Ben Lovejoy reports: A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. We’ve been shown evidence that the same security vulnerability was exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources. It had previously been…
Category: Business Sector
Bits ‘n Pieces (Trozos y Piezas)
MX: LV threat actors claim to have hacked UnitedAuto On November 19, LV BLog added UnitedAuto, a Mexican automotive company, to its leak site, claiming to have more than 2TB of stolen personal information. The threat actors criticized their victim, stating “United Auto does not have any basic protection for their system. The company has…
WhatsApp data leak: 500 million user records for sale; is it really a leak?
Jurgita Lapienytė reports: On November 16, an actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers. The dataset allegedly contains WhatsApp user data from 84 countries. Threat actor claims there are over 32 million US user records included. Another huge…
Ca: OSSTF victim of ransomware attack, notifies members of personal data compromised
The Canadian Press reports: The union representing public high school teachers in Ontario says it was the victim of a ransomware attack earlier this year that compromised members’ personal information. The Ontario Secondary School Teachers’ Federation says it discovered in late May that an “unauthorized third party” accessed and encrypted its systems between May 25…
AirAsia victim of ransomware attack, passenger and employee data acquired
AirAsia Group* pledges to be responsible when gathering personal information and to protect privacy “in every possible way.” That’s not a contract, mind you, but just an expression of their commitment. On November 11 and 12, AirAsia Group fell victim to a ransomware attack by Daixin Team. The threat actors, who were the topic of…
Meta Fires Employees and Contractors for Improperly Accessing Users’ Accounts and Selling Them to Hackers
Daniel Kreps reports: Meta, the parent company of Facebook, has fired or disciplined dozens of employees and contractors — including Meta security guards — following an internal probe that revealed they were improperly accessing users’ accounts for reasons including bribery. The Wall Street Journal reports that, for years, the employees and contractors wrongly used Facebook’s internal mechanism for helping password-forgetting…