Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Personal Information. Show all posts
Personal Information
2FA API Data Breach Data Leak Instagram Meta Personal Information

Instagram Refutes Breach Allegations After Claims of 17 Million User Records Circulating Online

 



Instagram has firmly denied claims of a new data breach following reports that personal details linked to more than 17 million accounts are being shared across online forums. The company stated that its internal systems were not compromised and that user accounts remain secure.

The clarification comes after concerns emerged around a technical flaw that allowed unknown actors to repeatedly trigger password reset emails for Instagram users. Meta, Instagram’s parent company, confirmed that this issue has been fixed. According to the company, the flaw did not provide access to accounts or expose passwords. Users who received unexpected reset emails were advised to ignore them, as no action is required.

Public attention intensified after cybersecurity alerts suggested that a large dataset allegedly connected to Instagram accounts had been released online. The data, which was reportedly shared without charge on several hacking forums, was claimed to have been collected through an unverified Instagram API vulnerability dating back to 2024.

The dataset is said to include information from over 17 million profiles. The exposed details reportedly vary by record and include usernames, internal account IDs, names, email addresses, phone numbers, and, in some cases, physical addresses. Analysis of the data shows that not all records contain complete personal details, with some entries listing only basic identifiers such as a username and account ID.

Researchers discussing the incident on social media platforms have suggested that the data may not be recent. Some claim it could originate from an older scraping incident, possibly dating back to 2022. However, no technical evidence has been publicly provided to support these claims. Meta has also stated that it has no record of Instagram API breaches occurring in either 2022 or 2024.

Instagram has previously dealt with scraping-related incidents. In one earlier case, a vulnerability allowed attackers to collect and sell personal information associated with millions of accounts. Due to this history, cybersecurity experts believe the newly surfaced dataset could be a collection of older information gathered from multiple sources over several years, rather than the result of a newly discovered vulnerability.

Attempts to verify the origin of the data have so far been unsuccessful. The individual responsible for releasing the dataset did not respond to requests seeking clarification on when or how the information was obtained.

At present, there is no confirmation that this situation represents a new breach of Instagram’s systems. No evidence has been provided to demonstrate that the data was extracted through a recently exploited flaw, and Meta maintains that there has been no unauthorized access to its infrastructure.

While passwords are not included in the leaked information, users are still urged to remain cautious. Such datasets are often used in phishing emails, scam messages, and social engineering attacks designed to trick individuals into revealing additional information.

Users who receive password reset emails or login codes they did not request should delete them and take no further action. Enabling two-factor authentication is fiercely recommended, as it provides an added layer of security against unauthorized access attempts.


Read more »
Shinhan Card
Credit Card Data Breach Personal Information Regulatory Compliance Shinhan Card

Shinhan Card Faces Regulatory Review Over Internal Data Sharing Incident

 



Shinhan Card, one of South Korea’s largest credit card companies, has disclosed a data leak involving the personal information of approximately 192,000 merchants. The company confirmed the incident on Tuesday and said it has notified the Personal Information Protection Commission, the country’s data protection regulator.

The affected individuals are self-employed merchants who operate franchised businesses and had provided personal information during standard onboarding and contract procedures. According to Shinhan Card, the exposed data was limited in nature and did not include sensitive financial or identification details.

The company stated that information such as credit card numbers, bank account data, citizen registration numbers, and credit records were not compromised. Based on its current review, Shinhan Card said there is no evidence that the leaked information has been misused.


Incident Linked to Internal Handling, Not External Attack

Shinhan Card clarified that the incident did not involve hacking or unauthorized system access from outside the organization. Instead, the company believes the leak resulted from improper internal data handling.

Preliminary findings indicate that an employee at one of the company’s sales branches shared merchant information with a card recruiter for sales-related purposes. The data transfer reportedly violated internal policies governing the use and distribution of personal information.

The company said the internal channel used to transmit the data has since been blocked. An internal investigation was launched immediately after the issue was identified, and Shinhan Card is reviewing employee access controls and oversight mechanisms.

Most of the leaked records consisted of mobile phone numbers, accounting for around 180,000 cases. In approximately 8,000 instances, phone numbers were shared alongside merchant names. A smaller portion of the records also included additional personal details such as date of birth and gender.

Shinhan Card stated that its investigation did not uncover any cases where more sensitive personal or financial data was included in the leak. The company also said that no confirmed cases of fraud, identity theft, or other misuse linked to the exposed information have been reported to date.

