Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Leaks. Show all posts
New York Times
Critical Data Data Breach Data Leaks data security Data Stolen DevOps Leak Source Code Mercedes Benz Microsoft New York Times

DevOps data breaches expose Microsoft, Schneider Electric, Mercedes-Benz, and New York Times

 

Source code forms the backbone of every digital enterprise, and platforms such as GitHub and Atlassian are trusted to safeguard this critical data. Yet, organizations must remember that under the Shared Responsibility Model, users retain accountability for the security of their data. Even the smallest mistake can trigger a devastating cascade, from large-scale leaks of proprietary code to stolen credentials and severe reputational and financial consequences. 

Recent breaches across industries highlight how valuable DevOps environments have become to cybercriminals. Companies as diverse as Mercedes-Benz, The New York Times, and Schneider Electric have all suffered from security lapses, showing that innovation without adequate protection leaves no organization immune. The growing threat landscape underscores the scale of the problem, with cyberattacks occurring roughly every 39 seconds worldwide. IBM has observed a 56% increase in active ransomware groups, while Cybersecurity Ventures predicts that cybercrime costs will rise from $10.5 trillion in 2025 to more than $15 trillion by 2029. The CISO’s Guide to DevOps Threats further identifies technology, fintech, and media as the sectors most at risk, with 59% of ransomware activity concentrated in the United States. Data breaches typically ripple beyond the initial target, affecting partners, customers, and supply chains. 

The ransomware group HellCat has demonstrated how exposed credentials can become a doorway to widespread damage. By exploiting stolen Atlassian Jira logins, they infiltrated global enterprises including Schneider Electric, Orange Group, Telefonica, Jaguar Land Rover, and Ascom. Schneider Electric alone had 40GB of data stolen in 2024, including user records, email addresses, and sensitive project information, with a ransom demand of $125,000. Telefonica was breached twice in 2025, losing over 100GB of internal documents and communications. Similar compromises at Jaguar Land Rover and Ascom revealed thousands of employee records and sensitive corporate data, illustrating how poor credential management fuels recurring attacks. 

Mismanaged access tokens also pose severe risks. Mercedes-Benz faced exposure when an employee accidentally embedded a GitHub token in a public repository, potentially granting attackers access to confidential assets like API keys and database credentials. Threat actors have also weaponized GitHub itself, using trojanized proof-of-concept code and malicious npm dependencies to exfiltrate hundreds of thousands of WordPress credentials and cloud keys. Even unexpected groups, such as fans of Disney’s discontinued Club Penguin, exploited exposed Confluence logins to access corporate files and developer resources. The New York Times confirmed that leaked credentials on a third-party code platform exposed 270GB of internal data, though it reported no operational disruption. 

The cumulative impact of these incidents is staggering, with terabytes of stolen data, millions of records exposed, and reputational harm that far exceeds immediate costs. As regulatory penalties intensify and compliance standards grow stricter, the financial fallout of DevOps data breaches is likely to escalate further, leaving organizations with little choice but to prioritize security at the core of their operations.
Read more »
User Data
Courier Scam Data Breach Data Leaks EC-Ship Hong Kong mailing system User Data

Cyberattack on EC-Ship Platform Exposes Personal Data of Thousands

 



Hong Kong, China — A recent cyberattack on Hongkong Post’s online mailing system has resulted in a major data breach affecting tens of thousands of users. According to officials, the hacker managed to access sensitive contact information from the EC-Ship platform, which is widely used for managing and sending mail.

Postmaster General Leonia Tai revealed that the attacker was able to view information stored in the address books of approximately 60,000 to 70,000 EC-Ship accounts. These records contained the names, addresses, email IDs, and phone numbers of both senders and recipients, as well as company names and fax numbers.

EC-Ship is a digital tool operated by the Hongkong Post, which helps individuals and businesses arrange mail deliveries locally and internationally. The platform allows users to save contact information, print shipping labels, and track parcels.

