For those being notified or first learning about the #WIRED #databreach:

On December 25, I broke the story of how I had been contacted in November by "Lovely," who claimed to have discovered a vulnerability. They asked for help getting Condé Nast to respond to them. They claimed they were not seeking any bounty or payment and had only downloaded a few profiles as proof.

They showed me my own data.

Trying to help, I reached out to Condé Nast corporate as well as to a contact at #WIRED.

Condé Nast never responded to me -- or to "Lovely" who eventually showed their true colors as someone trying to extort Condé Nast.

Do they have more data? Yes, it appears they do.

@troyhunt verified the data leak and #HIBP has been notifying its affected subscribers.

Read more details in my blog post at https://databreaches.net/2025/12/25/conde-nast-gets-hacked-and-databreaches-gets-played-christmas-lump-of-coal-edition/

@zackwhittaker @campuscodi @gcluley @euroinfosec @ValeryMarchive

#databreach #dataleak #infosec #cybersecurity #incidentresponse

For those being notified or first learning about the #WIRED #databreach:

On December 25, I broke the story of how I had been contacted in November by "Lovely," who claimed to have discovered a vulnerability. They asked for help getting Condé Nast to respond to them. They claimed they were not seeking any bounty or payment and had only downloaded a few profiles as proof.

They showed me my own data.

Trying to help, I reached out to Condé Nast corporate as well as to a contact at #WIRED.

Condé Nast never responded to me -- or to "Lovely" who eventually showed their true colors as someone trying to extort Condé Nast.

Do they have more data? Yes, it appears they do.

@troyhunt verified the data leak and #HIBP has been notifying its affected subscribers.

Read more details in my blog post at https://databreaches.net/2025/12/25/conde-nast-gets-hacked-and-databreaches-gets-played-christmas-lump-of-coal-edition/

@zackwhittaker @campuscodi @gcluley @euroinfosec @ValeryMarchive

#databreach #dataleak #infosec #cybersecurity #incidentresponse

Wow, Vienna scientists received the complete WhatsApp member directory, containing 3.5 billion user entries. Yes, it’s just the directory, no messages, but the whole directory was available online - totally unprotected.

Any more reasons for not using WhatsApp required

#whatsapp #dataleak #privacy

https://www.heise.de/en/news/3-5-Billion-Accounts-Complete-WhatsApp-Directory-Retrieved-and-Evaluated-11083244.html

Wow, Vienna scientists received the complete WhatsApp member directory, containing 3.5 billion user entries. Yes, it’s just the directory, no messages, but the whole directory was available online - totally unprotected.

Any more reasons for not using WhatsApp required

#whatsapp #dataleak #privacy

https://www.heise.de/en/news/3-5-Billion-Accounts-Complete-WhatsApp-Directory-Retrieved-and-Evaluated-11083244.html

Remember that frustrating situation where some of us couldn't get a vendor to respond to notifications that court-sealed records and sensitive files were exposed? One entity eventually reached the vendor by phone and was so angry at their response that they wound up canceling their account with them.

Yesterday, I finally reached the second court entity. They, too, wound up telling the vendor to take the share down.

How many other clients may still have exposed data because the vendor tells clients that everything's fine when it isn't? I don't know. If you know any entity using Software Unlimited Corp software (not Software Unlimited Inc, but Software Unlimited CORP), you may want to point them to my coverage:

Original Report:
https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

Today's Update:
https://databreaches.net/2025/10/31/how-many-courts-have-had-sealed-and-sensitive-files-exposed-by-one-vendors-error/

#dataleak #vendor #incidentresponse #cybersecurity #SoftwareUnlimitedCorp #FTC #govsec

@zackwhittaker @euroinfosec @campuscodi @JayeLTee

Remember that frustrating situation where some of us couldn't get a vendor to respond to notifications that court-sealed records and sensitive files were exposed? One entity eventually reached the vendor by phone and was so angry at their response that they wound up canceling their account with them.

Yesterday, I finally reached the second court entity. They, too, wound up telling the vendor to take the share down.

How many other clients may still have exposed data because the vendor tells clients that everything's fine when it isn't? I don't know. If you know any entity using Software Unlimited Corp software (not Software Unlimited Inc, but Software Unlimited CORP), you may want to point them to my coverage:

Original Report:
https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

Today's Update:
https://databreaches.net/2025/10/31/how-many-courts-have-had-sealed-and-sensitive-files-exposed-by-one-vendors-error/

#dataleak #vendor #incidentresponse #cybersecurity #SoftwareUnlimitedCorp #FTC #govsec

@zackwhittaker @euroinfosec @campuscodi @JayeLTee

NEW, by me, the one some of you have been asking about:

Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records

https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.

#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA

@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs

NEW, by me, the one some of you have been asking about:

Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records

https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.

#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA

@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs

😭😭😭😭
Archive des fuites de données
https://www.funinformatique.com/fuite_de_donnees
#infosec#DataLeak#FuitesDeDonnées

So yesterday, I emailed a state court system that appears to be linked to the exposed data I mentioned recently and that the host notified on or about July 28.

No reply was received.

Today, I sent a contact form message to the lawyer for a juvenile whose records were sealed. Sealed, except 11 of them were exposed to anyone who can access the data. I told him what was going on and suggested he contact the court and tell them to get the data secured.

No reply was received.

Today, I sent an email to the judge who ordered the juvenile's records sealed and I cc:d the district attorney. I gave them the juvenile's name, case number and that I could see all the sealed records. I urged them to have their IT or vendor call me and I could give them the IP address over the phone, etc.

No reply was received.

Dear Russia, China, and North Korea:

You do not need to hack our courts. They are leaking like sieves and do not respond when we try to tell them they need to secure the data.

Yours in total frustration,

/Dissent

#infosec #cybersecurity #incident_response #dataleak #databreach#WAKETHEFUCKUP