TechCrunch: Fragomen, a law firm used by Google, confirms data breach

TechCrunch: Fragomen, a law firm used by Google, confirms data breach. “Immigration law firm Fragomen, Del Rey, Bernsen & Loewy has confirmed a data breach involving the personal information of current and former Google employees. The New York-based law firm provides companies with employment verification screening services to determine if employees are eligible and authorized to work in the United States.”

U.S. Department of Veterans Affairs: VA notifies Veterans of compromised personal information

U.S. Department of Veterans Affairs: VA notifies Veterans of compromised personal information. “The U.S. Department of Veterans Affairs (VA) Office of Management today announced a data breach involving the personal information of approximately 46,000 Veterans and actions taken by the department to prevent and mitigate any potential harm to those individuals.”

Bleeping Computer: U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen

Bleeping Computer: U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen. “Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest. Headquartered in Louisville, Kentucky, the company holds world-known whiskey and scotch brands like Jack Daniel’s, Woodford, Old Forester, Collingwood, Glenglassaugh, and Glendronach; Herradura, El Jimador, and Pepe Lopez tequila; Finlandia vodka, and Sonoma-Cutrer wines.”

BetaNews: Ancestry. com claims no harm from security vulnerability in Family Tree Maker

BetaNews: Ancestry.com claims no harm from security vulnerability in Family Tree Maker. “If you’re at all familiar with genealogy then you’ll likely know both Ancestry and Family Tree Maker — they an integral part of the pastime. Unfortunately, independent review site WizCase recently discovered an open and unencrypted ElasticSearch server that belonged to Software MacKiev, the owners of Family Tree Maker. The leak exposed thousands of records including email addresses, user locations, and other sensitive personal information. FTM was owned by Ancestry.com until 2016 when Software MacKiev took it over, and the software is still used to upload databases to the Ancestry online trees.”

Bleeping Computer: Startups disclose data breaches after massive 386M records leak

Bleeping Computer: Startups disclose data breaches after massive 386M records leak. “This week, BleepingComputer was the first to report that ShinyHunters, a threat actor known for data breaches, began to leak the stolen databases of eighteen web sites for free on a hacker forum. Most of the companies targeted by these attacks appear to be startups, with the full list of the 18 data breaches and their updated disclosure status are listed below.”

Mashable: Booze delivery app Drizly hit by massive data breach affecting 2.5 million accounts

Mashable: Booze delivery app Drizly hit by massive data breach affecting 2.5 million accounts. “Alcohol delivery app Drizly has been hit with a huge data breach, revealing customers’ email addresses, birthdays, encrypted passwords, and even delivery addresses. You’d hope hackers would at least have the decency to leave our liquor alone amidst this incredibly trying pandemic, but apparently nothing is sacred.”

Mashable: Twitter hackers slid into more DMs than previously known

Mashable: Twitter hackers slid into more DMs than previously known. “The San Francisco-based social media giant has continued to release additional details of the July 15 hack that saw verified accounts compromised and used to push a classic cryptocurrency scam. Today, Twitter announced that more accounts had their direct messages accessed than was previously known.”

Bleeping Computer: Dave data breach affects 7.5 million users, leaked on hacker forum

Bleeping Computer: Dave data breach affects 7.5 million users, leaked on hacker forum. “Overdraft protection and cash advance service Dave has suffered a data breach after a database containing 7.5 million user records was sold in an auction and then released later for free on hacker forums. Dave is a fintech company that allows users to link their bank accounts and receive cash advances for upcoming bills to avoid overdraft fees. Subscribers who need extra money to pay a bill can get a payday loan up to $100, but cannot receive another loan until it is repaid. A threat actor released a database containing 7,516,691 users records for free on a hacker forum on Friday.”

New York Times: Hackers Tell the Story of the Twitter Attack From the Inside

New York Times: Hackers Tell the Story of the Twitter Attack From the Inside. “Despite global attention on the intrusion, which has shaken confidence in Twitter and the security provided by other technology companies, the basic details of who were responsible, and how they did it, have been a mystery. Officials are still in the early stages of their investigation. But four people who participated in the scheme spoke with The Times and shared numerous logs and screen shots of the conversations they had on Tuesday and Wednesday, demonstrating their involvement both before and after the hack became public.”

CNN: How the massive Twitter hack may have happened

CNN: How the massive Twitter hack may have happened. “A group of former Twitter (TWTR) employees who watched in shock as a hack compromised the accounts of some of the most prominent people on the social network, including Barack Obama, Joe Biden and Elon Musk, are among those trying to figure out how an attack of such staggering proportions could have happened. As they conduct their unofficial investigation in a closed Slack group, the former employees, including some who were members of Twitter’s security team, are attempting to reconstruct the events leading up to the takeovers based on their knowledge of the social network’s internal protocols and technical systems.”

CNN: Twitter’s massive hack could be even worse than it seems

CNN: Twitter’s massive hack could be even worse than it seems. “The enormous Twitter hack that led to the accounts of a former US president, a possible future president, numerous billionaire businessmen, celebrities and the world’s most valuable company all promoting a bitcoin scam may go down as one of the worst cybersecurity disasters ever to hit a social media company.”

CNN: Nintendo reveals 160,000 accounts were breached

CNN: Nintendo reveals 160,000 accounts were breached. “Nintendo revealed on Friday that 160,000 accounts were breached since the beginning of April, by hackers using others’ Nintendo Network IDs without permission. The company announced users will no longer need to use these IDs to log into their accounts, and that passwords on accounts that may have been breached will be reset.”