Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label protecting sensitive data. Show all posts
protecting sensitive data
Data Breach Data Sale data security Data Stolen Data Theft Database Leaked Database Security Infostealer Personal Data Personal Information protecting sensitive data

Startup Sells Stolen Personal Data Online for $50, Raising Alarms Over Privacy and Ethics

 

A new controversy is brewing over a U.S.-based startup accused of making stolen personal data widely accessible—for as little as $50. Farnsworth Intelligence, founded by 23-year-old Aidan Raney, is openly marketing a product called “Infostealers,” which allows customers to search a massive database of sensitive information, including passwords, browser autofill data, and private account credentials. 

According to investigative reporting by 404 Media, this information isn’t simply scraped from public directories or legally collected sources. Instead, it appears to come directly from major data breaches—information illegally obtained from hacked websites and platforms. Users can buy access through the company’s online portal, Infostealers.info, raising serious questions about the legality and ethics of such transactions. 

While services like people-search websites have long existed, Farnsworth’s platform seems to go far beyond what’s commonly available. Some of the information for sale includes usernames, passwords, browser history, addresses saved in auto-fill fields, and more—data types typically leaked only after breaches. Their advanced offering, the Infostealer Data Platform, promises even deeper access. Although not available to everyone, it can be granted upon request for uses like journalism, cybersecurity, private investigations, or law enforcement. The company doesn’t appear to require a court order or warrant for access. 

Farnsworth Intelligence makes bold claims about its reach and capabilities. Its website boasts about human intelligence operations and even claims to have infiltrated a North Korean laptop farm via social engineering. It promotes use cases like “corporate due diligence,” “background checks,” and “asset searches,” without clearly explaining how it acquires its “trillions” of data points. The lack of transparency, coupled with the open sale of sensitive data, is alarming. 

Experts argue that while security researchers and cybersecurity firms often monitor breach data to help protect users, monetizing it so brazenly is a different matter entirely. As Cooper Quintin from the Electronic Frontier Foundation notes, “It would be illegal and unethical to sell stolen cell phones even if you didn’t steal them yourself, and I don’t see how this is any different.”  

Even more concerning is the potential for abuse. With no real verification or oversight, bad actors—including stalkers or authoritarian agencies—could exploit this platform to target individuals, especially those already at risk. The implications for personal safety, privacy rights, and digital ethics are profound. 

This development underscores how data breaches don’t just disappear—they become weapons for profit in the wrong hands.
Read more »
protecting sensitive data
Army British Army Data Breach Data Leak Data protection data security Information Security protecting sensitive data

UK Army Probes Leak of Special Forces Identities in Grenadier Guards Publication

 

The British Army has initiated an urgent investigation following the public exposure of sensitive information identifying members of the UK Special Forces. General Sir Roly Walker, Chief of the General Staff, has directed a comprehensive review into how classified data was shared, after it was found that a regimental newsletter had published names and postings of elite soldiers over a period of more than ten years. 

The internal publication, created by the Grenadier Guards Regimental Association, is believed to have revealed the identities and current assignments of high-ranking officers serving in confidential roles. Several names were reportedly accompanied by the abbreviation “MAB,” a known military code linked to Special Forces. Security experts have expressed concern that such identifiers could be easily deciphered by hostile actors, significantly raising the risk to those individuals. 

The revelation has triggered backlash within the Ministry of Defence, with Defence Secretary John Healey reportedly outraged by the breach. The Ministry had already issued warnings about this very issue, yet the publication remained online until it was finally edited last week. The breach adds to growing concern over operational security lapses in elite British military units.  

This latest disclosure follows closely on the heels of another incident in which the identities of Special Forces soldiers involved in missions in Afghanistan were exposed through a separate data leak. That earlier breach had been shielded by a legal order for nearly two years, emphasizing the persistent nature of such security vulnerabilities. 

The protection of Special Forces members’ identities is a critical requirement due to the covert and high-risk nature of their work. Publicly exposing their names can not only endanger lives but also jeopardize ongoing intelligence missions and international collaborations. The leaked material is also said to have included information about officers working within the Cabinet Office’s National Security Secretariat—an agency that advises the Prime Minister on national defence—and even a soldier assigned to General Walker’s own operational staff. 