The affected data belongs to merchants who signed agreements with Shinhan Card between March 2022 and May 2025.


Regulatory Notification and Review Process

The issue first came to the attention of authorities last month, when a report was submitted to the Personal Information Protection Commission. Following the initial notification, the regulator requested additional documentation to assess the scope of the incident and determine how the data was handled.

Shinhan Card formally reported the breach to the commission on December 23, in line with South Korea’s data protection disclosure requirements. The company said it continues to cooperate with the regulator as the review process remains ongoing.


Company Response and Merchant Guidance

In response to the incident, Shinhan Card issued a public apology and published detailed information through its website and mobile application. A dedicated service page has been made available to allow merchants to check whether their personal data was affected.

The company has advised merchants to remain cautious of suspicious calls, messages, or unsolicited contact attempts, even though no misuse has been confirmed so far. Shinhan Card said it is strengthening internal controls and reviewing how personal data is accessed and shared within the organization.

Regulatory authorities have not yet announced whether corrective measures or penalties will follow. Shinhan Card has said it will continue cooperating with the review while monitoring for any signs of misuse related to the exposed data.



Read more »
Spyware
Android Cyber Phishing Financial Data iOS malware Personal Information Spyware

How To Tell If Spyware Is Hiding On Your Phone And What To Do About It

 



Your smartphone stores personal conversations, financial data, photos, and daily movements. This concentration of information makes it attractive to attackers who rely on spyware. Spyware is malicious software that pretends to be a useful app while silently collecting information. It can arrive through phishing messages, deceptive downloads, fake mobile tools, or through legitimate apps that receive harmful updates. Even monitoring tools designed for parents or employers can be misused to track someone without their knowledge.

Spyware exists in multiple forms. One common category is nuisanceware, which appears with legitimate apps and focuses on showing unwanted ads, altering browser settings, and gathering browsing data for advertisers. Although it does not usually damage the device, it still disrupts user activity and profits from forced ad interactions. Broader mobile spyware goes further by pulling system information, clipboard content, login credentials, and data linked to financial accounts. These threats rely on tricking users through harmful emails, unsafe attachments, social media links, fake text messages, or direct physical access.

A more aggressive class of spyware overlaps with stalkerware and can monitor nearly every action on a victim’s device. These tools read messages across different platforms, intercept calls, capture audio from the environment, trigger the camera, take screenshots, log keystrokes, track travel routes, and target social media platforms. They are widely associated with domestic abuse because they allow continuous surveillance of a person’s communication and location. At the highest end is commercial spyware sold to governments. Tools like Pegasus have been used against journalists, activists, and political opponents, although everyday users are rarely targeted due to the high cost of these operations.

There are several early signs of an attempted spyware install. Strange emails, unexpected social media messages, or SMS alerts urging you to click a link are often the first step. Attackers frequently use urgent language to pressure victims into downloading malicious files, including fake delivery notices or warnings framed as bank or tax office messages. Sometimes these messages appear to come from a trusted contact. Stalkerware may require physical access, which means a phone that briefly goes missing and returns with new settings or apps could have been tampered with.

Once spyware is installed, your phone may behave differently. Rapid battery drain, overheating, sudden reboots, location settings turning on without reason, or a sharp increase in mobile data use can indicate that data is being transmitted secretly. Some variants can subscribe victims to paid services or trigger unauthorized financial activity. Even harmless apps can turn malicious through updates, so new problems after installing an app deserve attention.

On Android devices, users can review settings that control installations from outside official stores. This option usually appears in Settings > Security > Allow unknown sources, although the exact location depends on the manufacturer. Another path to inspect is Apps > Menu > Special Access > Install unknown apps, which lists anything permitted to install packages. This check is not completely reliable because many spyware apps avoid appearing in the standard app view.

Some spyware hides behind generic names and icons to blend in with normal tools such as calculators, calendars, utilities, or currency converters. If an unfamiliar app shows up, running a quick search can help determine whether it belongs to legitimate software.

For iPhones that are not jailbroken, infection is generally harder unless attackers exploit a zero-day or an unpatched flaw. Risks increase when users delay firmware updates or do not run routine security scans. While both platforms can show signs of compromise, sophisticated spyware may remain silent.

Some advanced surveillance tools operate without leaving noticeable symptoms. These strains can disguise themselves as system services and limit resource use to avoid attention.

