Bill Toulas reports: Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations’ cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, Microsoft says the threat actors posed as legitimate companies to enroll and successfully be verified as that company in the MCPP…
Google Fi Customers Caught Up in T-Mobile Data Breach
Matthew Humphries reports: Google is in the process of telling Google Fi customers that their data was stolen as part of the T-Mobile breach earlier this month. On Jan. 5, a hacker breached T-Mobile’s network and stole data from 37 million customer accounts. Google Fi uses T-Mobile’s network for the majority of its connections, and it seems the…
Hacker finds bug that allowed anyone to bypass Facebook 2FA
Lorenzo Franceschi-Bicchierai reports: A bug in a new centralized system that Meta created for users to manage their logins for Facebook and Instagram could have allowed malicious hackers to switch off an account’s two-factor protections just by knowing their phone number. Gtm Mänôz, a security researcher from Nepal, realized that Meta did not set up a limit…
Morgan Hill Unified School District discloses data breach
Morgan Hill Unified School District in California has disclosed a breach that occurred when an employee’s email account was accessed without authorization between September 11 and October 11, 2022. While the district’s investigation was able to confirm connections to the employee’s account during those dates, the investigation was not able to determine which specific emails…
The U.N. Committee on Human Rights asks Morocco NOT to extradite Raoult
A small and somewhat bitter update to the Sébastien Raoult case. Sébastien’s father contacted DataBreaches tonight to say that they had just received a response from the Human Rights Committee of the United Nations. In response to Raoult’s appeal submitted on January 17, the committee responded by asking Morocco not to extradite Raoult while Raoult’s…
HC3: Analyst Note: Pro-Russian Hacktivist Group ‘KillNet’ Threat to HPH Sector
Pro-Russian Hacktivist Group ‘KillNet’ Threat to HPH Sector January 30, 2023 TLP:CLEAR Report: 202301301200 Executive Summary The hacktivist group ‘KillNet’—has targeted the U.S. healthcare industry in the past and is actively targeting the health and public health sector. The group is known to launch DDoS attacks and operates multiple public channels aimed at recruitment and…