⚠️ 2.5 billion Gmail users endangered after Google database hack | PC World
「 In these scam attempts, attackers are trying to take over Gmail accounts by triggering alleged “account resets” and then intercepting passwords to subsequently lock out the account holders. Another attack method involves “dangling buckets” (i.e., outdated access addresses) to steal data from or inject malware into Google Cloud 」
2.5B Gmail users endangered after Google database hack
#HackerNews#GmailHack#GoogleDatabase#CyberSecurity#DataBreach#UserSafety
2.5B Gmail users endangered after Google database hack
#HackerNews#GmailHack#GoogleDatabase#CyberSecurity#DataBreach#UserSafety
Hacked Monster Energy 💀
They think their customers are "lower income Caucasian males (skews Hispanic)" and left their ENTIRE file system exposed.
https://bobdahacker.com/blog/monster-energy
#InfoSec#Security#DataBreach#MonsterEnergy#Vulnerability#CyberSecurity#ResponsibleDisclosure#BugBounty
Hacked Monster Energy 💀
They think their customers are "lower income Caucasian males (skews Hispanic)" and left their ENTIRE file system exposed.
https://bobdahacker.com/blog/monster-energy
#InfoSec#Security#DataBreach#MonsterEnergy#Vulnerability#CyberSecurity#ResponsibleDisclosure#BugBounty
「 Workday, a company that provides human resources technology to over 11,000 corporations and 70 million users worldwide, announced in a classic Friday news dump that it suffered a data breach 」
So yesterday, I emailed a state court system that appears to be linked to the exposed data I mentioned recently and that the host notified on or about July 28.
No reply was received.
Today, I sent a contact form message to the lawyer for a juvenile whose records were sealed. Sealed, except 11 of them were exposed to anyone who can access the data. I told him what was going on and suggested he contact the court and tell them to get the data secured.
No reply was received.
Today, I sent an email to the judge who ordered the juvenile's records sealed and I cc:d the district attorney. I gave them the juvenile's name, case number and that I could see all the sealed records. I urged them to have their IT or vendor call me and I could give them the IP address over the phone, etc.
No reply was received.
Dear Russia, China, and North Korea:
You do not need to hack our courts. They are leaking like sieves and do not respond when we try to tell them they need to secure the data.
Yours in total frustration,
/Dissent
#infosec #cybersecurity #incident_response #dataleak #databreach#WAKETHEFUCKUP
So yesterday, I emailed a state court system that appears to be linked to the exposed data I mentioned recently and that the host notified on or about July 28.
No reply was received.
Today, I sent a contact form message to the lawyer for a juvenile whose records were sealed. Sealed, except 11 of them were exposed to anyone who can access the data. I told him what was going on and suggested he contact the court and tell them to get the data secured.
No reply was received.
Today, I sent an email to the judge who ordered the juvenile's records sealed and I cc:d the district attorney. I gave them the juvenile's name, case number and that I could see all the sealed records. I urged them to have their IT or vendor call me and I could give them the IP address over the phone, etc.
No reply was received.
Dear Russia, China, and North Korea:
You do not need to hack our courts. They are leaking like sieves and do not respond when we try to tell them they need to secure the data.
Yours in total frustration,
/Dissent
#infosec #cybersecurity #incident_response #dataleak #databreach#WAKETHEFUCKUP
¯\_(ツ)_/¯
「 The information stolen includes demographic data, names, addresses, dates of birth, Social Security numbers, health insurance information and other clinical information like health conditions, dialysis lab test results and treatment information 」
#ransomware #databreach #cybersecurity
https://therecord.media/davita-dialysis-company-ransomware-attack-data-breach-notifications
💧 Supabase MCP can leak your entire SQL database
「 The cursor assistant operates the Supabase database with elevated access via the service_role, which bypasses all row-level security (RLS) protections. At the same time, it reads customer-submitted messages as part of its input. If one of those messages contains carefully crafted instructions, the assistant may interpret them as commands and execute SQL unintentionally 」
https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/
TalentHook leaks resumes of 26 Million job seekers
TalentHook, a cloud-based applicant tracking system, exposed nearly 26 million job seekers' resumes and personal information through a misconfigured Azure Blob storage container that was publicly accessible to anyone with the URL.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/talenthook-leaks-resumes-of-26-million-job-seekers-7-7-s-s-2/gD2P6Ple2L
"No doubt hoping to mitigate worries about exposing physical addresses, the airline said its investigations showed that many of these were years old and potentially outdated,"
Why were you still storing them, then?
https://www.theregister.com/2025/07/09/qantas_begins_telling_customers_data
"No doubt hoping to mitigate worries about exposing physical addresses, the airline said its investigations showed that many of these were years old and potentially outdated,"
Why were you still storing them, then?
https://www.theregister.com/2025/07/09/qantas_begins_telling_customers_data
TalentHook leaks resumes of 26 Million job seekers
TalentHook, a cloud-based applicant tracking system, exposed nearly 26 million job seekers' resumes and personal information through a misconfigured Azure Blob storage container that was publicly accessible to anyone with the URL.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/talenthook-leaks-resumes-of-26-million-job-seekers-7-7-s-s-2/gD2P6Ple2L
Paraguay hit by catastrophic data breach as hacktivists leak personal data of entire population
Paraguay suffered one of the most devastating national data breaches in history when hackers leaked personal information of approximately 7.4 million citizens (essentially the entire population) on June 13, 2025, after the government refused to pay a $7.4 million ransom demand from "Brigada Cyber PMC." The attack began with Redline infostealer malware compromising government employee credentials at the Ministry of Public Health and Social Welfare, enabling hackers to slowly exfiltrate data.
Infostealers are extremely dangerous. Especially on government system accounts.
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/paraguay-hit-by-catastrophic-data-breach-as-hacktivists-leak-personal-data-of-entire-population-0-p-p-d-m/gD2P6Ple2L
As expected, more details are emerging in other news outlets about the arrest of #ShinyHunters.
One detail I noted is that ShinyHunters is suspected of being responsible for the attacks on #LVMH, which is the high-end brand associated with Tiffany and Dior, who both reported breaches this year. Although there had been some speculation that #ScatteredSpider might be responsible for those breaches, it appears that ShinyHunters was allegedly responsible.
There have been a number of hacks this year where it is not clear -- in the absence of law enforcement confirmation -- whether a #databreach has been by Scattered Spider or ShinyHunters, or whether they have collaborated with one doing the hacking and the other doing the extortion. I predict in weeks/months to come, we will be given a pretty big list of big hacks that ShinyHunters has been involved in this year.
As I reported in my coverage of the PowerSchool hack and prosecution of Matthew Lane, ShinyHunters' name has been linked to that one, too, but was not named as a co-conspirator.
This is where I should write "This is a developing story..." huh?
😮💨 16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now
“This is not just a leak – it’s a blueprint for mass exploitation,” the researchers said. And they are right. These credentials are ground zero for phishing attacks and account takeover. “These aren’t just old breaches being recycled,” they warned, “this is fresh, weaponizable intelligence at scale.”
Coinbase says its data breach affects at least 69,000 customers• @TechCrunch
「 In a blog post, Coinbase said the hacker demanded $20 million in a ransom payment to delete the data, which Coinbase refused to pay. The company said the hacker bribed Coinbase customer support workers into accessing customers’ data over a period of several months 」
https://techcrunch.com/2025/05/21/coinbase-says-its-data-breach-affects-at-least-69000-customers/
A space for Bonfire maintainers and contributors to communicate
