Hacker News with Generative AI: Data Breaches

TeleMessage Customers Include DC Police, Andreessen Horowitz, JP Morgan,Hundreds (micahflee.com)
I've been digging through the 410 GB of Java heap dumps from TeleMessage's archive server, provided by DDoSecrets. Here's a description of the dataset, some of my initial findings, details about an upcoming open source research tool I'm going to release, and a huge list of potential TeleMessage customers.
Data breach exposes 184M passwords, likely captured by malware (zdnet.com)
Yet another data breach has exposed passwords and other sensitive information – but this one is a whopper.
Suspected InfoStealer Malware Data Breach Exposed 184M Logins/Passwords (websiteplanet.com)
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 184 million login and password credentials.
Hacker who breached comms app used by Trump aide stole data from across US govt (yahoo.com)
A hacker who breached the communications service used by former Trump national security adviser Mike Waltz earlier this month intercepted messages from a broader swathe of American officials than has previously been reported, according to a Reuters review, potentially raising the stakes of a breach that has already drawn questions about data security in the Trump administration.
Coinbase says its data breach affects at least 69k customers (techcrunch.com)
Coinbase said at least 69,461 customers had personal and financial information stolen during a months-long data breach that it disclosed last week.
Coinbase Data Breach Will Lead to People Dying, TechCrunch Founder Says (decrypt.co)
The founder of online news publication TechCrunch has claimed that Coinbase’s recent data breach “will lead to people dying,” amid a wave of kidnap attempts targeting high-net-worth crypto holders.
Have I Been Pwned 2.0 (troyhunt.com)
This has been a very long time coming, but finally, after a marathon effort, the brand new Have I Been Pwned website is now live!
'Significant amount' of private data stolen in UK Legal Aid hack (bbc.co.uk)
A "significant amount" of private data including details of domestic abuse victims has been hacked from Legal Aid's online system.
M&S hackers believed to have gained access through third party (bbc.co.uk)
The hackers behind a cyber-attack on Marks & Spencer (M&S) managed to gain entry through a third party who had access to its systems, the BBC understands.
Coinbase says customers' personal information stolen in data breach (techcrunch.com)
Crypto giant Coinbase has confirmed its systems have been breached and customer data, including government-issued identity documents, were stolen.
California sent residents' personal health data to LinkedIn (themarkup.org)
The website that lets Californians shop for health insurance under the Affordable Care Act, coveredca.com, has been sending sensitive data to LinkedIn, forensic testing by The Markup has revealed.
Coinbase says customers’ personal information stolen in data breach (techcrunch.com)
Crypto giant Coinbase has confirmed its systems have been breached and customer data, including government-issued identity documents, were stolen.
A note about the security of your Steam account (steampowered.com)
The account details of 89 million Steam users have reportedly been hacked.
89M Steam account details just got leaked (xda-developers.com)
North Korean IT Workers Are Being Exposed on a Scale (wired.com)
Security researchers are publishing 1,000 email addresses they claim are linked to North Korean IT worker scams that infiltrated Western companies—along with photos of men allegedly involved in the schemes.
DOGE engineer's credentials found in past public leaks from info-stealer malware (arstechnica.com)
Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware, a strong indication that devices belonging to him have been hacked in recent years.
DOGEs K Schutt's computer infected by malware, credentials found in stealer logs (micahflee.com)
Kyle Schutt is a 37 year old "DOGE software engineer," according to ProPublica. In February, Drop Site News reported that he gained access to FEMA's "core financial management system." His computer was apparently compromised with malware, because his email address and passwords have shown up in four separate stealer log datasets, all of them published since late 2023.
LockBit Hacked – Plaintext Passwords (gbhackers.com)
The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion rings, has itself become the victim of a major cyberattack.
Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years (wired.com)
Tulsi Gabbard, the director of national intelligence, used the same easily cracked password for different online accounts over a period of years, according to leaked records reviewed by WIRED.
TeleMessage suspends services after hackers claim to have stolen files (nbcnews.com)
The Signal Clone the Trump Admin Uses Was Hacked (micahflee.com)
A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages, 404 Media has learned.
Reddit data breach: undeletes all your post & comments, again ... (reddit.com)
Dedicated to the intersection of technology, privacy, and freedom in the digital world.
Banking passwords stolen from Australians are being traded online by criminals (abc.net.au)
More than 31,000 passwords belonging to Australian customers of the Big Four banks are being shared amongst cyber criminals online, often for free, the ABC can reveal.
From 112k to 4M folks' data – HR biz attack goes from bad to mega bad (theregister.com)
Houston-based VeriSource Services' long-running probe into a February 2024 digital break-in shows the data of 4 million people – not just a few hundred thousand as it first claimed - was accessed by an "unknown actor".
More than 21M employee screenshots leaked from WorkComposer (tomsguide.com)
Top employee monitoring app leaks 21M screenshots on users (techradar.com)
Blue Shield says it shared health info on up to 4.7M patients with Google Ads (theregister.com)
US health insurance giant Blue Shield of California handed sensitive health information belonging to as many as 4.7 million members to Google's advertising empire, likely without these individuals' knowledge or consent.
Ransomware scum bilked victims out of a 'staggering' $16.6B last year, says FBI (theregister.com)
Digital scammers and extortionists bilked businesses and individuals in the US out of a "staggering" $16.6 billion last year, according to the FBI — the highest losses recorded since bureau’s Internet Crime Complaint Center (IC3) started tracking them 25 years ago.
Blue Shield shared the private health data of millions with Google for years (techcrunch.com)
Health insurance giant Blue Shield of California is notifying millions of people of a data breach. The company confirmed on Wednesday that it had been sharing patients’ private health information with tech and advertising giant Google since 2021.
Whistleblower: DOGE siphoned NLRB case data (krebsonsecurity.com)
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity.