Hacker News with Generative AI: Data Breaches

Blue Shield says it shared health info on up to 4.7M patients with Google Ads (theregister.com)
US health insurance giant Blue Shield of California handed sensitive health information belonging to as many as 4.7 million members to Google's advertising empire, likely without these individuals' knowledge or consent.

Health Data, Privacy, Google Ads, Healthcare, Data Breaches

23 points by Bender 2 days ago | 2 comments

Ransomware scum bilked victims out of a 'staggering' $16.6B last year, says FBI (theregister.com)
Digital scammers and extortionists bilked businesses and individuals in the US out of a "staggering" $16.6 billion last year, according to the FBI — the highest losses recorded since bureau’s Internet Crime Complaint Center (IC3) started tracking them 25 years ago.

Cybersecurity, Crime, Data Breaches, FBI

9 points by LinuxBender 2 days ago | 0 comments

Blue Shield shared the private health data of millions with Google for years (techcrunch.com)
Health insurance giant Blue Shield of California is notifying millions of people of a data breach. The company confirmed on Wednesday that it had been sharing patients’ private health information with tech and advertising giant Google since 2021.

Data Privacy, Health Insurance, Google, Data Breaches

9 points by coloneltcb 3 days ago | 2 comments

Whistleblower: DOGE siphoned NLRB case data (krebsonsecurity.com)
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity.

Data Breaches, Cybersecurity, Labor Law, Elon Musk, Government Efficiency

35 points by todsacerdoti 4 days ago | 4 comments

Whistleblower: Doge came in, data went out, and Russians started to login (threadreaderapp.com)
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.

Cybersecurity, Whistleblower, Russia, Data Breaches

32 points by HatchedLake721 8 days ago | 9 comments

Government IT whistleblower calls out DOGE, says he was threatened at home (arstechnica.com)
A government whistleblower told lawmakers that DOGE's access to National Labor Relations Board (NLRB) systems went far beyond what was needed to analyze agency operations and apparently led to a data breach.

Government, Cybersecurity, Cryptocurrency, Labor, Data Breaches

25 points by sciurus 10 days ago | 6 comments

Russian Breach of US Data Through Doge over Starlink "Directly to Russia" (narativ.org)
Following up on his startling revelations today about how DOGE engineers accessed MLRB databases without authority, and that Russian IP addresses were used with recently created user IDs and passwords to access them, Daniel Berulis— speaking through his lawyer—followed up with a new bombshell that DOGE systems “were also connected to Starlink”.

Cybersecurity, Data Breaches, Russia, Ukraine, Starlink

39 points by thenaturalist 10 days ago | 9 comments

CRA accounts hacked after 28,000 social insurance numbers stolen in data breach (cbc.ca)
Imposters hacked into B.C. health-care workers’ CRA accounts after a massive breach of employees’ private identification from the B.C. government’s Interior Health authority, which runs hospitals and medical facilities in the southeastern part of the province, The Fifth Estate has learned.

Data Breaches, Security, Government, Healthcare, Canada

12 points by gnabgib 10 days ago | 1 comments

4Chan was hacked, its source code was leaked, admin emails were leaked (bsky.app)

Cybersecurity, Data Breaches, Hacking, Online Communities

6 points by napolux 11 days ago | 2 comments

4chan has been hacked, Database exposed (ycombinator.com)
4chan has been hacked, Database exposed

Cybersecurity, Hacking, Data Breaches

39 points by ds 11 days ago | 2 comments

Hertz says customers' personal data and driver's licenses stolen in data breach (techcrunch.com)
Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver’s licenses.

Data Breaches, Security, Privacy, Transportation, Business

45 points by gnabgib 11 days ago | 9 comments

Blue Shield Data Breach (Google Ads) (blueshieldca.com)
Blue Shield of California has begun notifying certain members of a potential data breach that may have included elements of their protected health information.

Data Breaches, Healthcare, Privacy, California

71 points by bix6 16 days ago | 50 comments

Leaked messages expose trade secrets of prolific Black Basta ransomware group (arstechnica.com)
A leak of 190,000 chat messages traded among members of the Black Basta ransomware group shows that it’s a highly structured and mostly efficient organization staffed by personnel with expertise in various specialities, including exploit development, infrastructure optimization, social engineering, and more.

Cybersecurity, Ransomware, Hacking, Data Breaches, Organized Crime

12 points by dangle1 17 days ago | 0 comments

Ask HN: Bugcrowd Forcing Password Reset (ycombinator.com)
Anybody else getting a suspicious e-mail from Bugcrowd to reset your password? Seems their user data has been leaked or infiltrated?

Security, Data Breaches, Bugcrowd

12 points by xyst 18 days ago | 5 comments

Oracle says its cloud was in fact compromised (theregister.com)
Oracle has briefed some customers about a successful intrusion into its public cloud, as well as the theft of their data, after previously denying it had been compromised.