While the Grenadier Guards’ publication has now removed the sensitive content, another regiment had briefly published similar details before promptly deleting them. Still, the extended availability of the Grenadier data has raised questions about oversight and accountability in how military associations manage sensitive information.  

General Walker, a former commander of the Grenadier Guards, announced that he has mandated an immediate review of all information-sharing practices between the army and regimental associations. His directive aims to ensure that stronger protocols are in place to prevent such incidents in the future, while still supporting the positive role these associations play for veterans and serving members alike. 

The Defence Ministry has not released details on whether those named in the leak will be relocated or reassigned. However, security analysts say the long-term consequences of the breach could be serious, including potential threats to the personnel involved and operational risks to future Special Forces missions. As investigations continue, the British Army is now under pressure to tighten internal controls and better protect its most confidential information from digital exposure.
Read more »
protecting sensitive data
Chinese Hackers Cyber Attacks cyber espionage cybercriminal group Cyberthreatm Salt Typhoon Hacks data security Data Theft DHS Hacker attack Hacker group protecting sensitive data

Chinese Hacker Group Salt Typhoon Breaches U.S. National Guard Network for Nine Months

 

An elite Chinese cyber-espionage group known as Salt Typhoon infiltrated a U.S. state’s Army National Guard network for nearly nine months, according to a classified Pentagon report revealed in a June Department of Homeland Security (DHS) memo. The memo, obtained by the nonprofit Property of the People through a freedom of information request, indicates the hackers had deep access between March and December 2024, raising alarms about compromised military or law enforcement data. 

Salt Typhoon has previously been linked to some of the most expansive cyber-intrusions into American infrastructure. This latest revelation suggests their reach was even broader than earlier believed. Authorities are still investigating the full extent of data accessed, including sensitive internal documents, personal information of service members, and network architecture diagrams. The affected state’s identity remains undisclosed. 

The Department of Defense declined to comment on the matter, while a spokesperson from the National Guard Bureau confirmed the breach but assured that the incident did not hinder any ongoing state or federal missions. Investigations are ongoing to determine the scope and potential long-term impact of the breach. 

China’s embassy in Washington did not directly deny the allegations but claimed the U.S. had not provided concrete evidence linking Salt Typhoon to the Chinese government. They reiterated that cyberattacks are a global threat and that China also faces similar risks. 

Salt Typhoon is particularly notorious for its ability to infiltrate and pivot across different networks. In a prior campaign, the group was linked to breaches at major telecom companies, including AT&T and Verizon, where hackers allegedly monitored text messages and calls tied to U.S. political figures, including both Trump and Harris campaigns and Senate Majority Leader Chuck Schumer’s office.

The hybrid structure of the National Guard — functioning under both federal and state authority — may have provided a wider attack surface. According to the DHS memo, the group may have obtained intelligence that could be used to compromise other states’ National Guard units and their local cybersecurity partners. Fourteen state National Guard units reportedly share intelligence with local fusion centers, potentially magnifying the risk. 

In January 2025, the U.S. Treasury Department sanctioned a company in Sichuan believed to be facilitating Salt Typhoon operations for China’s Ministry of State Security. Past incidents have shown that Salt Typhoon can maintain access for years, making complete removal and defense particularly challenging.
Read more »
protecting sensitive data
Chinese Data Breach Data Leak data security Data Surveillance database Database Breach Personal Information protecting sensitive data

Massive Data Leak Exposes Billions of Records in Suspected Chinese Surveillance Database

 

Cybersecurity experts have uncovered a massive trove of sensitive information left exposed online, potentially placing millions of individuals at significant risk. The discovery, made by researchers from Cybernews in collaboration with SecurityDiscovery.com, revealed an unsecured database totaling 631 gigabytes—containing an estimated four billion individual records. 

