Data Breaches & Leaks
Latest data breaches, leaks, and exposures
62 articles
A 2013 hack revealed Russia's drone program relied 90% on Chinese parts
A 2013 hack by Shaltai Boltai revealed Russia's MVD drone project was 90% reliant on Chinese electronics, exposing a critical supply chain vulnerabili
Anatomy of a heist: How North Korean hackers allegedly stole $290 million in crypto this year
A series of 2023 crypto heists totaling $290M has been linked to North Korea's Lazarus Group, exposing critical vulnerabilities in the DeFi space.
Grinex exchange blames 'Western intelligence' for $13.7M crypto hack, but evidence suggests an exit scam
A Kyrgyzstan-based crypto exchange claims a $13.7M hack by Western spies, but the lack of evidence and classic warning signs point to a probable exit
Over 100 malicious Chrome extensions found stealing data and creating backdoors
A detailed analysis of a coordinated campaign where over 100 malicious Chrome extensions compromised 4 million users, stealing data and creating backd
Kraken extortion attempt highlights the fine line between security research and crime
Cryptocurrency exchange Kraken revealed an extortion attempt after a “researcher” exploited a bug to steal $3M, blurring the line between hacking and
Over 100 Chrome extensions caught stealing user accounts and data
Over 100 malicious Chrome extensions with 1.6M+ downloads were found stealing Google OAuth tokens, enabling full account takeover and ad fraud.
Rockstar Games data leaked online following breach at analytics partner
Data allegedly belonging to Rockstar Games has been leaked by the ShinyHunters gang after a breach at third-party analytics vendor Anodot.
Passport numbers for more than 300,000 leaked during December Eurail data breach
Eurail.com suffered a major data breach, exposing passport numbers and other PII for over 300,000 customers after a hacker exploited an exposed API to
Hims breach exposes the most sensitive kinds of PHI
Telehealth giant Hims & Hers exposed sensitive health data of nearly 400,000 users, creating a severe risk of targeted blackmail, fraud, and extortion
The anatomy of a non-leak: How a public Orbán quote became a cybersecurity myth
A viral story claimed a 'leaked call' exposed a Hungarian leader's comments. The truth? It was a public interview. A case study in misinformation.
Breach exposes sensitive LAPD files stored in city attorney system
A deep dive into the LockBit ransomware attack on the LA City Attorney's office, which exposed 7.7 TB of sensitive LAPD files and personal data.
Massachusetts hospital diverts ambulances as cyberattack causes major disruption
A cyberattack on Signature Healthcare forced a Massachusetts hospital to divert ambulances and cancel services, highlighting the severe consequences o
The $280 million Drift Protocol hack that never happened: A case study in crypto misinformation
A fabricated $280M hack of Drift Protocol highlights the growing threat of misinformation in crypto, proving that a convincing lie can be as damaging
A Massachusetts hospital is diverting ambulances, revealing a healthcare system under digital siege
Signature Healthcare's ongoing cyberattack forces ambulance diversions and a return to paper records, highlighting the grave patient safety risks of c
Infinite Campus warns of breach after ShinyHunters claims data theft
Infinite Campus, a major K-12 student information system, confirms a data breach after the notorious ShinyHunters group attempted extortion.
When the watchdog gets bit: An analysis of the Trivy vulnerability scanner supply chain attack
A deep-dive analysis of the supply chain attack on Aqua's Trivy scanner, which saw hackers distribute the RedLine Stealer malware via official channel
TeamPCP hacks Checkmarx GitHub Actions using stolen CI credentials
A threat actor named TeamPCP has compromised two Checkmarx GitHub Actions, creating a major supply chain risk by stealing credentials from user workfl
European Commission confirms major data breach linked to software supply chain attack
Over 300GB of data, including personal information, was stolen from the European Commission in a supply chain attack targeting its AWS environment.
Blast radius of TeamPCP attacks expands amid hacker infighting
A complex web of supply chain attacks, data breaches, and conflicting claims from groups like TeamPCP, Lapsus$, and ShinyHunters creates chaos for def
Drift loses $285 million in durable nonce social engineering attack linked to DPRK
Solana-based DEX Drift has confirmed a $285 million loss after attackers used a novel social engineering attack involving durable nonces to seize cont
Popular LiteLLM PyPI package backdoored to steal credentials and auth tokens
A detailed analysis of the TeamPCP supply chain attack on the popular LiteLLM Python package, which aimed to steal cloud credentials and API tokens.
Drift protocol governance compromised in $3 million token minting exploit
A governance failure at Drift Protocol led to the unauthorized minting of $3M in tokens, debunking initial reports of a $280M hack linked to North Kor
Drift Protocol loses $280 million in sophisticated Security Council takeover
A deep-dive analysis of the $280M Drift Protocol hack, where attackers seized control of its Security Council, exposing critical centralization risks
European Commission investigating massive data theft claim by ShinyHunters
The ShinyHunters hacker group claims to have stolen 350GB of data from the European Commission, prompting a high-priority investigation in Brussels.