The breach began on Sunday night and continued into Monday. According to Tai, the attacker created a legitimate account on the platform and began exploring weaknesses in the system’s code. Though the system recognized unusual activity and temporarily suspended the attacker’s access, the hacker continued trying different techniques. Eventually, they discovered a flaw in the program’s code that allowed them to reach data stored in other users’ address books.

Tai stated that the issue was quickly identified and the affected programming code was patched to block further intrusions. However, the hacker had already extracted confidential information from a large number of users. The Hongkong Post has contacted affected account holders by email and asked them to alert anyone whose information may have been exposed.

Law enforcement agencies have launched an investigation into the incident. In the meantime, Hongkong Post is seeking expert advice to strengthen its digital defences.

Cybersecurity professionals have raised concerns over where the EC-Ship system is hosted. Some believe that sensitive systems like this should operate on government cloud servers, which offer more advanced protection. Tai responded that Hongkong Post follows standard security procedures and that their internal systems did detect and respond to the attack.

Efforts are now underway to migrate the EC-Ship service to a central government-managed internet platform that uses multiple layers of protection and round-the-clock monitoring. Officials hope this will reduce the chances of future incidents and better safeguard users’ data.

Read more »
xAI
Confidential Data Data Leaks DOGE Elon Musk Privacy X xAI

Sensitive AI Key Leak : A Wave of Security Concerns in U.S. Government Circles

 




A concerning security mistake involving a U.S. government employee has raised alarms over how powerful artificial intelligence tools are being handled. A developer working for the federal Department of Government Efficiency (DOGE) reportedly made a critical error by accidentally sharing a private access key connected to xAI, an artificial intelligence company linked to Elon Musk.

The leak was first reported after a programming script uploaded to GitHub, a public code-sharing platform, was found to contain login credentials tied to xAI’s system. These credentials reportedly unlocked access to at least 52 of the company’s internal AI models including Grok-4, one of xAI’s most advanced tools, similar in capacity to OpenAI’s GPT-4.

The employee, identified in reports as 25-year-old Marko Elez, had top-level access to various government platforms and databases. These include systems used by sensitive departments such as Homeland Security, the Justice Department, and the Social Security Administration.

The key remained active and publicly visible for a period of time before being taken down. This has sparked concerns that others may have accessed or copied the credentials while they were exposed.


Why It Matters

Security experts say this isn’t just a one-off mistake, it’s a sign that powerful AI systems may be handled too carelessly, even by insiders with government clearance. If the leaked key had been misused before removal, bad actors could have gained access to internal tools or extracted confidential data.

Adding to the concern, xAI has not yet issued a public response, and there’s no confirmation that the key has been fully disabled.

The leak also brings attention to DOGE’s track record. The agency, reportedly established to improve government tech systems, has seen past incidents involving poor internal cybersecurity practices. Elez himself has been previously linked to issues around unprofessional behavior online and mishandling of sensitive information.

Cybersecurity professionals say this breach is another reminder of the risks tied to mixing government projects with fast-moving private AI ventures. Philippe Caturegli, a cybersecurity expert, said the leak raises deeper questions about how sensitive data is managed behind closed doors.


What Comes Next

While no immediate harm to the public has been reported, the situation highlights the need for stricter rules around how digital credentials are stored, especially when dealing with cutting-edge AI technologies.

Experts are calling for better oversight, stronger internal protocols, and more accountability when it comes to government use of private AI tools.

For now, this case serves as a cautionary tale: even one small error like uploading a file without double-checking its contents can open up major vulnerabilities in systems meant to be secure.

Read more »
Social Media
2FA Action Fraud Data Leaks phishing Social Media

Huge Spike in Social Media and Email Hacks – Simple Ways to Protect Yourself

 


There has been a worrying rise in the number of people losing control of their social media and email accounts this year. According to recent data from Action Fraud, the UK’s national cybercrime reporting center, over 35,000 cases were reported in 2024. This is a huge increase compared to the 22,000 cases recorded the previous year.

To address this growing problem, Action Fraud has teamed up with Meta to start an online safety campaign. Their main goal is to help people secure their accounts by turning on two-step verification, also known as 2FA. This extra security step makes it much harder for hackers to break into accounts.