Removing spyware is challenging because these tools are designed to persist. Most infections can be removed, but some cases may require a full device reset or, in extreme scenarios, replacing the device. Stalkerware operators may also receive alerts when their access is disrupted, and a sudden halt in data flow can signal removal.

If removing spyware could put someone at physical risk, they should avoid tampering with the device and involve law enforcement or relevant support groups.

Several approaches can help remove mobile spyware:

1. Run a malware scan: Reputable mobile antivirus tools can detect many common spyware families, though they may miss advanced variants.

2. Use dedicated removal tools: Specialized spyware removal software can help, but it must only be downloaded from trusted sources to avoid further infection.

3. Remove suspicious apps: Reviewing installed applications and deleting anything unfamiliar or unused may eliminate threats.

4. Check device administrator settings: Spyware may grant itself administrator rights. If such apps cannot be removed normally, a factory reset might be necessary.

5. Boot into Safe Mode: Safe Mode disables third-party apps temporarily, making removal easier, though advanced spyware may still persist.

6. Update the operating system: Patches often close security gaps that spyware relies on.


After discovering suspicious activity, users should take additional security steps. First, change passwords and enable biometrics: Resetting passwords on a separate device and enabling biometric locks strengthens account and device security. Secondly, create a new email address: A private email account can help regain control of linked services without alerting a stalkerware operator.

Advanced, commercial spyware demands stronger precautions. Research-based recommendations include:

• Reboot the device daily to disrupt attacks that rely on temporary exploits.

• Disable iMessage and FaceTime on iOS, as they are frequent targets for exploitation.

• Use alternative browsers such as Firefox Focus or Tor Browser to reduce exposure from browser-based exploits.

• Use a trusted VPN and jailbreak detection tools to protect against network and system-level intrusion.

• Use a separate secure device like those running GrapheneOS for sensitive communication.

Reducing the risk of future infections requires consistent precautions:

• Maintain physical device security through PINs, patterns, or biometrics.

• Install system updates as soon as they are released.

• Run antivirus scans regularly.

• Avoid apps from unofficial sources.

• Enable built-in security scanners for new installations.

• Review app permissions routinely and remove intrusive apps.

• Be cautious of suspicious links.

• Avoid jailbreaking the device.

• Enable multi-factor authentication, keeping in mind that spyware may still capture some verification codes.



Read more »
Youtube
Age Verification Artificial Intelligence Biometric data Personal Information Privacy Spotify Youtube

Big Tech’s New Rule: AI Age Checks Are Rolling Out Everywhere

 



Large online platforms are rapidly shifting to biometric age assurance systems, creating a scenario where users may lose access to their accounts or risk exposing sensitive personal information if automated systems make mistakes.

Online platforms have struggled for decades with how to screen underage users from adult-oriented content. Everything from graphic music tracks on Spotify to violent clips circulating on TikTok has long been available with minimal restrictions.

Recent regulatory pressure has changed this landscape. Laws such as the United Kingdom’s Online Safety Act and new state-level legislation in the United States have pushed companies including Reddit, Spotify, YouTube, and several adult-content distributors to deploy AI-driven age estimation and identity verification technologies. Pornhub’s parent company, Aylo, is also reevaluating whether it can comply with these laws after being blocked in more than a dozen US states.

These new systems require users to hand over highly sensitive personal data. Age estimation relies on analyzing one or more facial photos to infer a user’s age. Verification is more exact, but demands that the user upload a government-issued ID, which is among the most sensitive forms of personal documentation a person can share online.

Both methods depend heavily on automated facial recognition algorithms. The absence of human oversight or robust appeals mechanisms magnifies the consequences when these tools misclassify users. Incorrect age estimation can cut off access to entire categories of content or trigger more severe actions. Similar facial analysis systems have been used for years in law enforcement and in consumer applications such as Google Photos, with well-documented risks and misidentification incidents.

Refusing these checks often comes with penalties. Many services will simply block adult content until verification is completed. Others impose harsher measures. Spotify, for example, warns that accounts may be deactivated or removed altogether if age cannot be confirmed in regions where the platform enforces a minimum age requirement. According to the company, users are given ninety days to complete an ID check before their accounts face deletion.