Cybersecurity, Cloud Computing, Data Breaches

7 points by LinuxBender 18 days ago | 1 comments

Oracle privately confirms Cloud breach to customers (bleepingcomputer.com)
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017, Bloomberg reported.

Cybersecurity, Data Breaches, Oracle, Cloud Computing

6 points by frenchtoast8 22 days ago | 1 comments

GitHub found 39M secret leaks in 2024. Here's what we're doing to help (github.blog)
If you know where to look, exposed secrets are easy to find. Secrets are supposed to prevent unauthorized access, but in the wrong hands, they can be—and typically are—exploited in seconds.

Security, Data Breaches, Software Development, GitHub

7 points by gnabgib 24 days ago | 1 comments

Hacking the call records of millions of Americans (evanconnelly.github.io)
Imagine if anyone could punch in a phone number from the largest U.S. cell carrier and instantly retrieve a list of its recent incoming calls—complete with timestamps—without compromising the device, guessing a password, or alerting the user.

Privacy, Cybersecurity, Data Breaches, Telecommunications

156 points by voxadam 24 days ago | 33 comments

2.8B Twitter IDs Leaked (forbes.com)
Elon Musk’s social media platform, X, is no stranger to the news. What with the reported purchase of X by xAI for $33 billion, attackers claiming responsibility for platform outages, and X password scams targeting users. Now, another shock awaits the users of what used to be Twitter: a self-proclaimed data enthusiast has just given away what is claimed to be a database containing details of some 200 million X user records. Here’s what we know so far.

Data Breaches, Social Media, Security, Privacy, Elon Musk

9 points by EVa5I7bHFq9mnYK 24 days ago | 6 comments

Breach of X allegedly leaks over 200M users' email addresses (mashable.com)
An alleged X data breach has leaked the email addresses of more than 200 million users.

Data Breaches, Security, Social Media, Privacy

16 points by tantalor 25 days ago | 0 comments

Over 200M Records Allegedly Belonging to X Leaked Online (safetydetectives.com)

Data Breaches, Cybersecurity, Privacy, X (company)

16 points by RankingMember 25 days ago | 1 comments

Oracle Cloud security SNAFU latest: IT giant's pedantry as evidence vanishes (theregister.com)
Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly – it may be scrubbing the web of evidence, too.

Cybersecurity, Cloud Computing, Oracle, Data Breaches

7 points by rntn 25 days ago | 0 comments

Twitter (X) Hit by Data Leak of 2.8B Users – Allegedly an Insider Job (hackread.com)
A data leak involving a whopping 2.87 billion Twitter (X) users has surfaced on the infamous Breach Forums.

Data Breaches, Social Media, Security, Twitter

115 points by CHEF-KOCH 28 days ago | 15 comments

Oracle Health (formerly Cerner) breach compromises patient data at US hospitals (bleepingcomputer.com)
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.

Cybersecurity, Healthcare, Data Breaches, Oracle, Cerner

23 points by dinosor 28 days ago | 0 comments

Private Data and Passwords of Senior U.S. Security Officials Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.

Cybersecurity, Privacy, Data Breaches, Government, United States

39 points by JumpCrisscross 29 days ago | 4 comments

Private Data and Passwords of Senior U.S. Security Officials Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.

Cybersecurity, Politics, Data Breaches, Security Officials

10 points by payamb 30 days ago | 0 comments

Oracle customers confirm data stolen in alleged cloud breach is valid (bleepingcomputer.com)
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.

Cybersecurity, Data Breaches, Oracle, Cloud Computing

347 points by el_duderino 31 days ago | 82 comments

A Sneaky Phish Just Grabbed My Mailchimp Mailing List (troyhunt.com)
You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing list for this blog. I'm deliberately keeping this post very succinct to ensure the message goes out to my impacted subscribers ASAP, then I'll update the post with more details.

Security, Email Marketing, Data Breaches, Mailchimp

120 points by gpi 32 days ago | 70 comments

Despite evidence, Oracle Cloud denies break-in as pilfered info goes on sale (theregister.com)
Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen.

Cybersecurity, Cloud Computing, Oracle, Data Breaches

17 points by rntn 33 days ago | 0 comments

Krispy Kreme Cyber Attack a Wake-Up Call for the Food Industry (secureworld.io)
If you ask a layperson which industries they expect to come under attack from cyberattacks, they'll probably highlight targets like banks, infrastructure, or big tech. But one of the most high-profile cyberattacks in 2024 was against Krispy Kreme. Is nothing sacred anymore, when even our doughnuts aren't safe?

Cybersecurity, Food Industry, Business, Data Breaches

6 points by mooreds 34 days ago | 0 comments