Hackers usually target social media or email profiles for money. Once they gain access, they often pretend to be the real user and reach out to the person’s friends or followers. Many times, they use these stolen accounts to promote fake investment schemes or sell fake event tickets. In other cases, hackers simply sell these hacked accounts to others who use them for illegal activities.

One trick commonly used by hackers is messaging the account owner’s contacts and convincing them to share security codes. Since the message appears to come from a trusted person, many people unknowingly share sensitive information, giving hackers further control.

Another method involves stealing login information through phishing scams or data leaks. If people use the same password for many sites, hackers can easily access multiple accounts once they crack one.

The good news is that there are simple ways to protect yourself. The most important step is enabling two-step verification on all your accounts. This adds an extra barrier by asking for a unique code when someone tries to log in, making it much tougher for hackers to get through even if they know your password.

Meta has also introduced face recognition technology to help users recover hacked accounts. Still, experts say prevention is always better than trying to fix the damage later.


Here are a few easy tips to protect your online accounts:

1. Always enable two-step verification wherever it is available.

2. Create strong and unique passwords for each account. Avoid using the same password more than once.

3. Be careful if someone you know suddenly asks for a security code — double-check if it’s really them.

4. Stay alert for suspicious links or emails asking for your login details — they could be phishing traps.

5. Keep an eye on your accounts for unusual activity or login attempts from unknown places.


With online scams increasing, staying careful and following these safety steps can help you avoid falling victim to account hacks. Taking action now can save you a lot of trouble later.

Read more »
unauthorized software
ChatGPT risks Cybersecurity Data Leaks Data protection Digital Assets Information Security privacy laws server vulnerabilities Shadow IT Technology unauthorized software

Mitigating the Risks of Shadow IT: Safeguarding Information Security in the Age of Technology

 

In today’s world, technology is integral to the operations of every organization, making the adoption of innovative tools essential for growth and staying competitive. However, with this reliance on technology comes a significant threat—Shadow IT.  

Shadow IT refers to the unauthorized use of software, tools, or cloud services by employees without the knowledge or approval of the IT department. Essentially, it occurs when employees seek quick solutions to problems without fully understanding the potential risks to the organization’s security and compliance.

Once a rare occurrence, Shadow IT now poses serious security challenges, particularly in terms of data leaks and breaches. A recent amendment to Israel’s Privacy Protection Act, passed by the Knesset, introduces tougher regulations. Among the changes, the law expands the definition of private information, aligning it with European standards and imposing heavy penalties on companies that violate data privacy and security guidelines.

The rise of Shadow IT, coupled with these stricter regulations, underscores the need for organizations to prioritize the control and management of their information systems. Failure to do so could result in costly legal and financial consequences.

One technology that has gained widespread usage within organizations is ChatGPT, which enables employees to perform tasks like coding or content creation without seeking formal approval. While the use of ChatGPT itself isn’t inherently risky, the lack of oversight by IT departments can expose the organization to significant security vulnerabilities.

Another example of Shadow IT includes “dormant” servers—systems connected to the network but not actively maintained. These neglected servers create weak spots that cybercriminals can exploit, opening doors for attacks.

Additionally, when employees install software without the IT department’s consent, it can cause disruptions, invite cyberattacks, or compromise sensitive information. The core risks in these scenarios are data leaks and compromised information security. For instance, when employees use ChatGPT for coding or data analysis, they might unknowingly input sensitive data, such as customer details or financial information. If these tools lack sufficient protection, the data becomes vulnerable to unauthorized access and leaks.

A common issue is the use of ChatGPT for writing SQL queries or scanning databases. If these queries pass through unprotected external services, they can result in severe data leaks and all the accompanying consequences.

Rather than banning the use of new technologies outright, the solution lies in crafting a flexible policy that permits employees to use advanced tools within a secure, controlled environment.

Organizations should ensure employees are educated about the risks of using external tools without approval and emphasize the importance of maintaining information security. Proactive monitoring of IT systems, combined with advanced technological solutions, is essential to safeguarding against Shadow IT.

