Business Insider: 533 million Facebook users’ phone numbers and personal data have been leaked online

Business Insider: 533 million Facebook users’ phone numbers and personal data have been leaked online. “A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”

Vice: Hobby Lobby Exposed 138GB of Data

Vice: Hobby Lobby Exposed 138GB of Data. “Hobby Lobby, the American arts and crafts giant that also happened to purchase thousands of ancient artifacts looted from modern-day Iraq, exposed a large amount of data online, including customer names, phone numbers, physical and email addresses, and the last four digits of their payment card, as well as source code for the company’s app, according to a security researcher.”

CNET: Identity thieves raked in billions with your data, even as breaches fell in 2020

CNET: Identity thieves raked in billions with your data, even as breaches fell in 2020. “About 1,100 data breaches were publicly disclosed in the US in 2020, according to the report. Those breaches affected about 300 million individuals, the lowest number since since 2015. The number of people caught up in data breaches dropped from more than 2 billion in 2018 to about 880,000 in 2019 before falling again last year. There are some big caveats in the numbers, however.”

InfoSecurity Magazine: Cook County Leaks 320,000 Court Records

InfoSecurity Magazine: Cook County Leaks 320,000 Court Records. “Over 320,000 court records belonging to the second most populous county in the US have been discovered sitting on a misconfigured online database. Security researcher Jeremiah Fowler and a team from Website Planet soon found that the data was all from Cook County, Illinois, which is home to America’s third-largest city, Chicago.”

The Register: Clop ransomware gang clips sensitive files from Atlantic Records’ London ad agency The7stars, dumps them online

The Register: Clop ransomware gang clips sensitive files from Atlantic Records’ London ad agency The7stars, dumps them online. “The attack appears to have happened after 15 December, when The7stars’ annual return was prepared for filing with Companies House. While the document talks in length about its healthy financial performance, it mentions nothing about cyber risks or attacks. Screenshots published on the Clop gang’s Tor website show scans of passports, invoices, what appears to be a photo from a staff party and, ironically, a ‘data protection agreement.’”

Bleeping Computer: Hacker leaks full database of 77 million Nitro PDF user records

Bleeping Computer: Hacker leaks full database of 77 million Nitro PDF user records. “A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free. The 14GB leaked database contains 77,159,696 records with users’ email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information.”

ThreatPost: Exposed Database Reveals 100K+ Compromised Facebook Accounts

ThreatPost: Exposed Database Reveals 100K+ Compromised Facebook Accounts. “Cybercriminals left an ElasticSearch database exposed, revealing a global attack that compromised Facebook accounts and used them to scam others. Researchers have uncovered a wide-ranging global scam targeting Facebook users, after finding an unsecured database used by fraudsters to store the usernames and passwords of at least 100,000 victims.”

ZDNet: 23,600 hacked databases have leaked from a defunct ‘data breach index’ site

ZDNet: 23,600 hacked databases have leaked from a defunct ‘data breach index’ site. “More than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind. The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals.”

ThreatPost: Unsecured Microsoft Bing Server Leaks Search Queries, Location Data

ThreatPost: Unsecured Microsoft Bing Server Leaks Search Queries, Location Data. “An unsecured database has exposed sensitive data for users of Microsoft’s Bing search engine mobile application – including their location coordinates, search terms in clear text and more. While no personal information, like names, were exposed, researchers with Wizcase argued that enough data was available that it would be possible to link these search queries and locations to user identities — giving bad actors information ripe for blackmail attacks, phishing scams and more.”

InfoSecurity: Webmaster Portal Leaks 63 Million Records

InfoSecurity: Webmaster Portal Leaks 63 Million Records. “Back in July, researchers at WebsitePlanet teamed up with Jeremiah Fowler to discover an Elasticsearch database belonging to Digital Planet that was left online without password protection, exposing nearly 63 million records. These included emails, names, internal user ID numbers, internal records and user posts related to 863,412 users of the site.”

Gizmodo: Prison Phone App Exposes Millions of Inmate Messages and Personal Data

Gizmodo: Prison Phone App Exposes Millions of Inmate Messages and Personal Data. “As many incarcerated individuals are having their visiting privileges restricted due to the global pandemic, Telmate’s Getting Out app has become one of the only options that families separated by incarceration have to keep in touch. But according to research published today, hundreds of millions of intimate messages from many millions of inmates were sitting exposed on the web.”