Anvee Bhutani and Emma Yeomans report: A dating website for Oxford University students has been accused of breaching student and staff privacy after revealing the name of everyone with a university email address. “OxShag”, set up anonymously by a group of students, promised to help “overworked and undersexed” students find “bookworms with benefits, coursemates keeping…
When ransom negotiations become public, self-inflicted reputation harm may follow
Not all ransomware victims have given up on getting attackers to sign a nondisclosure agreement (NDA), so they can call a ransom payment a “bug bounty” and never disclose that they were the victim of a ransomware incident. At least, that’s how it seems, unless, of course, CyberOptics is going to claim that they were…
Oregon workers’ compensation claimants and policyholders may have had their personal information hacked
Mike Rogoway reports that Oregon’s worker’s compensation insurer, SAIF Corp., experienced a breach in October that potentially compromised policyholders’ information and workers’ compensation claimants’ personal and medical information. On their breach-related site maintained for them by IDX, SAIF explains that on October 24, there was a brief period during which an unauthorized individual or individuals…
What Twitter’s 200 million email leak really means
Lily Hay Newman reports: After reports at the end of 2022 that hackers were selling data stolen from 400 million Twitter users, researchers now say that a widely circulated trove of email addresses linked to about 200 million users is likely a refined version of the larger trove with duplicate entries removed. The social network…
Slack’s private GitHub code repositories stolen over holidays
Ax Sharma reports: Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. … The incident involves threat actors gaining access to Slack’s externally hosted GitHub repositories via a “limited” number of Slack employee tokens that were stolen. While some of Slack’s private code repositories were breached, Slack’s primary codebase and…
January 6 Committee Exposes 2,000 Social Security Numbers of Republicans & Family Members in Massive Dox
Becker News has a commentary that begins: The January 6 committee exposed little new during its 18-month exercise in tedious political theatrics advertised under the banner of being an “investigation.” This J6 “investigation” failed to give us any new info on the DNC pipe bomber, why Ray Epps is free when he said he “orchestrated”…