CyberSecurity news
FlagThis - #dataleak
|
@siliconangle.com - 61d
A significant data leak has exposed the location data of approximately 800,000 Volkswagen electric vehicles, including models from VW, Audi, Seat, and Skoda. This breach was a result of a cloud misconfiguration within Volkswagen's software subsidiary, Cariad, which stores data on Amazon Web Services. The leaked data included real-time GPS locations, with some being accurate to within ten centimeters, along with other sensitive information. The issue came to light after a whistleblower alerted the German newspaper Der Spiegel, and security researchers from the Chaos Computer Club also helped uncover the leak.
The exposed data potentially allows for the tracking of vehicle locations and could be linked to vehicle owners, their names, and contact details. This raises serious privacy concerns, and in some instances, it was possible to even determine the travel patterns of individuals, including two German politicians. The incident highlights the critical importance of robust cloud security practices by automotive manufacturers and their software subsidiaries. While Volkswagen claims accessing the data required bypassing security mechanisms, it underscores the severe consequences of mishandling sensitive customer information. Recommended read:
References :
Zack Whittaker@techcrunch.com - 77d
UnitedHealthcare's Optum recently experienced a security lapse, exposing an internal AI chatbot to the public internet. This chatbot, designed for employees to ask questions about claims and related procedures, was accessible without a password. A security researcher discovered the vulnerability, and TechCrunch was able to verify it before Optum took the chatbot offline. While it's not believed that the chatbot contained sensitive patient data, its exposure raises concerns about the security practices surrounding internal AI tools, particularly as UnitedHealth faces scrutiny over its broader use of AI.
The chatbot, described by an Optum spokesperson as a "demo tool" for proof of concept, maintained a history of employee inquiries, including questions like "What should be the determination of the claim" and "How do I check policy renewal date." Interestingly the bot also produced a seven paragraph rhyming poem about denying health claims when asked. Optum has since stated that the tool was never put into production and the site is no longer accessible. They have confirmed that the tool did not use or contain any protected health information. Recommended read:
References :
Amar Ćemanović@CyberInsider - 2d
Have I Been Pwned (HIBP) has recently integrated a massive dataset of 23 billion rows of stolen credentials from the ALIEN TXTBASE stealer logs. This integration has exposed 284 million unique email addresses that were compromised through infostealer malware. The data, which includes 244 million previously unseen passwords, was originally shared on the Telegram channel ALIEN TXTBASE. HIBP users who are signed up to be notified when their emails appear in a database dump will receive a notification email. All users can also check manually via the service’s website.
This staggering collection of information is a result of likely millions of people's computers being infected by one or more data-stealing malware strains. This addition of stolen credentials highlights the scale of unstoppable infostealer malware. HIBP has also added 244 million new compromised passwords to Pwned Passwords. Recommended read:
References :
@www.cnbc.com - 30d
DeepSeek AI, a rapidly growing Chinese AI startup, has suffered a significant data breach, exposing a database containing over one million log lines of sensitive information. Security researchers at Wiz discovered the exposed ClickHouse database was publicly accessible and unauthenticated, allowing full control over database operations without any defense mechanisms. The exposed data included user chat histories, secret API keys, backend details, and other highly sensitive operational metadata. This exposure allowed potential privilege escalation within the DeepSeek environment.
The Wiz research team identified the vulnerability through standard reconnaissance techniques on publicly accessible domains and by discovering unusual, open ports linked to DeepSeek. The affected database was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000. Researchers noted the ease of discovery of the exposed data and the potential for malicious actors to have accessed it. DeepSeek has been contacted by security researchers, and has now secured the database after the discovery, however, it remains unclear if unauthorized third-parties were also able to access the information. Recommended read:
References :
@www.bleepingcomputer.com - 42d
Hotel management platform Otelier has suffered a significant data breach, compromising the personal information and hotel reservations of millions of guests. The breach occurred after threat actors gained access to Otelier's Amazon S3 cloud storage. This allowed them to steal a large amount of sensitive data, reportedly close to eight terabytes. The affected hotel brands include major names like Marriott, Hilton, and Hyatt, raising concerns about widespread impact.