A critical step in this process is implementing technologies that enable automated mapping and monitoring of all systems and servers within the organization, including those not directly managed by IT. These tools offer a comprehensive view of the organization’s digital assets, helping to quickly identify unauthorized services and address potential security threats in real time.

By using advanced mapping and monitoring technologies, organizations can ensure that sensitive information is handled in compliance with security policies and regulations. This approach provides full transparency on external tool usage, effectively reducing the risks posed by Shadow IT.
Read more »
VPN
Android Flaw Block Chain Cyber Bug Cyber Data Cyberattacks Cybersecurity Data Leaks DNS Mullvad Privacy VPN

Android Flaw Exposes DNS Queries Despite VPN Kill Switch

 


Several months ago, a Mullvad VPN user discovered that Android users have a serious privacy concern when using Mullvad VPN. Even with the Always-On VPN feature activated, which ensures that the VPN connection is always active, and with the "Block connections without VPN" setting active, which acts as a kill switch that ensures that only the VPN is the one that passes network traffic, it has been found that when switching between VPN servers, Android devices leak DNS queries. 

It is important to understand that enabling the "Block Connections Without VPN" option (also known as the kill switch) ensures that all network traffic and connections pass through an always-connected VPN tunnel, preventing prying eyes from tracking all Internet activity by users. During the investigation, Mullvad discovered that even with these features enabled in the latest version of Android (Android 14), a bug still leaks some DNS information. 

As a result, this bug may occur when you use apps that make direct calls to the getaddrinfo C function. The function provides protocol-independent translation from a text hostname to an IP address through the getaddrinfo function. When the VPN is active (and the DNS server is not configured) or when the VPN app re-configures the tunnel, crashes or is forced to stop, Android leaks DNS traffic. 

This leakage behaviour is not observed by apps that are solely based on Android's API, such as DNSResolver, Mullvad clarified. As a result, apps such as Flash Player and Chrome that currently have support for getting address information directly from the OS are susceptible to this issue since they can access the address information directly. This is rather concerning since it goes against what you would expect from the OS, even if security features are enabled. 

Users may want to use caution when using Android devices for sensitive tasks, and may even want to employ additional protective measures until Google addresses this bug and issues a patch that is compatible with both original Android and older versions of Android, in light of the severity of this privacy issue. 

The first DNS leak scenario, which occurs when the user changes the DNS server or switches to a different server, is easily mitigated if the VPN app is set to use a bogus DNS server at the same time. It has also failed to resolve the VPN tunnel reconnect DNS query leak, which is a significant issue for all other Android VPN apps because this issue is likely to affect all other VPN apps as well. 

Mullvad also discovered in October 2022 that, every time an Android device connected to a WiFi network, the device leaked DNS queries (such as IP addresses and DNS lookups), since the device was performing connectivity checks. Even when the "Always-on VPN" feature was enabled with the "Block connections without VPN" option enabled, Android devices still leaked DNS queries.

The leak of DNS traffic can potentially expose users' approximate locations and the online platforms they use as well as their precise locations, posing a serious threat to user privacy. Since this is a serious issue, it may be best to stop using Android devices for sensitive activities or to adapt additional safeguards to mitigate the risk of such leaks until Google fixes the bug and backports the patch to older versions of Android to mitigate the risk.
Read more »
threat analysis
3AM Conti Cyber Security cybercrime gangs Data Leaks intrusion tactics malware ranso Ransomware Royal Security Researchers threat analysis

Security Researchers Establish Connections Between 3AM Ransomware and Conti, Royal Cybercriminal Groups

 

Security researchers examining the operations of the recently surfaced 3AM ransomware group have unveiled strong connections with notorious entities like the Conti syndicate and the Royal ransomware gang.

The 3AM ransomware, also known as ThreeAM, has adopted a novel extortion strategy: publicly revealing data leaks to victims' social media followers and utilizing bots to respond to influential accounts on X (formerly Twitter), directing them to the compromised data.

