen information includes personal identifiers such as names, addresses, and Social Security numbers. These details are valuable for identity theft and fraudulent activities.
Government Identity Documents: The breach exposed government-issued identification documents, such as driver’s licenses and passports. This poses a significant risk to affected individuals, as criminals can misuse these documents for various purposes.
Health Records: The most concerning aspect is the exposure of health records. These records contain diagnoses, treatment plans, medications, test results, and other confidential medical information. Imagine the consequences if this data falls into the wrong hands.
The impact of the Change Healthcare breach is far-reaching:
Individuals: Patients whose data was compromised face potential harm. Their privacy is violated, and they may suffer financial losses due to identity theft. Moreover, health-related information can be exploited for targeted scams or even blackmail.
Healthcare Providers: Change Healthcare’s reputation is tarnished, and trust among healthcare providers is eroded. The breach highlights vulnerabilities in the industry, prompting urgent security improvements.
Regulatory Compliance: The breach triggers legal obligations. Change Healthcare must notify affected individuals, regulators, and relevant authorities. Compliance with data breach notification laws is crucial.