This shift raises pressing questions about the long-term direction of these age enforcement systems. Companies frequently frame them as child-safety measures, but users are left wondering how long these platforms will protect or delete the biometric data they collect. Corporate promises can be short-lived. Numerous abandoned websites still leak personal data years after shutting down. The 23andMe bankruptcy renewed fears among genetic testing customers about what happens to their information if a company collapses. And even well-intentioned apps can create hazards. A safety-focused dating application called Tea ended up exposing seventy-two thousand users’ selfies and ID photos after a data breach.

Even when companies publicly state that they do not retain facial images or ID scans, risks remain. Discord recently revealed that age verification materials, including seventy thousand IDs, were compromised after a third-party contractor called 5CA was breached.

Platforms assert that user privacy is protected by strong safeguards, but the details often remain vague. When asked how YouTube secures age assurance data, Google offered only a general statement claiming that it employs advanced protections and allows users to adjust their privacy settings or delete data. It did not specify the precise security controls in place.

Spotify has outsourced its age assurance system to Yoti, a digital identity provider. The company states that it does not store facial images or ID scans submitted during verification. Yoti receives the data directly and deletes it immediately after the evaluation, according to Spotify. The platform retains only minimal information about the outcome: the user’s age in years, the method used, and the date the check occurred. Spotify adds that it uses measures such as pseudonymization, encryption, and limited retention policies to prevent unauthorized access. Yoti publicly discloses some technical safeguards, including use of TLS 1.2 by default and TLS 1.3 where supported.

Privacy specialists argue that these assurances are insufficient. Adam Schwartz, privacy litigation director at the Electronic Frontier Foundation, told PCMag that facial scanning systems represent an inherent threat, regardless of whether they are being used to predict age, identity, or demographic traits. He reiterated the organization’s stance supporting a ban on government deployment of facial recognition and strict regulation for private-sector use.

Schwartz raises several issues. Facial age estimation is imprecise by design, meaning it will inevitably classify some adults as minors and deny them access. Errors in facial analysis also tend to fall disproportionately on specific groups. Misidentification incidents involving people of color and women are well documented. Google Photos once mislabeled a Black software engineer and his friend as animals, underlining systemic flaws in training data and model accuracy. These biases translate directly into unequal treatment when facial scans determine whether someone is allowed to enter a website.

He also warns that widespread facial scanning increases privacy and security risks because faces function as permanent biometric identifiers. Unlike passwords, a person cannot replace their face if it becomes part of a leaked dataset. Schwartz notes that at least one age verification vendor has already suffered a breach, underscoring material vulnerabilities in the system.

Another major problem is the absence of meaningful recourse when AI misjudges a user’s age. Spotify’s approach illustrates the dilemma. If the algorithm flags a user as too young, the company may lock the account, enforce viewing restrictions, or require a government ID upload to correct the error. This places users in a difficult position, forcing them to choose between potentially losing access or surrendering more sensitive data.

Do not upload identity documents unless required, check a platform’s published privacy and retention statements before you comply, and use account recovery channels if you believe an automated decision is wrong. Companies and regulators must do better at reducing vendor exposure, increasing transparency, and ensuring appeals are effective. 

Despite these growing concerns, users continue to find ways around verification tools. Discord users have discovered that uploading photos of fictional characters can bypass facial age checks. Virtual private networks remain a viable method for accessing age-restricted platforms such as YouTube, just as they help users access content that is regionally restricted. Alternative applications like NewPipe offer similar functionality to YouTube without requiring formal age validation, though these tools often lack the refinement and features of mainstream platforms.


Read more »
Personal Information
cybercriminals Data Breach Data Leak Data protection data security Financial Information Personal Information

Where Your Data Goes After a Breach and How to Protect Yourself

 

Data breaches happen every day—and they’re almost never random. Most result from deliberate, targeted cyberattacks or the exploitation of weak security systems that allow cybercriminals to infiltrate networks and steal valuable data. These breaches can expose email addresses, passwords, credit card details, Social Security numbers, medical records, and even confidential business documents. While it’s alarming to think about, understanding what happens after your data is compromised is key to knowing how to protect yourself.  

Once your information is stolen, it essentially becomes a commodity traded for profit. Hackers rarely use the data themselves. Instead, they sell it—often bundled with millions of other records—to other cybercriminals who use it for identity theft, fraud, or extortion. In underground networks, stolen information has its own economy, with prices fluctuating depending on how recent or valuable the data is. 

