Business Insider: 533 million Facebook users’ phone numbers and personal data have been leaked online

Business Insider: 533 million Facebook users’ phone numbers and personal data have been leaked online. “A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”

KCLR: Database with details for nearly 450,000 across Ireland compromised by hackers

KCLR: Database with details for nearly 450,000 across Ireland compromised by hackers. “The Irish Data Protection Commission says it’s received a breach notification from Fastway Couriers. The customer data impacted includes names, addresses, email accounts and phone numbers, but the company says nobody’s financial data was at risk. It’s understood that up to 450,000 people may be impacted.”

The Verge: Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, and more

The Verge: Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, and more. “Verkada, a Silicon Valley security startup that provides cloud-based security camera services, has suffered a major security breach. Hackers gained access to over 150,000 of the company’s cameras, including cameras in Tesla factories and warehouses, Cloudflare offices, Equinox gyms, hospitals, jails, schools, police stations, and Verkada’s own offices, Bloomberg reports.”

CNET: Microsoft Exchange attackers strike more than 30,000 US organizations

CNET: Microsoft Exchange attackers strike more than 30,000 US organizations. “On March 2, Microsoft released an emergency security update for its Microsoft Exchange email and communications software, patching a security hole in versions of the software going back to 2013. But as customers slowly update their systems, there are signs that at least 30,000 organizations across the US have already been hit by hackers who stole email communications from their systems.”

Ars Technica: Rookie coding mistake prior to Gab hack came from site’s CTO

Ars Technica: Rookie coding mistake prior to Gab hack came from site’s CTO. “Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab’s open source code shows that the critical vulnerability—or at least one very much like it—was introduced by the company’s chief technology officer.”

Wired: Far-Right Platform Gab Has Been Hacked—Including Private Data

Wired: Far-Right Platform Gab Has Been Hacked—Including Private Data . “WHEN TWITTER BANNED Donald Trump and a slew of other far-right users in January, many of them became digital refugees, migrating to sites like Parler and Gab to find a home that wouldn’t moderate their hate speech and disinformation. Days later, Parler was hacked and then dropped by Amazon web hosting, knocking the site offline. Now Gab, which inherited some of Parler’s displaced users, has been badly hacked too. An enormous trove of its contents has been stolen—including what appears to be passwords and private communications.”

ProPublica: The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack

ProPublica: The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack. “The software company SolarWinds unwittingly allowed hackers’ code into thousands of federal computers. A cybersecurity system called in-toto, which the government paid to develop but never required, might have protected against this.”

CNET: Identity thieves raked in billions with your data, even as breaches fell in 2020

CNET: Identity thieves raked in billions with your data, even as breaches fell in 2020. “About 1,100 data breaches were publicly disclosed in the US in 2020, according to the report. Those breaches affected about 300 million individuals, the lowest number since since 2015. The number of people caught up in data breaches dropped from more than 2 billion in 2018 to about 880,000 in 2019 before falling again last year. There are some big caveats in the numbers, however.”

The Register: Clop ransomware gang clips sensitive files from Atlantic Records’ London ad agency The7stars, dumps them online

The Register: Clop ransomware gang clips sensitive files from Atlantic Records’ London ad agency The7stars, dumps them online. “The attack appears to have happened after 15 December, when The7stars’ annual return was prepared for filing with Companies House. While the document talks in length about its healthy financial performance, it mentions nothing about cyber risks or attacks. Screenshots published on the Clop gang’s Tor website show scans of passports, invoices, what appears to be a photo from a staff party and, ironically, a ‘data protection agreement.’”

Bleeping Computer: Bonobos clothing store confirms breach after hacker leaks 70GB database

Bleeping Computer: Bonobos clothing store confirms breach after hacker leaks 70GB database. “Bonobos men’s clothing store has suffered a massive data breach exposing millions of customers’ personal information. Bonobos started as an online men’s clothing store but later expanded to sixty locations to try on clothes before purchasing them. Walmart bought Bonobos in 2017 for $300 million to sells its clothing on their Jet.com site.”

SC Magazine: Breach alerts dismissed as junk? New guide for sending vital emails may help

SC Magazine: Breach alerts dismissed as junk? New guide for sending vital emails may help. “Bulk emails sent en masse to recipients can easily appear suspicious, but they may actually be legally required alerts informing customers about data breaches, privacy policy changes or product recalls. Some may instruct recipients to change their passwords or subscribe to a credit monitoring service. Even customers who no longer use a particular company’s services, or have unsubscribed from its marketing communications, or have set emails from that company as spam must still receive these so-called ‘mandatory’ emails. And so it is imperative that senders follow guidelines that make their vital communications as secure and trustworthy as possible.”