Alex Akselrod
boosted
Major breach of an emergency notification provider (CodeRed/Onsolve), which is a very bad thing.
“Dear Valued Customer,
Further to our previous communications, we’d like to provide you with an update regarding the cybersecurity incident which damaged the OnSolve CodeRED environment in a targeted attack by an organized cybercriminal group. Our forensic analysis continues to indicate that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond.
We have learned that data associated with the legacy OnSolve CodeRED platform was removed from our systems. While there is currently no indication that this data has been published online, we are proactively informing you that it may be leaked.
It appears that the impacted dataset may contain contact information of OnSolve CodeRED users: name, address, email address, phone numbers, and/or associated passwords used to create user profiles for alerts. If the same password is used by users for any other personal or business accounts, those passwords should be changed immediately.”
https://dcsheriff.net/important-nationwide-codered-outage-data-breach-update/
Major breach of an emergency notification provider (CodeRed/Onsolve), which is a very bad thing.
“Dear Valued Customer,
Further to our previous communications, we’d like to provide you with an update regarding the cybersecurity incident which damaged the OnSolve CodeRED environment in a targeted attack by an organized cybercriminal group. Our forensic analysis continues to indicate that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond.
We have learned that data associated with the legacy OnSolve CodeRED platform was removed from our systems. While there is currently no indication that this data has been published online, we are proactively informing you that it may be leaked.
It appears that the impacted dataset may contain contact information of OnSolve CodeRED users: name, address, email address, phone numbers, and/or associated passwords used to create user profiles for alerts. If the same password is used by users for any other personal or business accounts, those passwords should be changed immediately.”
https://dcsheriff.net/important-nationwide-codered-outage-data-breach-update/
Em :official_verified:
boosted
They say "no sensitive information" was compromised, after a data breach involving real names, email addresses, phone numbers, and physical addresses.
That's some serious bullshit right there.
That is, in fact, "sensitive information," you idiots.
#infosec #privacy #DoorDash #breach
DoorDash confirms data breach impacting users’ phone numbers and physical addresses | TechCrunch
https://techcrunch.com/2025/11/17/doordash-confirms-data-breach-impacting-users-phone-numbers-and-physical-addresses/
They say "no sensitive information" was compromised, after a data breach involving real names, email addresses, phone numbers, and physical addresses.
That's some serious bullshit right there.
That is, in fact, "sensitive information," you idiots.
#infosec #privacy #DoorDash #breach
DoorDash confirms data breach impacting users’ phone numbers and physical addresses | TechCrunch
https://techcrunch.com/2025/11/17/doordash-confirms-data-breach-impacting-users-phone-numbers-and-physical-addresses/
I have recordings proving Coinbase knew about breach months before disclosure
https://jonathanclark.com/posts/coinbase-breach-timeline.html
#HackerNews #Coinbase #Breach #Disclosure #Breach #Timeline #Security #Concerns #Cryptocurrency
Oops
BleepingComputer: Hyundai AutoEver America data breach exposes SSNs, drivers licenses
"...Its role is to supply IT solutions and services tailored to the automotive industry, particularly for Hyundai and Kia affiliates, including vehicle telematics, OTA (over-the-air) updates, maps, vehicle connectivity, embedded systems, and autonomous driving systems...."
Looks like somebody broke into #atari's #Sendgrid account and used it to send a bunch of phishing emails.
No explanation given for how; perhaps @zackwhittaker can wheedle it out of them.
Since it says here that they've "secured" the account, my guess is a bad password (or infostealer) + no #2FA. The most obvious explanation is usually the correct one.
Though I suppose a cracked Lastpass vault is also a possibility.
#infosec #breach
Stefano Marinelli
boosted
Wow, the damage from that Red Hat GitLab breach seems to be getting worse by the day. Jeez.
The Crimson Collective, the cybercriminal gang claiming responsibility for breaching the repo and stealing over 500GB of data, now seems to be collaborating with other cybercriminal gangs to extort Red Hat.
From the article, the cybercrim alliance:
"threatens to publish a "multi terabyte of data haul of your most sensitive intellectual property" and accuses Red Hat of failing to safeguard what it claims are trade secrets and personal data, invoking GDPR and US state privacy laws. It also reckons Red Hat's doors were kicked in on September 13 – weeks before the company came clean about the break-in."
https://www.theregister.com/2025/10/07/red_hat_breach_new_claims/?td=rt-9bp
#redhat #gitlab #news #technews #cyberattack #breach #cybersecurity #security #cybercrime #crime #extortion
Wow, the damage from that Red Hat GitLab breach seems to be getting worse by the day. Jeez.
The Crimson Collective, the cybercriminal gang claiming responsibility for breaching the repo and stealing over 500GB of data, now seems to be collaborating with other cybercriminal gangs to extort Red Hat.
From the article, the cybercrim alliance:
"threatens to publish a "multi terabyte of data haul of your most sensitive intellectual property" and accuses Red Hat of failing to safeguard what it claims are trade secrets and personal data, invoking GDPR and US state privacy laws. It also reckons Red Hat's doors were kicked in on September 13 – weeks before the company came clean about the break-in."
https://www.theregister.com/2025/10/07/red_hat_breach_new_claims/?td=rt-9bp
#redhat #gitlab #news #technews #cyberattack #breach #cybersecurity #security #cybercrime #crime #extortion
Missed opportunity to use surprised_pikachu.jpg as a link preview image here
https://www.theverge.com/news/792032/discord-customer-service-data-breach-hack
maco
boosted
My information was leaked during a breach of the ParkMobile app.
As part of the class action lawsuit that was settled with the company for mishandling my information, I am awarded...
...one dollar.
To be paid out as a... 25 cent discount... over four uses.
Well la dee dah.
My information was leaked during a breach of the ParkMobile app.
As part of the class action lawsuit that was settled with the company for mishandling my information, I am awarded...
...one dollar.
To be paid out as a... 25 cent discount... over four uses.
Well la dee dah.
Alex, the Hearth Fire
boosted
#PSA: Lovense bug leaks user email addresses and allows for account takeovers.
Patch supposedly already fixed account takeovers (I noticed I was logged out unexpectedly on Sunday night/Monday morning). Email leak to be fixed soon (hopefully).
#PSA: Lovense bug leaks user email addresses and allows for account takeovers.
Patch supposedly already fixed account takeovers (I noticed I was logged out unexpectedly on Sunday night/Monday morning). Email leak to be fixed soon (hopefully).
🚨 Breaking news: Supabase's new "Lethal Trifecta" feature ensures entire databases leak faster than a sieve 🏃♀️💨! With the innovative combo of LLM blunders, zero #security, and an express delivery system for #data breaches, it's a hacker's dream come true 😅🔓!
https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/ #Supabase#Lethal#Trifecta #breach #database #hacker #news#HackerNews #ngated