#Tag
A surprising amount can be read from the data, and for some users, it can be life-threatening.
The entire WhatsApp profile database (including correlatable phone numbers and face photos) leaked.
A surprising amount can be read from the data, and for some users, it can be life-threatening.
The entire WhatsApp profile database (including correlatable phone numbers and face photos) leaked.
I caught Google Gemini using my data–and then covering it up
https://unbuffered.stream/gemini-personal-context/
#HackerNews #GoogleGemini #DataPrivacy #DataBreach #CoverUp #TechNews
Possibile databreach sui sistemi di Almaviva (sulla commessa Ferrovie?)
Presunto #Databreach (2,3 TB) Almaviva S.P.A. .... direi, non bene.
Magari, il #GarantePrivacy è interessato ad approfondire 🤔
High confidence of a data breach targeting the UK 🇬🇧 Government Administration sector. Alleged leak of Ministry of Justice court documents. #DataBreach #CyberSecurity #ThreatIntel
The #Discord breach is yet another example of why no online service should ever be required or even permitted to accept uploaded ID images. If it's necessary to verify ID, or at least age, either do it on device or through an in-person service, or cease operating in the jurisdiction till that necessity ends.
Every one of these services is a data breach waiting to happen, and once the identity documents are breached, as well as being means to identity theft, they can be used for impersonation on every other service requiring uploaded ID. And the ability to re-use the uploaded ID proves the futility of that form of verification anyway.
Just like biometrics, visual verification of ID cards only has security value when done in-person. All the requirements of ID image uploading are just security theatre, which shift liability from the service to the user while magnifying the harm to which they're exposed.
#DiscordBreach #dataBreach #privacy #ageVerification #chatControl
Hackers can steal 2FA codes and private messages from Android phones
> Android devices are vulnerable to a new attack that can covertly steal 2FA codes, location timelines, and other private data in less than 30 seconds.
> The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet.
> The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.
https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/ #Android #Cybersecurity #InfoSec #2FA #Privacy #Pixnapping #GooglePixel #Samsung #MobileSecurity #DataBreach #ZeroDay #TechNews #Hacking
Hackers can steal 2FA codes and private messages from Android phones
> Android devices are vulnerable to a new attack that can covertly steal 2FA codes, location timelines, and other private data in less than 30 seconds.
> The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet.
> The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.
https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/ #Android #Cybersecurity #InfoSec #2FA #Privacy #Pixnapping #GooglePixel #Samsung #MobileSecurity #DataBreach #ZeroDay #TechNews #Hacking
Welp, there it is. Can't say much about the data due to the injunction Qantas took out, but it's now public, on both the clear- and dark webs.
Welp, there it is. Can't say much about the data due to the injunction Qantas took out, but it's now public, on both the clear- and dark webs.
"A catastrophic breach has impacted Discord user data including selfies and identity documents uploaded as part of the app’s verification process, email addresses, phone numbers, approximately where the user lives, and much more.
The hack, carried out by a group that is attempting to extort Discord, shows in stark terms the risk of tech companies collecting users’ identity documents, and specifically in the context of verifying their age. Discord started asking users in the UK, for example, to upload a selfie with their ID as part of the country’s age verification law recently.
“This is about to get really ugly,” the hackers wrote in a Telegram channel, which 404 Media joined, while posting user data on Wednesday. A source with knowledge of the breach confirmed to 404 Media that the data is legitimate. 404 Media granted the source anonymity to speak candidly about a sensitive incident."
https://www.404media.co/the-discord-hack-is-every-users-worst-nightmare/
Well, that didn't take very long.
https://www.theguardian.com/games/2025/oct/07/discord-data-breach-proof-of-age-id-leaked
Well, that didn't take very long.
https://www.theguardian.com/games/2025/oct/07/discord-data-breach-proof-of-age-id-leaked
The #Discord breach is yet another example of why no online service should ever be required or even permitted to accept uploaded ID images. If it's necessary to verify ID, or at least age, either do it on device or through an in-person service, or cease operating in the jurisdiction till that necessity ends.
Every one of these services is a data breach waiting to happen, and once the identity documents are breached, as well as being means to identity theft, they can be used for impersonation on every other service requiring uploaded ID. And the ability to re-use the uploaded ID proves the futility of that form of verification anyway.
Just like biometrics, visual verification of ID cards only has security value when done in-person. All the requirements of ID image uploading are just security theatre, which shift liability from the service to the user while magnifying the harm to which they're exposed.
#DiscordBreach #dataBreach #privacy #ageVerification #chatControl
A space for Bonfire maintainers and contributors to communicate
