Mohammad Musharraf reports: Major cryptocurrency hardware wallet provider Ledger has alerted customers to a data breach it faced in June and July. In an email on July 29, the company said it was made aware of the breach on July 14 when a researcher participating in its bounty program reached out with details of a…
Category: Hack
Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev
Catalin Cimpanu reports: Waydev, an analytics platform used by software companies, has disclosed a security breach earlier this month. The company says that hackers broke into its platform and stole GitHub and GitLab OAuth tokens from its internal database. Read more on ZDNet.
Hiscox Hack Suit Advances as Warden Grier Loses Dismissal Bid
Julia Weng reports: Hiscox Insurance Co. Inc. can move forward with claims against Warden Grier LLP, which lost a bid to dismiss allegations that fault the law firm’s handling of a hack that exposed the insurer’s data. Read more on Bloomberg. As reported on DataBreaches.net in 2018, thedarkoverlord (“TDO”) had started leaking what they claimed…
Ongoing Meow attack has nuked >1,000 databases without telling anyone why
In March, thousands of elastic search installations were wiped out and all that was left was a calling card, “NightLionSecurity.com.” Now there’s a new round of attacks using a “Meow” calling card as they wipe out ElasticSearch and MongoDB databases. Dan Goodin reports: More than 1,000 unsecured databases so far have been permanently deleted in…
278k Instacart customer records reportedly hacked, includes order history
Ben Lovejoy reports: Some 278,531 Instacart customer records have reportedly been hacked, and are for sale on the dark web. The data includes names, email addresses, the last four digits of credit card numbers, and order histories … Instacart denies that there has been any breach, and says that if any data is real, it didn’t come…
US charges two Chinese spies for a global hacking campaign that targeted COVID-19 research
Zack Whittaker reports: U.S. prosecutors have charged two Chinese nationals, said to be working for China’s state intelligence bureau, for their alleged involvement in a massive global hacking operation that targeted hundreds of companies and governments for more than a decade. The 11-count indictment, unsealed Tuesday, alleges Li Xiaoyu, 34, and Dong Jiazhi, 33, stole terabytes…