The stolen data includes personally identifiable information and reservation details, which could potentially expose guests to identity theft and various types of fraud. Otelier has confirmed the data breach and stated that they are communicating with their impacted customers. The initial breach is said to have started in July 2024 and continued through October of the same year. This extended access allowed the attackers to exfiltrate the substantial amount of data that they are now believed to have. Recommended read:
References :
Pierluigi Paganini@Security Affairs - 21h
References:
securityaffairs.com
, The420.in
,
The LockBit ransomware group has targeted newly appointed FBI Director Kash Patel with an alleged "birthday gift" consisting of leaked classified documents. LockBitSupp, the group's alleged leader, posted a message on February 25, 2025, mocking Patel and claiming the group possesses sensitive data that could "destroy" the FBI. This incident raises serious cybersecurity concerns about potential data breaches targeting high-profile individuals and agencies.
The post, found on LockBit's dark leak blog, describes an "archive of classified information" containing over 250 folders of materials dating back to May 29, 2024. This stolen data is presented as a "guide, roadmap, and some friendly advice" to the new FBI Director. The ransomware cartel's actions represent a bold threat, highlighting the increasing sophistication and audacity of cybercriminals targeting government entities and their leadership. Recommended read:
References :
@cyberinsider.com - 8d
B1ack's Stash, an illicit carding marketplace, released a dataset containing over 1 million stolen credit and debit cards on a dark web forum on February 19, 2025. Experts are warning that the release of over 1 million unique credit and debit cards by the carding website B1ack’s Stash appears to be a marketing strategy to attract new customers and gain notoriety within the cybercrime ecosystem. Other underground marketplaces like Joker Stash and BidenCash facilitate the sale of payment card data.
The cybersecurity community is on high alert. It has been reported that the leaked data includes PAN, expiration date, CVV2, cardholders' personal details, email address, IP address, and User-Agent, obtained through e-skimming. Banking institutions are being advised to monitor the dark web for the offering of credit and debit cards to prevent fraudulent activities. Recommended read:
References :
MalBot@malware.news - 72d
References:
DataBreaches.Net
, malware.news
,
Cisco experienced a significant data leak due to an internal misconfiguration. The hacker group known as "IntelBroker" claimed responsibility for accessing sensitive information. This occurred after Cisco inadvertently left its DevHub instance exposed, allowing unauthorized access. The breach enabled the hackers, identified as @zjj, @IntelBroker, and @EnergyWeaponUser to download approximately 4.5TB of data, which is associated with various Cisco products.
While much of the exposed data was public, the hackers also accessed files not intended for public release. Cisco's investigation confirmed that the data was obtained from a public-facing DevHub environment. The initial samples shared by the group included files relating to various Cisco software offerings, totaling 2.9GB. The breach included software from key products, including Cisco IOS XE, Webex and Umbrella, and raised concerns about potential vulnerabilities. Recommended read:
References :
Stefan Hostetler, Julian Tuin, Trevor Daher, Jon Grimm, Alyssa Newbury, Joe Wedderspoon, and Markus @Arctic Wolf - 44d
A new hacking group, known as Belsen Group, has leaked configuration files and VPN credentials for over 15,000 FortiGate firewall devices. The data, which includes full configuration dumps, device management certificates and even some plain text passwords, was made freely available on the dark web. Security researcher Kevin Beaumont first brought the issue to light, later confirmed by CloudSEK, and noted the vulnerability primarily affected Fortigate 7.0.x and 7.2.x devices.
The Belsen Group is believed to have been active since 2022, despite only recently appearing on social media and cybercrime forums. The leaked data was likely collected using a zero-day exploit in 2022, specifically CVE-2022-40684, and has only been released in January 2025. This means even organizations that have since patched may still be vulnerable if their configurations were captured by Belsen Group in 2022. The exposure of the data, which includes firewall rules, poses a significant security risk to affected organizations. Recommended read:
References :
|