Initially observed by Symantec's Threat Hunter Team in mid-September, 3AM gained attention after threat actors shifted from deploying LockBit malware. According to French cybersecurity firm Intrinsec, ThreeAM is likely affiliated with the Royal ransomware group, now rebranded as Blacksuit, consisting of former members of Team 2 within the Conti syndicate.

As Intrinsec delved into their investigation, they found substantial overlap in communication channels, infrastructure, and tactics between 3AM and the Conti syndicate. Notably, an IP address listed by Symantec as a network indicator of compromise led researchers to a PowerShell script for dropping Cobalt Strike on VirusTotal.

Further investigation uncovered a SOCKS4 proxy on TCP port 8000, a TLS certificate associated with an RDP service, and HTML content from 3AM's data leak site indexed by the Shodan platform. The servers involved were traced back to the Lithuanian hosting company, Cherry Servers, known for hosting malware despite having a low fraud risk.

Intrinsec's findings aligned with a report from Bridewell, connecting the IP subnet to the ALPHV/BlackCat ransomware operation. This group, not part of the Conti syndicate but allied, was identified as having ties to IcedID malware used in Conti attacks.

In addition to technical details, Intrinsec uncovered 3AM's experiment with a new extortion technique. The gang set up a Twitter account in August, using it to reply to tweets from victims and high-profile accounts, linking to the data leak site on the Tor network. Intrinsec suspected the use of a Twitter bot for a name-and-shame campaign, noting an unusually high volume of automated replies.

Despite 3AM's perceived lack of sophistication compared to Royal, the researchers cautioned against underestimating its potential for deploying numerous attacks. The article concludes with a broader context on the Conti syndicate, its dissolution, and the emergence of affiliated groups like Royal ransomware.
Read more »
sensitive credential
cyber attack Cyber Attacks Data Leaks Free Leaksmas sensitive credential

Hackers Leak 50 Million Records in 'Free Leaksmas' Spree

Just before Christmas, hackers leaked around 50 million records full of private information. They shared these leaks on the Dark Web under the name "Free Leaksmas." It seems like they were doing this to thank each other and attract new customers during the busy holiday season. 

According to cybersecurity company Resecurity, they noticed that right before Christmas Eve, various hackers released a lot of data all at once. Some of this data seemed to come from previous security breaches, but there were also new breaches involved. The information was either stolen or copied from people worldwide. 

“Numerous leaks disseminated in the underground cyber world were tagged with 'Free Leaksmas,' indicating that these significant leaks were shared freely among various cybercriminals as a form of mutual gratitude”, Resecurity wrote on its website. 

One of the largest data releases came from a hack at the Peruvian telecom company Movistar. In this data dump, there were about 22 million records with sensitive information like customer phone numbers and DNI numbers (which are the main IDs for people in Peru). 

Other big leaks around Leaksmas included one with 2.5 million records from a Vietnamese fashion store's customers and another with 1.5 million records from a French company's customers. 

“A significant event during the 'Leaksmas' in the Dark Web involved the release of a large dataset from Movistar, a leading telecommunications provider in Peru. This dataset contained over 22 million records, including customers' phone numbers and DNI (Documento Nacional de Identidad) numbers”, Resecurity added. 

Not all the shared data Resecurity noticed during the holidays were from recent hacks; some seemed to be from older incidents. For instance, there was info about customers from a Swedish fintech company, Klarna. The hackers might have gotten this data from a rumoured (though not officially confirmed) breach in 2022. 

Another example was a data dump with 2 million records from customers of a Mexican bank. Resecurity's analysis suggested it might have come from a breach in 2021 or 2022. Over the holidays, cybersecurity experts found groups like SeigedSec and "Five Families" sharing stolen data online. 

SeigedSec targeted critical infrastructure in Israel and claimed responsibility for a breach in the Idaho National Laboratory. "Five Families" stole records from a Chinese store due to labour issues. Some criminals selling credit card data offered discounts. Cybercriminals are keen on getting personal info and exploiting weaknesses in websites and software.
Read more »
Subscribe to: Posts (Atom)