Here’s today’s reminder of the insider threat. And also the external threat. Consider it a pre-holiday twofer. DataBreaches was contacted yesterday by “0mid16B,” the same individual who was responsible for previously hacking The1 Card, Thailand’s most popular loyalty program. In their latest contact, they claim to have successfully attacked Ardyss[.]com and ArdyssLife[.]com, telling DataBreaches, “In…
Category: Business Sector
Tracker firm Hapn spilled names of thousands of GPS tracking customers
Zack Whittaker reports: GPS tracking firm Hapn exposed the names of thousands of its customers due to a website bug, TechCrunch has learned. A security researcher alerted TechCrunch in late November to customer names and affiliations — such as the name of their workplace — spilling from one of Hapn’s servers, which TechCrunch has seen….
US Court Finds NSO Liable For Hacking Of WhatsApp Using Pegasus Malware
Gursimran Kaur Bakshi reports: In a summary judgment, Judge Phyllis Hamilton of the US District Court in Oakland, Northern District of California has found Israeli-mercenary’s surveillance firm NSO Group Technologies (also known as Q Cyber Technologies) liable for the hacking of Meta’s Whatsapp through its state-of-the-art military-grade malware Pegasus. The Court has found that NSO violated the Computer Fraud…
FTC Finalizes Order with Marriott and Starwood Requiring Them to Implement a Robust Data Security Program to Address Security Failures
The Federal Trade Commission finalized an order requiring Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC to implement a comprehensive information security program to settle charges that the companies failed to implement reasonable data security, which led to three large data breaches affecting more than 344 million customers worldwide. In a complaint first…
No need to hack when it’s leaking: Cisco edition
The hacker and forum owner known as “IntelBroker” announced that he and others breached Cisco systems and obtained source code and other valuable information. In a forum post where they offered “partial Cisco” data, they admit that a Cisco error had enabled them to access the data: In October 2024, Cisco accidentally left open their…
LastPass breach comes back to haunt users as hackers steal $12 million in two days
Solomon Klappholz reports: A major data breach at password manager firm LastPass in 2022 is still causing mayhem two years later, with cyber criminals using stolen information to carry out further attacks. According to data collated by crypto investigator ZachXBT, hackers stole $12.38 million in cryptocurrency from LastPass users on 16 and 17 December. The attackers drained…