The open instance, which lacked any form of password protection, was quickly taken offline once the exposure was reported, but experts remain unsure about how long it had remained publicly accessible. The data, according to the investigation, appears to primarily concern Chinese citizens and users, with entries collected from various platforms and sources. 

Cybernews researchers believe this is not a random collection, but rather a systematically curated database. They described it as a tool capable of constructing detailed behavioral, social, and financial profiles of nearly any individual included in the records. The structured and diverse nature of the data has led analysts to suspect that the repository may have been created as part of a broader surveillance or profiling initiative. 

Among the most alarming elements of the database is the presence of extensive personally identifiable information (PII). The exposed details include full names, birth dates, phone numbers, financial records, bank card data, savings balances, debt figures, and personal spending patterns. Such information opens the door to a wide range of malicious activities—ranging from identity theft and financial fraud to blackmail and sophisticated social engineering attacks. 

A large portion of the exposed records is believed to originate from WeChat, the popular Chinese messaging app, which accounts for over 805 million entries. Another 780 million records relate to residential data tied to specific geographic locations. Meanwhile, a third major portion of the database labeled “bank” contains around 630 million records of financial and sensitive personal data. 

If confirmed, the scale of this leak could surpass even the National Public Data breach, one of the most significant data security incidents in recent memory. Experts are particularly troubled by the implications of a centralized data cache of this magnitude—especially one that may have been used for state-level surveillance or unauthorized commercial data enrichment. 

While the server hosting the information has been taken offline, the potential damage from such an exposure may already be done. Investigators continue to analyze the breach to determine its full impact and whether any malicious actors accessed the data while it was left unsecured.
Read more »
secure medical
Cyber Security cyberattacks on hospitals Healthcare cybersecurity medical data breaches protecting sensitive data ransomware healthcare risks secure medical

Why Medical Records Are Prime Targets for Cyberattacks and How to Stay Safe


Healthcare organizations have experienced a significant transformation, transitioning from paper-based records to digital systems. This change enables medical records to be accessed and updated anytime, improving coordination among hospitals, clinics, and specialists.

Despite the advantages, digital storage poses significant challenges, particularly the risk of data breaches. The vast amounts of sensitive information stored by hospitals and health insurance companies make them attractive targets for cybercriminals.

According to the HIPAA Journal, data breaches have steadily risen. In 2022, 720 incidents exposed over 500 records each, increasing to 725 breaches and 133 million compromised records in 2023. A ransomware attack on Change Healthcare in 2024 affected an estimated 100 million individuals.

Why Hackers Target Medical Records

1. Medical Data's High Value

Healthcare systems store a wealth of sensitive data, including names, social security numbers, medical histories, and insurance details. Unlike credit card numbers, which can be replaced, personal details like social security numbers are permanent, enabling long-term fraud.

Stolen data is often sold on the dark web or used for identity theft, medical fraud, or harassment. Ransomware attacks also target healthcare organizations due to their dependence on immediate system access.

2.Vulnerable Networks

Outdated or insecure networks increase the likelihood of breaches. Some healthcare providers use legacy systems due to compatibility issues or budget constraints.

The risks extend to external factors, such as unsecure devices connected by staff or third-party vendors with inadequate security. Medical devices like heart monitors and imaging systems further complicate matters by adding potential entry points for attackers.

3. Shared Medical Information

Effective patient care relies on data sharing among teams, specialists, insurers, researchers, and patients. This extensive sharing creates multiple exposure points, increasing the risk of data interception.

The urgency in medical settings can also lead to security being deprioritized in favor of quick access, further exposing sensitive information.

Although individuals cannot control healthcare systems' security, the following steps can enhance personal data protection:

  • Use a VPN: Encrypt your internet traffic to prevent unauthorized access.
  • Enable Multi-Factor Authentication (MFA): Add an extra verification step to secure sensitive accounts.
  • Keep Devices Updated: Regular updates ensure vulnerabilities are patched.
  • Avoid Reusing Passwords: Use strong, unique passwords with a password manager if needed.
  • Beware of Phishing: Don’t click on suspicious links, even if they appear urgent or legitimate.
Read more »
Subscribe to: Posts (Atom)