#data-exposure

[ follow ]
#privacy #security-vulnerability #cybersecurity #incident-response #security-misconfiguration #ransomware
fromWIRED
2 days ago

Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People's Private Data

"This took all of 20 minutes," Exempt, a member of the group that carried out the ploy, told WIRED. He claims that his group has been successful in extracting similar information from virtually every major US tech company, including Apple and Amazon, as well as more fringe platforms like video-sharing site Rumble, which is popular with far-right influencers. Exempt shared the information Charter Communications sent to the group with WIRED, and explained that the victim was a "gamer" from New York.
Privacy professionals
Information security
fromInfoWorld
2 weeks ago

Developers left large cache of credentials exposed on code generation websites

Shareable 'Save' URLs and an exposed /service/getDataFromID API allowed retrieval of sensitive user-submitted data and thousands of secrets.
Information security
fromDataBreaches.Net
1 month ago

How many courts have had sealed and sensitive files exposed by one vendor's error? - DataBreaches.Net

A case management vendor left sealed court records exposed via unsecured Samba shares and failed to respond adequately to repeated notifications.
Information security
fromMedium
1 month ago

Why API Security Testing is Critical for Modern Applications

Continuous API security testing is essential to prevent data exposure, authentication failures, privilege escalation, and service disruption in modern applications.
UK news
fromTheregister
1 month ago

UK lotto players land data jackpot thanks to website error

A technical error at People's Postcode Lottery briefly exposed names, addresses, email addresses, and birthdates of a small fraction of subscribers before services were restored.
Information security
fromDataBreaches.Net
2 months ago

Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records - DataBreaches.Net

A prosecutor case-management vendor left confidential and sealed court records publicly exposed online despite repeated alerts from researchers, an FBI agent, and assisting IT personnel.
Information security
fromSecurityWeek
2 months ago

DraftKings Warns Users of Credential Stuffing Attacks

DraftKings detected a credential stuffing attack using externally harvested credentials that may have exposed user account data and is enforcing password resets and MFA.
Information security
fromTechCrunch
2 months ago

Exclusive: Bug in India's income tax portal exposed taxpayers' sensitive data

A security flaw in India's income tax e-Filing portal exposed taxpayers' personal, financial, and Aadhaar data; authorities fixed the vulnerability after researchers reported it.
Information security
fromThe Hacker News
2 months ago

Evolving Enterprise Defense to Secure the Modern AI Supply Chain

Enterprises must adopt continuous discovery, real-time monitoring, adaptive risk assessment, and governance to secure AI usage, data, and supply chains amid rapid Gen-AI adoption.
Information security
fromDataBreaches.Net
2 months ago

ClaimPix Data Leak Exposes 5 Million Customer Records - DataBreaches.Net

An unencrypted public database exposed 5.1 million files totaling 10 TB containing sensitive vehicle, insurance, and legal documents with PII, VINs, and powers of attorney.
fromDataBreaches.Net
2 months ago

Medical Associates of Brevard notifies 246,711 patients after cyberattack - DataBreaches.Net

On January 23, 2025, the Bian Lian ransomware gang added the Medical Associates of Brevard ("MAB") to its dark web leak site. At the time, they listed the types of data they claimed to have acquired, but did not provide any screenshots or proof of claims. Months later, BianLian went offline. What happened to any data they may have exfiltrated is not currenlty known to DataBreaches, but on September 5, 2025, MAB notified HHS that 246,711 patients were affected by the incident.
Information security
fromApp Developer Magazine
11 months ago

Salesforce data breach linked to Tenable via Salesloft Drift

A Salesforce-Salesloft Drift integration breach exposed limited customer contact and support case data at multiple organizations, including Tenable, while core product data remained uncompromised.
fromIT Pro
3 months ago

The unseen risks of cloud storage for businesses

Cloud storage is used by most businesses, with 78% of respondents to a 2024 PwC survey indicating they've adopted cloud across most of their organizations. But many firms are unknowingly opening themselves up to security and data protection risks: sensitive data is being held in 9% of publicly-accessible cloud storage, and 97% of this information is classified as restricted or confidential, according to Tenable's 2025 Cloud Security Risk Report.
Information security
Information security
fromWIRED
3 months ago

DOGE Put Everyone's Social Security Data at Risk, Whistleblower Claims

Online violent group Purgatory claims university swattings; cybercriminals leverage generative AI for ransomware; DOGE allegedly exposed a Social Security Administration database to risk.
#teslamate
fromTechCrunch
3 months ago
Information security

Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data | TechCrunch

fromTechCrunch
3 months ago
Information security

Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data | TechCrunch

more#teslamate
Information security
fromDataBreaches.Net
3 months ago

Intel Websites Compromised, Allowing Hackers Access to Employee and Confidential Data - DataBreaches.Net

Security flaws in Intel's internal web infrastructure exposed over 270,000 employees' details and potentially allowed attackers administrative access to corporate and supplier information.
fromwww.bbc.com
3 months ago

Hundreds of thousands of Grok chats exposed in Google results

Unique links are created when Grok users press a button to share a transcript of their conversation - but as well as sharing the chat with the intended recipient, the button also appears to have made the chats searchable online. A Google search on Thursday revealed it had indexed nearly 300,000 Grok conversations. It has led one expert to describe AI chatbots as a "privacy disaster in progress".
Privacy professionals
fromTechCrunch
3 months ago

Thousands of Grok chats are now searchable on Google | TechCrunch

Hundreds of thousands of conversations that users had with Elon Musk's xAI chatbot Grok are easily accessible through Google Search, reports Forbes. Whenever a Grok user clicks the "share" button on a conversation with the chatbot, it creates a unique URL that the user can use to share the conversation via email, text or on social media. According to Forbes, those URLs are being indexed by search engines like Google, Bing, and DuckDuckGo, which in turn lets anyone look up those conversations on the web.
Privacy professionals
#privacy
fromForbes
3 months ago
Privacy technologies

Elon Musk's xAI Published Hundreds Of Thousands Of Grok Chatbot Conversations

fromForbes
3 months ago
Privacy technologies

Elon Musk's xAI Published Hundreds Of Thousands Of Grok Chatbot Conversations

more#privacy
fromThe Hacker News
5 months ago

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules.
Information security
EU data protection
fromTechCrunch
6 months ago

Vanta bug exposed customers' data to other customers | TechCrunch

A product code change at Vanta exposed some customers' private data to others, affecting less than 4% of users.
[ Load more ]