Sergiu Gatlan reports: GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, 2022, the threat actor has already accessed and stolen data from dozens of victim organizations using Heroku and Travis-CI-maintained OAuth apps, including…
Category: Business Sector
DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii
Meanwhile, last week, AJ Vicens reported: Federal agents in Honolulu last week “disrupted” an apparent cyberattack on an unnamed telecommunication company’s servers associated with an underwater cable responsible for internet, cable service and cell connections in Hawaii and the region, the agency said in a statement Tuesday. Hawaii-based agents with Homeland Security Investigations, an arm…
McDonald’s is Informing its Costa Rica Customers About a Data Breach
Manikanta Immanni reports: McDonald’s faced an indirect data breach where a hacker accessed sensitive information belonging to its clients in the Costa Rica branch. The company later said that a service provider it hired has left its client data exposed, which was reportedly accessed by the hacker. […] How the hacker was able to access…
Kr: Source Music Fined 3 Million Won By PIPC For Accidentally Leaking Fans’ Personal Information
Soompi reports: Source Music has been ordered to pay a fine of 3 million won (approximately $2,438) by South Korea’s Personal Information Protection Commission (PIPC). Last year, after GFRIEND’s sudden disbandment, Source Music used a Google questionnaire in the process of refunding fan club membership fees. However, due to the questionnaire’s privacy settings being accidentally set to public,…
Spanish football federation reports data stolen by hackers
The Sun reports: The Spanish football federation (RFEF) said on Thursday it was victim of a hacking attack which resulted in the loss of data belonging to president Luis Rubiales. General secretary Andreu Camps also had text and audio data stolen, the RFEF said, and the loss had been reported to the police. Read more…
Hetzner lost customer data and gave 20€ as compensation
Bill Toulas reports: Hetzner Online GmbH, a German cloud services provider, told some customers this week that their data had been irreversibly lost and were provided a 20€ compensation in online credit. Hetzner, which operates several data centers in Germany and Finland, suffered a rare occurrence of multiple hardware failures that have wiped some customers’…