Hacker News with Generative AI: Data Breaches

GitHub found 39M secret leaks in 2024. Here's what we're doing to help (github.blog)
If you know where to look, exposed secrets are easy to find. Secrets are supposed to prevent unauthorized access, but in the wrong hands, they can be—and typically are—exploited in seconds.
Security, Data Breaches, Software Development, GitHub
6 points by gnabgib 7 hours ago | 1 comments
Hacking the call records of millions of Americans (evanconnelly.github.io)
Imagine if anyone could punch in a phone number from the largest U.S. cell carrier and instantly retrieve a list of its recent incoming calls—complete with timestamps—without compromising the device, guessing a password, or alerting the user.
Privacy, Cybersecurity, Data Breaches, Telecommunications
85 points by voxadam 9 hours ago | 13 comments
2.8B Twitter IDs Leaked (forbes.com)
Elon Musk’s social media platform, X, is no stranger to the news. What with the reported purchase of X by xAI for $33 billion, attackers claiming responsibility for platform outages, and X password scams targeting users. Now, another shock awaits the users of what used to be Twitter: a self-proclaimed data enthusiast has just given away what is claimed to be a database containing details of some 200 million X user records. Here’s what we know so far.
Data Breaches, Social Media, Security, Privacy, Elon Musk
9 points by EVa5I7bHFq9mnYK 1 day ago | 6 comments
Breach of X allegedly leaks over 200M users' email addresses (mashable.com)
An alleged X data breach has leaked the email addresses of more than 200 million users.
Data Breaches, Security, Social Media, Privacy
16 points by tantalor 1 day ago | 0 comments
Over 200M Records Allegedly Belonging to X Leaked Online (safetydetectives.com)
Data Breaches, Cybersecurity, Privacy, X (company)
16 points by RankingMember 1 day ago | 1 comments
Oracle Cloud security SNAFU latest: IT giant's pedantry as evidence vanishes (theregister.com)
Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly – it may be scrubbing the web of evidence, too.
Cybersecurity, Cloud Computing, Oracle, Data Breaches
6 points by rntn 2 days ago | 0 comments
Twitter (X) Hit by Data Leak of 2.8B Users – Allegedly an Insider Job (hackread.com)
A data leak involving a whopping 2.87 billion Twitter (X) users has surfaced on the infamous Breach Forums.
Data Breaches, Social Media, Security, Twitter
114 points by CHEF-KOCH 4 days ago | 15 comments
Oracle Health (formerly Cerner) breach compromises patient data at US hospitals (bleepingcomputer.com)
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.
Cybersecurity, Healthcare, Data Breaches, Oracle, Cerner
23 points by dinosor 5 days ago | 0 comments
Private Data and Passwords of Senior U.S. Security Officials Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.
Cybersecurity, Privacy, Data Breaches, Government, United States
39 points by JumpCrisscross 6 days ago | 4 comments
Private Data and Passwords of Senior U.S. Security Officials Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.
Cybersecurity, Politics, Data Breaches, Security Officials
10 points by payamb 7 days ago | 0 comments
Oracle customers confirm data stolen in alleged cloud breach is valid (bleepingcomputer.com)
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.
Cybersecurity, Data Breaches, Oracle, Cloud Computing
347 points by el_duderino 7 days ago | 82 comments
A Sneaky Phish Just Grabbed My Mailchimp Mailing List (troyhunt.com)
You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing list for this blog. I'm deliberately keeping this post very succinct to ensure the message goes out to my impacted subscribers ASAP, then I'll update the post with more details.
Security, Email Marketing, Data Breaches, Mailchimp
117 points by gpi 9 days ago | 70 comments
Despite evidence, Oracle Cloud denies break-in as pilfered info goes on sale (theregister.com)
Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen.
Cybersecurity, Cloud Computing, Oracle, Data Breaches
17 points by rntn 10 days ago | 0 comments
Krispy Kreme Cyber Attack a Wake-Up Call for the Food Industry (secureworld.io)
If you ask a layperson which industries they expect to come under attack from cyberattacks, they'll probably highlight targets like banks, infrastructure, or big tech. But one of the most high-profile cyberattacks in 2024 was against Krispy Kreme. Is nothing sacred anymore, when even our doughnuts aren't safe?
Cybersecurity, Food Industry, Business, Data Breaches
6 points by mooreds 11 days ago | 0 comments
Hack: 6M Records for Sale Exfiltrated from Oracle Cloud Affecting 140k+ Tenants (cloudsek.com)
CloudSEK uncovers a major breach targeting Oracle Cloud, with 6 million records exfiltrated via a suspected undisclosed vulnerability. Over 140,000 tenants are impacted, as the attacker demands ransom and markets sensitive data online. Learn the full scope, risks, and how to respond. Are you worried your organization might be affected? Check your exposure here - https://exposure.cloudsek.com/oracle
Cybersecurity, Data Breaches, Oracle Cloud, Ransomware, Cloud Security
39 points by gnabgib 11 days ago | 17 comments
Doge to Fired CISA Staff: Email Us Your Personal Data (krebsonsecurity.com)
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections.