The dark web is the primary marketplace for stolen information. Hidden from regular search engines, it provides anonymity for sellers and buyers of credit cards, logins, and personal identifiers. Beyond that, secure messaging platforms such as Telegram and Signal are also used to trade stolen data discreetly, thanks to their encryption and privacy features. Some invite-only forums on the surface web also serve as data exchange hubs, while certain hacktivists or whistleblowers may release stolen data publicly to expose unethical practices. Meanwhile, more sophisticated cybercriminal groups operate privately, sharing or selling data directly to trusted clients or other hacker collectives. 

According to reports from cybersecurity firm PrivacyAffairs, dark web markets offer everything from bank login credentials to passports and crypto wallets. Payment card data—often used in “carding” scams—remains one of the most traded items. Similarly, stolen social media and email accounts are in high demand, as they allow attackers to launch phishing campaigns or impersonate victims. Even personal documents such as birth certificates or national IDs are valuable for identity theft schemes. 

Although erasing your personal data from the internet entirely is nearly impossible, there are ways to limit your exposure. Start by using strong, unique passwords managed through a reputable password manager, and enable multi-factor authentication wherever possible. A virtual private network (VPN) adds another layer of protection by encrypting your internet traffic and preventing data collection by third parties. 

It’s also wise to tighten your social media privacy settings and avoid sharing identifiable details such as your workplace, home address, or relationship status. Be cautious about what information you provide to websites and services—especially when signing up or making purchases. Temporary emails, one-time payment cards, and P.O. boxes can help preserve your anonymity online.  

If you discover that your data was part of a breach, act quickly. Monitor all connected accounts for suspicious activity, reset compromised passwords, and alert your bank or credit card provider if financial details were involved. For highly sensitive leaks, such as stolen ID numbers, consider freezing your credit report to prevent identity fraud. Data monitoring services can also help by tracking the dark web for mentions of your personal information.

In today’s digital world, data is currency—and your information is one of the most valuable assets you own. Staying vigilant, maintaining good cyber hygiene, and using privacy tools are your best defenses against becoming another statistic in the global data breach economy.
Read more »
Personal Information
Dark Web Data Breach data security Data Theft Discord Discord Users leaked sensitive data personal data security Personal Information

Nearly Two Billion Discord Messages Scraped and Sold on Dark Web Forums

 

Security experts have raised alarms after discovering that a massive collection of Discord data is being offered for sale on underground forums. According to researchers at Cybernews, who reviewed the advertisement, the archive reportedly contains close to two billion messages scraped from the platform, alongside additional sensitive information. The dataset allegedly includes 1.8 billion chat messages, records of 35 million users, 207 million voice sessions, and data from 6,000 servers, all available to anyone willing to pay. 

Discord, a platform widely used for gaming, social communities, and professional groups, enables users to connect via text, voice, and video across servers organized around different interests. Many of these servers are open to the public, meaning their content—including usernames, conversations, and community activity—can be accessed by anyone who joins. While much of this information is publicly visible, the large-scale automated scraping of data still violates Discord’s Terms of Service and could potentially breach data protection regulations such as the EU’s General Data Protection Regulation (GDPR) or California’s Consumer Privacy Act (CCPA).

The true sensitivity of the dataset remains unclear, as no full forensic analysis has been conducted. It is possible that a significant portion of the messages and voice records were collected from publicly accessible servers, which would reduce—but not eliminate—the privacy concerns. However, the act of compiling, distributing, and selling this information at scale introduces new risks, such as the misuse of user data for surveillance, targeted phishing, or identity exploitation. 

Discord has faced similar challenges before. In April 2024, a service known as Spy.Pet attempted to sell billions of archived chat logs from the platform. That operation was swiftly shut down by Discord, which banned the associated accounts and confirmed that the activity violated its rules. At the time, the company emphasized that automated scraping and self-botting were not permitted under its Terms of Service and stated it was exploring possible legal action against offenders. 

The recurrence of large-scale scraping attempts highlights the ongoing tension between the open nature of platforms like Discord and the privacy expectations of their users. While public servers are designed for accessibility and community growth, they can also be exploited by malicious actors seeking to harvest data en masse. Even if the information being sold in the latest case is largely public, the potential to cross-reference user activity across communities raises broader concerns about surveillance and abuse. 

