On January 24, DataBreaches was contacted by a spokesperson for AlphV (“BlackCat”) to see if this site would be interested in reporting on a breach involving BrightStar Care (“BrightStar”). BrightStar had been added to their dark web leak site that day but without any proof of claim. The spokesperson was offering to show DataBreaches data…
Category: Commentaries and Analyses
Cloudflare hacked using auth tokens stolen in Okta attack
Sergiu Gatlan reports: Cloudflare disclosed today that its internal Atlassian server was breached by a suspected ‘nation state attacker’ who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system. The threat actor first gained access to Cloudflare’s self-hosted Atlassian server on November 14 and then accessed the company’s Confluence and Jira…
Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider
Brian Krebs reports: On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber…
Attorney General James Sues Citibank for Failing to Protect and Reimburse Victims of Electronic Fraud
Imagine having a law on your side that actually helps you in the event your bank account is hacked or your funds are stolen by scammers, but the bank never tells you that you are protected by that law, and worse, does not comply with it. According to NYS Attorney General Letitia James, that’s pretty…
Ransomware payments drop to record low as victims refuse to pay
Bill Toulas reports: The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware. This trend became apparent in mid-2021 when the payment rate dropped to 46% after previously being 85% at the start of 2019. According to Coveware, the…
Facebook suffers big loss in lawsuit against data-scraping company
Jon Brodkin reports: One year after Meta sued a data-scraping company, a federal judge this week threw out Meta’s breach-of-contract claim because the defendant obtained only public data from Facebook and Instagram. Meta sued Bright Data in January 2023, making claims of breach of contract and tortious interference with contract. Bright Data is an Israeli company that collects data…