Cybersecurity, Government, Trump Administration, Data Breaches
107 points by todsacerdoti 14 days ago | 25 comments
Health Firm Sends Bogus Takedown Demand to Vanish Reporting on Its Data Breach (techdirt.com)
Shooting the messenger is still the preferred tactic for short-sighted entities that have been embarrassed on main by having their own carelessness publicly exposed.
Cybersecurity, Data Breaches, Legal Issues, Journalism
11 points by hn_acker 14 days ago | 3 comments
Billions of credentials were stolen from businesses around the world in 2024 (techradar.com)
Cybersecurity, Data Breaches, Business, 2024
10 points by Brajeshwar 14 days ago | 1 comments
Hidden Messages in Emojis and Hacking the US Treasury (slamdunksoftware.substack.com)
On December 30th, while most of us were preparing for a New Year’s Eve celebration, the US Treasury was prepping a notice to lawmakers to notify them that their systems, which (obviously) contain highly sensitive, confidential data, had been compromised.
Cybersecurity, Government, Data Breaches
209 points by nickagliano 20 days ago | 78 comments
Chinese Hackers Sat Undetected in Small Massachusetts Power Utility for Months (pcmag.com)
In late 2023, the general manager of a Massachusetts public utility company got a surprising phone call. It was an FBI agent, who told him that the Littleton Electric Light and Water Departments (LELWD) were being hacked.
Cybersecurity, Data Breaches, Government, Massachusetts, Utilities
12 points by toss1 21 days ago | 3 comments
'Uber for nurses' exposes 86K+ medical records, PII via open S3 bucket (websiteplanet.com)
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained over 86,000 records belonging to ESHYFT — a New-Jersey-based HealthTech company that operates in 29 states. It offers a mobile app platform that connects healthcare facilities with healthcare workers, including Certified Nursing Assistants (CNAs), Licensed Practical Nurses (LPNs), and Registered Nurses (RNs).
Cybersecurity, Data Breaches, Healthcare, Mobile Apps, HealthTech
353 points by Twirrim 21 days ago | 186 comments
'Uber for nurses' exposes 86k+ medical records, PII in open S3 bucket for months (theregister.com)
More than 86,000 records containing nurses' medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open S3 bucket for months — or possibly even longer — before it was closed it last week.
Data Breaches, Cybersecurity, Healthcare, Cloud Security
7 points by rntn 22 days ago | 1 comments
What PowerSchool won't say about its data breach affecting students (techcrunch.com)
We’re only a few months into 2025, but the recent hack of U.S. edtech giant PowerSchool is on track to be one of the biggest education data breaches in recent years.
Data Breaches, Education, Security, Privacy, Technology
3 points by rntn 23 days ago | 0 comments
X Under Cyberattack (twitter.com)
Something went wrong, but don’t fret — let’s give it another shot.
Cybersecurity, Data Breaches
18 points by sillypuddy 23 days ago | 10 comments
Rhysida pwns two US healthcare orgs, extracts over 300K patients' data (theregister.com)
Break-ins to systems hosting the data of two US healthcare organizations led to thieves making off with the personal and medical data of more than 300,000 patients.
Cybersecurity, Healthcare, Data Breaches, Privacy
4 points by rntn 23 days ago | 0 comments
Feds Link Cyberheist to 2022 LastPass Hacks (krebsonsecurity.com)
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.
Cybersecurity, Data Breaches, Cryptocurrency, Hacking, Password Management
383 points by todsacerdoti 26 days ago | 258 comments
Nearly 1M Windows devices targeted in advanced "malvertising" spree (arstechnica.com)
Nearly 1 million Windows devices were targeted in recent months by a sophisticated "malvertising" campaign that surreptitiously stole login credentials, cryptocurrency, and other sensitive information from infected machines, Microsoft said.
Cybersecurity, Malware, Windows, Microsoft, Data Breaches
6 points by LinuxBender 26 days ago | 2 comments
NTT Com says hackers accessed details of almost 18,000 organizations (techcrunch.com)
Japanese telecom giant NTT Communications (NTT Com) has confirmed that hackers accessed the data of almost 18,000 corporate customers during a February cyberattack, affecting an as-yet-unknown number of individuals.
Cybersecurity, Data Breaches, Japan, Telecommunications, Corporate Security
3 points by hassanahmad 26 days ago | 0 comments
We Know Where You Parked: Data Breach at VW Raises Questions about Privacy (spiegel.de)
Already facing significant headwinds, VW has now been hit by a data protection nightmare. Location data from 800,000 electric vehicles and contact info from owners was accessible unprotected on the internet. And the company didn't even know about it.
Data Breaches, Privacy, Automotive Industry, Volkswagen, Cyber Security
5 points by bobbiechen 27 days ago | 0 comments
Zapier says someone broke into its code repositories and may have customer data (theverge.com)
Zapier informed customers on Friday that an “unauthorized user” accessed “certain Zapier code repositories” and may have gained access to customer information as a result.
Security, Data Breaches, Software, Customer Data
56 points by OmarShehata 32 days ago | 9 comments