Hacker News with Generative AI: Data Breaches

Blue Shield says it shared health info on up to 4.7M patients with Google Ads (theregister.com)
US health insurance giant Blue Shield of California handed sensitive health information belonging to as many as 4.7 million members to Google's advertising empire, likely without these individuals' knowledge or consent.
Ransomware scum bilked victims out of a 'staggering' $16.6B last year, says FBI (theregister.com)
Digital scammers and extortionists bilked businesses and individuals in the US out of a "staggering" $16.6 billion last year, according to the FBI — the highest losses recorded since bureau’s Internet Crime Complaint Center (IC3) started tracking them 25 years ago.
Blue Shield shared the private health data of millions with Google for years (techcrunch.com)
Health insurance giant Blue Shield of California is notifying millions of people of a data breach. The company confirmed on Wednesday that it had been sharing patients’ private health information with tech and advertising giant Google since 2021.
Whistleblower: DOGE siphoned NLRB case data (krebsonsecurity.com)
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity.
Whistleblower: Doge came in, data went out, and Russians started to login (threadreaderapp.com)
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.
Government IT whistleblower calls out DOGE, says he was threatened at home (arstechnica.com)
A government whistleblower told lawmakers that DOGE's access to National Labor Relations Board (NLRB) systems went far beyond what was needed to analyze agency operations and apparently led to a data breach.
Russian Breach of US Data Through Doge over Starlink "Directly to Russia" (narativ.org)
Following up on his startling revelations today about how DOGE engineers accessed MLRB databases without authority, and that Russian IP addresses were used with recently created user IDs and passwords to access them, Daniel Berulis— speaking through his lawyer—followed up with a new bombshell that DOGE systems “were also connected to Starlink”.
CRA accounts hacked after 28,000 social insurance numbers stolen in data breach (cbc.ca)
Imposters hacked into B.C. health-care workers’ CRA accounts after a massive breach of employees’ private identification from the B.C. government’s Interior Health authority, which runs hospitals and medical facilities in the southeastern part of the province, The Fifth Estate has learned.
4Chan was hacked, its source code was leaked, admin emails were leaked (bsky.app)
4chan has been hacked, Database exposed (ycombinator.com)
4chan has been hacked, Database exposed
Hertz says customers' personal data and driver's licenses stolen in data breach (techcrunch.com)
Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver’s licenses.
Blue Shield Data Breach (Google Ads) (blueshieldca.com)
Blue Shield of California has begun notifying certain members of a potential data breach that may have included elements of their protected health information.
Leaked messages expose trade secrets of prolific Black Basta ransomware group (arstechnica.com)
A leak of 190,000 chat messages traded among members of the Black Basta ransomware group shows that it’s a highly structured and mostly efficient organization staffed by personnel with expertise in various specialities, including exploit development, infrastructure optimization, social engineering, and more.
Ask HN: Bugcrowd Forcing Password Reset (ycombinator.com)
Anybody else getting a suspicious e-mail from Bugcrowd to reset your password? Seems their user data has been leaked or infiltrated?
Oracle says its cloud was in fact compromised (theregister.com)
Oracle has briefed some customers about a successful intrusion into its public cloud, as well as the theft of their data, after previously denying it had been compromised.
Oracle privately confirms Cloud breach to customers (bleepingcomputer.com)
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017, Bloomberg reported.
GitHub found 39M secret leaks in 2024. Here's what we're doing to help (github.blog)
If you know where to look, exposed secrets are easy to find. Secrets are supposed to prevent unauthorized access, but in the wrong hands, they can be—and typically are—exploited in seconds.
Hacking the call records of millions of Americans (evanconnelly.github.io)
Imagine if anyone could punch in a phone number from the largest U.S. cell carrier and instantly retrieve a list of its recent incoming calls—complete with timestamps—without compromising the device, guessing a password, or alerting the user.
2.8B Twitter IDs Leaked (forbes.com)
Elon Musk’s social media platform, X, is no stranger to the news. What with the reported purchase of X by xAI for $33 billion, attackers claiming responsibility for platform outages, and X password scams targeting users. Now, another shock awaits the users of what used to be Twitter: a self-proclaimed data enthusiast has just given away what is claimed to be a database containing details of some 200 million X user records. Here’s what we know so far.
Breach of X allegedly leaks over 200M users' email addresses (mashable.com)
An alleged X data breach has leaked the email addresses of more than 200 million users.
Over 200M Records Allegedly Belonging to X Leaked Online (safetydetectives.com)
Oracle Cloud security SNAFU latest: IT giant's pedantry as evidence vanishes (theregister.com)
Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly – it may be scrubbing the web of evidence, too.
Twitter (X) Hit by Data Leak of 2.8B Users – Allegedly an Insider Job (hackread.com)
A data leak involving a whopping 2.87 billion Twitter (X) users has surfaced on the infamous Breach Forums.
Oracle Health (formerly Cerner) breach compromises patient data at US hospitals (bleepingcomputer.com)
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.
Private Data and Passwords of Senior U.S. Security Officials Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.
Private Data and Passwords of Senior U.S. Security Officials Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.
Oracle customers confirm data stolen in alleged cloud breach is valid (bleepingcomputer.com)
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.
A Sneaky Phish Just Grabbed My Mailchimp Mailing List (troyhunt.com)
You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing list for this blog. I'm deliberately keeping this post very succinct to ensure the message goes out to my impacted subscribers ASAP, then I'll update the post with more details.
Despite evidence, Oracle Cloud denies break-in as pilfered info goes on sale (theregister.com)
Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen.
Krispy Kreme Cyber Attack a Wake-Up Call for the Food Industry (secureworld.io)
If you ask a layperson which industries they expect to come under attack from cyberattacks, they'll probably highlight targets like banks, infrastructure, or big tech. But one of the most high-profile cyberattacks in 2024 was against Krispy Kreme. Is nothing sacred anymore, when even our doughnuts aren't safe?