For those being notified or first learning about the #WIRED #databreach:

On December 25, I broke the story of how I had been contacted in November by "Lovely," who claimed to have discovered a vulnerability. They asked for help getting Condé Nast to respond to them. They claimed they were not seeking any bounty or payment and had only downloaded a few profiles as proof.

They showed me my own data.

Trying to help, I reached out to Condé Nast corporate as well as to a contact at #WIRED.

Condé Nast never responded to me -- or to "Lovely" who eventually showed their true colors as someone trying to extort Condé Nast.

Do they have more data? Yes, it appears they do.

@troyhunt verified the data leak and #HIBP has been notifying its affected subscribers.

Read more details in my blog post at https://databreaches.net/2025/12/25/conde-nast-gets-hacked-and-databreaches-gets-played-christmas-lump-of-coal-edition/

@zackwhittaker @campuscodi @gcluley @euroinfosec @ValeryMarchive

#databreach #dataleak #infosec #cybersecurity #incidentresponse

MongoBleed Explained Simply

https://bigdata.2minutestreaming.com/p/mongobleed-explained-simply

#HackerNews #MongoBleed #MongoDB #Security #TechExplained #DataBreach #CyberSecurity

For those being notified or first learning about the #WIRED #databreach:

On December 25, I broke the story of how I had been contacted in November by "Lovely," who claimed to have discovered a vulnerability. They asked for help getting Condé Nast to respond to them. They claimed they were not seeking any bounty or payment and had only downloaded a few profiles as proof.

They showed me my own data.

Trying to help, I reached out to Condé Nast corporate as well as to a contact at #WIRED.

Condé Nast never responded to me -- or to "Lovely" who eventually showed their true colors as someone trying to extort Condé Nast.

Do they have more data? Yes, it appears they do.

@troyhunt verified the data leak and #HIBP has been notifying its affected subscribers.

Read more details in my blog post at https://databreaches.net/2025/12/25/conde-nast-gets-hacked-and-databreaches-gets-played-christmas-lump-of-coal-edition/

@zackwhittaker @campuscodi @gcluley @euroinfosec @ValeryMarchive

#databreach #dataleak #infosec #cybersecurity #incidentresponse

#SoundCloud confirms breach after member data stolen, #VPN access disrupted

https://www.bleepingcomputer.com/news/security/soundcloud-confirms-breach-after-member-data-stolen-vpn-access-disrupted/

#cybersecurity #privacy #DataBreach

#SoundCloud confirms breach after member data stolen, #VPN access disrupted

https://www.bleepingcomputer.com/news/security/soundcloud-confirms-breach-after-member-data-stolen-vpn-access-disrupted/

#cybersecurity #privacy #DataBreach

PornHub Premium members data exposed after Mixpanel analytics breach

PornHub Premium members' sensitive data was compromised when the ShinyHunters gang breached third-party analytics provider Mixpanel through an SMS phishing attack, exposing 94GB of historical records including email addresses, viewing activity, search queries, and location data from 2021 or earlier. The attackers launched an extortion campaign threatening to publish the stolen data unless ransoms were paid.

**One more perfect example of why you should delete data of your former customers. It's a lot less trouble down the line. Also, why in the world would someone have an account with a porn site? If it happens on the internet it stays on the internet!**
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/pornhub-premium-members-data-exposed-after-mixpanel-analytics-breach-6-1-g-g-x/gD2P6Ple2L

Massive 16TB database leaks 4.3 billion professional records

An unsecured 16-terabyte MongoDB database containing approximately 4.3 billion professional records was exposed without authentication from November 23-25, 2025, including names, emails, phone numbers, work histories, and other personally identifiable information. It's suspected that the data set is owned by a data broker or a lead-generation company, but the researchers did not disclose any details.

**Data brokers are just greedy, but not at all good with their data protection. Because it's not their data, it's simply grabbed and abused.**
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/massive-16tb-database-leaks-4-3-billion-professional-records-v-8-u-f-u/gD2P6Ple2L

"Super secure" MAGA-themed messaging app leaks everyone's phone number

https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/

#HackerNews #SuperSecureApp #MAGALeaks #PrivacyConcerns #DataBreach #MessagingApp

Massive 16TB database leaks 4.3 billion professional records

An unsecured 16-terabyte MongoDB database containing approximately 4.3 billion professional records was exposed without authentication from November 23-25, 2025, including names, emails, phone numbers, work histories, and other personally identifiable information. It's suspected that the data set is owned by a data broker or a lead-generation company, but the researchers did not disclose any details.

**Data brokers are just greedy, but not at all good with their data protection. Because it's not their data, it's simply grabbed and abused.**
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/massive-16tb-database-leaks-4-3-billion-professional-records-v-8-u-f-u/gD2P6Ple2L

"The team found an unprotected MongoDB instance containing a staggering 16.14 terabytes of professional and corporate intelligence data. In total, researchers discovered nearly 4.3 billion documents, making it one of the largest lead-generation datasets to have ever leaked."

#leak #databreach #profiles
https://cybernews.com/security/database-exposes-billions-records-linkedin-data/

"The team found an unprotected MongoDB instance containing a staggering 16.14 terabytes of professional and corporate intelligence data. In total, researchers discovered nearly 4.3 billion documents, making it one of the largest lead-generation datasets to have ever leaked."

#leak #databreach #profiles
https://cybernews.com/security/database-exposes-billions-records-linkedin-data/

How did the ICO treat the most serious data breach in UK history? They did nothing.

The failure to investigate the Ministry of Defence for leaking data on over 19,000 Afghans is the final straw for this weak regulator.

ORG has led the call for an inquiry ⬇️

https://therecord.media/privacy-regulator-ico-collapse

#ICO #dataprotection #gdpr #privacy #databreach #ukpoliticd #ukpol

Fail, fail and fail again...

The UK Information Commissioner's Office has issued a weak reprimand to the Post Office for publishing the identities of Horizon’s victims.

The ICO's failure to enforce data protection law adds insult to injury for the victims of this scandal.

Read our response ⬇️

https://www.openrightsgroup.org/press-releases/the-ico-fails-to-take-action-over-the-post-office-horizon-scandal/

#ICO #dataprotection #PostOffice #HorizonScandal #privacy #databreach #ukpolitics #ukpol #gdpr

The UK Information Commissioner's Office's litany of failures to enforce data protection law cannot go on.

That's why ORG brought together over 70 organisations and experts to back our call for an inquiry into this submissive watchdog.

MPs must step up to keep our data safe and secure!

Find out more ⬇️

https://www.openrightsgroup.org/press-releases/70-organisations-and-experts-demand-action-over-failing-ico/

#ICO #dataprotection #PostOffice #HorizonScandal #privacy #databreach #ukpolitics #ukpol #gdpr

“This reprimand is a go ahead for public organisations in the UK to keep inflicting harm, knowing that the ICO will leave them off the hook.

The ICO should have, at the bare minimum, issued an enforcement notice that legally binds the Post Office to take action.”

🗣️ @marianods for ORG.

#ICO #dataprotection #PostOffice #HorizonScandal #privacy #databreach #ukpolitics #ukpol #gdpr