As of now, Discord has not issued an official statement on this latest incident, but based on previous responses, it is likely the company will take steps to disrupt the sale and enforce its policies against scraping. The incident serves as another reminder that users on open platforms should remain mindful of the visibility of their activity and that service providers must continue to balance openness with strong protections against data misuse.
Read more »
Personal Information
Cyber Security Data Privacy Data protection data security Data Surveillance Personal Data Personal Information

New York Lawmaker Proposes Bill to Regulate Gait Recognition Surveillance

 

New York City’s streets are often packed with people rushing to work, running errands, or simply enjoying the day. For many residents, walking is faster than taking the subway or catching a taxi. However, a growing concern is emerging — the way someone walks could now be tracked, analyzed, and used to identify them. 

City Councilmember Jennifer Gutierrez is seeking to address this through new legislation aimed at regulating gait recognition technology. This surveillance method can identify people based on the way they move, including their walking style, stride length, and posture. In some cases, it even factors in other unique patterns, such as vocal cadence. 

Gutierrez’s proposal would classify a person’s gait as “personal identifying information,” giving it the same protection as highly sensitive data, including tax or medical records. Her bill also requires that individuals be notified if city agencies are collecting this type of information. She emphasized that most residents are unaware their movements could be monitored, let alone stored for future analysis. 

According to experts, gait recognition technology can identify a person from as far as 165 feet away, even if they are walking away from the camera. This capability makes it an appealing tool for law enforcement but raises significant privacy questions. While Gutierrez acknowledges its potential in solving crimes, she stresses that everyday New Yorkers should not have their personal characteristics tracked without consent. 

Public opinion is divided. Privacy advocates argue the technology poses a serious risk of misuse, such as mass tracking without warrants or transparency. Supporters of its use believe it can be vital for security and public safety when handled with proper oversight. 

Globally, some governments have already taken steps to regulate similar surveillance tools. The European Union enforces strict rules on biometric data collection, and certain U.S. states have introduced laws to address privacy risks. However, experts warn that advancements in technology often move faster than legislation, making it difficult to implement timely safeguards. 

The New York City administration is reviewing Gutierrez’s bill, while the NYPD’s use of gait recognition for criminal investigations would remain exempt under the proposed law. The debate continues over whether this technology’s benefits outweigh the potential erosion of personal privacy in one of the world’s busiest cities.
Read more »
Personal Information
customer data compromise customer data leak customer data privacy Data Breach Data Leak Data Privacy data security Database Leaked Fashion Retailer Personal Information

SABO Fashion Brand Exposes 3.5 Million Customer Records in Major Data Leak

 

Australian fashion retailer SABO recently faced a significant data breach that exposed sensitive personal information of millions of customers. The incident came to light when cybersecurity researcher Jeremiah Fowler discovered an unsecured database containing over 3.5 million PDF documents, totaling 292 GB in size. The database, which had no password protection or encryption, was publicly accessible online to anyone who knew where to look. 

The leaked records included a vast amount of personally identifiable information (PII), such as names, physical addresses, phone numbers, email addresses, and other order-related data of both retail and business clients. According to Fowler, the actual number of affected individuals could be substantially higher than the number of files. He observed that a single PDF file sometimes contained details from up to 50 separate orders, suggesting that the total number of exposed customer profiles might exceed 3.5 million. 

The information was derived from SABO’s internal document management system used for handling sales, returns, and shipping data—both within Australia and internationally. The files dated back to 2015 and stretched through to 2025, indicating a mix of outdated and still-relevant information that could pose risks if misused. Upon discovering the open database, Fowler immediately notified the company. SABO responded by securing the exposed data within a few hours. 

However, the brand did not reply to the researcher’s inquiries, leaving critical questions unanswered—such as how long the data remained vulnerable, who was responsible for managing the server, and whether malicious actors accessed the database before it was locked. SABO, known for its stylish collections of clothing, swimwear, footwear, and formalwear, operates three physical stores in Australia and also ships products globally through its online platform. 

In 2024, the brand reported annual revenue of approximately $18 million, underscoring its scale and reach in the retail space. While SABO has taken action to secure the exposed data, the breach underscores ongoing challenges in cybersecurity, especially among mid-sized e-commerce businesses. Data left unprotected on the internet can be quickly exploited, and even short windows of exposure can have lasting consequences for customers. 

The lack of transparency following the discovery only adds to growing concerns about how companies handle consumer data and whether they are adequately prepared to respond to digital threats.
Read more »
Subscribe to: Comments (Atom)