Hacker News with Generative AI: Data Breaches

2.8B Twitter IDs Leaked (forbes.com)
Elon Musk’s social media platform, X, is no stranger to the news. What with the reported purchase of X by xAI for $33 billion, attackers claiming responsibility for platform outages, and X password scams targeting users. Now, another shock awaits the users of what used to be Twitter: a self-proclaimed data enthusiast has just given away what is claimed to be a database containing details of some 200 million X user records. Here’s what we know so far.
Breach of X allegedly leaks over 200M users' email addresses (mashable.com)
An alleged X data breach has leaked the email addresses of more than 200 million users.
Over 200M Records Allegedly Belonging to X Leaked Online (safetydetectives.com)
Oracle Cloud security SNAFU latest: IT giant's pedantry as evidence vanishes (theregister.com)
Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly – it may be scrubbing the web of evidence, too.
Twitter (X) Hit by Data Leak of 2.8B Users – Allegedly an Insider Job (hackread.com)
A data leak involving a whopping 2.87 billion Twitter (X) users has surfaced on the infamous Breach Forums.
Oracle Health (formerly Cerner) breach compromises patient data at US hospitals (bleepingcomputer.com)
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.
Private Data and Passwords of Senior U.S. Security Officials Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.
Private Data and Passwords of Senior U.S. Security Officials Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.
Oracle customers confirm data stolen in alleged cloud breach is valid (bleepingcomputer.com)
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.
A Sneaky Phish Just Grabbed My Mailchimp Mailing List (troyhunt.com)
You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing list for this blog. I'm deliberately keeping this post very succinct to ensure the message goes out to my impacted subscribers ASAP, then I'll update the post with more details.
Despite evidence, Oracle Cloud denies break-in as pilfered info goes on sale (theregister.com)
Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen.
Krispy Kreme Cyber Attack a Wake-Up Call for the Food Industry (secureworld.io)
If you ask a layperson which industries they expect to come under attack from cyberattacks, they'll probably highlight targets like banks, infrastructure, or big tech. But one of the most high-profile cyberattacks in 2024 was against Krispy Kreme. Is nothing sacred anymore, when even our doughnuts aren't safe?
Hack: 6M Records for Sale Exfiltrated from Oracle Cloud Affecting 140k+ Tenants (cloudsek.com)
CloudSEK uncovers a major breach targeting Oracle Cloud, with 6 million records exfiltrated via a suspected undisclosed vulnerability. Over 140,000 tenants are impacted, as the attacker demands ransom and markets sensitive data online. Learn the full scope, risks, and how to respond. Are you worried your organization might be affected? Check your exposure here - https://exposure.cloudsek.com/oracle
Doge to Fired CISA Staff: Email Us Your Personal Data (krebsonsecurity.com)
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections.
Health Firm Sends Bogus Takedown Demand to Vanish Reporting on Its Data Breach (techdirt.com)
Shooting the messenger is still the preferred tactic for short-sighted entities that have been embarrassed on main by having their own carelessness publicly exposed.
Billions of credentials were stolen from businesses around the world in 2024 (techradar.com)
Hidden Messages in Emojis and Hacking the US Treasury (slamdunksoftware.substack.com)
On December 30th, while most of us were preparing for a New Year’s Eve celebration, the US Treasury was prepping a notice to lawmakers to notify them that their systems, which (obviously) contain highly sensitive, confidential data, had been compromised.
Chinese Hackers Sat Undetected in Small Massachusetts Power Utility for Months (pcmag.com)
In late 2023, the general manager of a Massachusetts public utility company got a surprising phone call. It was an FBI agent, who told him that the Littleton Electric Light and Water Departments (LELWD) were being hacked.
'Uber for nurses' exposes 86K+ medical records, PII via open S3 bucket (websiteplanet.com)
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained over 86,000 records belonging to ESHYFT — a New-Jersey-based HealthTech company that operates in 29 states. It offers a mobile app platform that connects healthcare facilities with healthcare workers, including Certified Nursing Assistants (CNAs), Licensed Practical Nurses (LPNs), and Registered Nurses (RNs).
'Uber for nurses' exposes 86k+ medical records, PII in open S3 bucket for months (theregister.com)
More than 86,000 records containing nurses' medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open S3 bucket for months — or possibly even longer — before it was closed it last week.
What PowerSchool won't say about its data breach affecting students (techcrunch.com)
We’re only a few months into 2025, but the recent hack of U.S. edtech giant PowerSchool is on track to be one of the biggest education data breaches in recent years.
X Under Cyberattack (twitter.com)
Something went wrong, but don’t fret — let’s give it another shot.
Rhysida pwns two US healthcare orgs, extracts over 300K patients' data (theregister.com)
Break-ins to systems hosting the data of two US healthcare organizations led to thieves making off with the personal and medical data of more than 300,000 patients.
Feds Link Cyberheist to 2022 LastPass Hacks (krebsonsecurity.com)
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.
Nearly 1M Windows devices targeted in advanced "malvertising" spree (arstechnica.com)
Nearly 1 million Windows devices were targeted in recent months by a sophisticated "malvertising" campaign that surreptitiously stole login credentials, cryptocurrency, and other sensitive information from infected machines, Microsoft said.
NTT Com says hackers accessed details of almost 18,000 organizations (techcrunch.com)
Japanese telecom giant NTT Communications (NTT Com) has confirmed that hackers accessed the data of almost 18,000 corporate customers during a February cyberattack, affecting an as-yet-unknown number of individuals.
We Know Where You Parked: Data Breach at VW Raises Questions about Privacy (spiegel.de)
Already facing significant headwinds, VW has now been hit by a data protection nightmare. Location data from 800,000 electric vehicles and contact info from owners was accessible unprotected on the internet. And the company didn't even know about it.
Zapier says someone broke into its code repositories and may have customer data (theverge.com)
Zapier informed customers on Friday that an “unauthorized user” accessed “certain Zapier code repositories” and may have gained access to customer information as a result.
US employee screening giant DISA says hackers accessed data of 3M people (techcrunch.com)
DISA Global Solutions, a U.S.-based provider of employee screening services, has said it suffered a data breach that affects more than 3.3 million people.
A trove of leaked Black Basta logs expose the ransomware gang's members, victims (techcrunch.com)
A trove of chat logs allegedly belonging to the Black Basta ransomware group has leaked online, exposing key members of the prolific Russia-linked gang.