Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Breach. Show all posts
Employee Data
Australia Australian Businesses Cybersecurity Researchers Data Breach Data Leak data security Database Leaked Database Security Employee Data

Sydney Tools Data Leak Exposes Millions of Customer and Employee Records

 

A major data leak from Sydney Tools, an Australian retailer specializing in power tools, hand tools, and industrial equipment, has potentially exposed the personal information of millions of customers and employees. The breach, discovered by cybersecurity researchers at Cybernews, involved an unprotected Clickhouse database that remained publicly accessible online, allowing unauthorized individuals to view sensitive data.  

According to the report, the database contained more than 5,000 records related to Sydney Tools employees, including both current and former staff. These records included full names, branch locations, salary details, and sales targets. Given that Sydney Tools reportedly employs around 1,000 people, a large portion of the exposed records likely belong to individuals who no longer work for the company. While no banking details were included in the leak, the exposure of employee information still poses a significant security risk. 

Cybercriminals could use these details to craft convincing phishing scams or for identity theft. Beyond employee data, the breach also exposed an even larger volume of customer information. The database reportedly contained over 34 million online purchase records, revealing customer names, email addresses, phone numbers, home addresses, and details of purchased items. The exposure of this information is particularly concerning, as it not only compromises privacy but also increases the risk of targeted scams. 

Customers who purchased expensive tools and equipment may be especially vulnerable to fraud or burglary attempts. Cybernews researchers have expressed serious concerns over the extent of the breach, highlighting that the database includes a mix of personally identifiable information (PII) and financial details. This kind of information is highly valuable to cybercriminals, who can exploit it for various fraudulent activities. The researchers attempted to notify Sydney Tools about the security lapse, urging them to secure the exposed database. 

However, as of their last update, the data reportedly remained accessible, raising further concerns about the company’s response to the issue. This incident underscores the ongoing risks posed by unprotected databases, which continue to be one of the leading causes of data breaches. Companies handling large volumes of customer and employee information must prioritize data security by implementing robust protection measures, such as encryption, multi-factor authentication, and regular security audits. Failing to do so not only puts individuals at risk but also exposes businesses to legal and reputational damage. 

With cybersecurity threats on the rise, organizations must remain vigilant in safeguarding sensitive information. Until Sydney Tools secures the database and provides assurances about how it will handle data protection in the future, customers and employees should remain cautious and monitor their accounts for any suspicious activity.
Read more »
Financial Data
Athenian Tech Classified Information Data Breach Defence Ministry Financial Data

Cyberattack Exposes Confidential Defence Data, Raising Security Concerns

 



A massive collection of classified defence documents has reportedly been stolen by hackers and put up for sale. The stolen information includes blueprints for a weapon, details about an upcoming Air Force facility, procurement strategies, and India's defence partnerships with other countries.  

Cybersecurity firm Athenian Tech, which analyzed the data, believes it was taken from the personal device of a former Defence Ministry official. Among the leaked files are emergency evacuation procedures for high-ranking government officials, including the President and Prime Minister, in the event of an aerial attack. This has raised serious concerns about national security.  


Defence Agency denies data breach

The Defence Research and Development Organisation (DRDO), which is responsible for developing military technology, is known for its strict security rules. Employees are not even allowed to carry personal mobile phones in certain areas. However, the stolen data has been linked to DRDO, raising concerns about how such critical information was accessed.  

Despite these claims, DRDO officials have denied that their systems were breached. They stated that the stolen files do not belong to their organization but have not provided further details to clarify the situation.  


Hackers Claim Responsibility 

A ransomware group called Babuk Locker 2.0 announced on March 10, 2025, that it was behind the attack. The hackers claim to have stolen 20 terabytes of sensitive defence data from DRDO’s servers, including classified military documents and login credentials. They released a small portion of this data, approximately 753 MB, as proof of their claims.  

The sample files include technical details about upgrades to the T9 Bhishma Tank, along with records of India’s defence collaborations with countries such as Finland, Brazil, and the United States.  

Athenian Tech examined conversations between the hackers and found that they were communicating in Indonesian, suggesting they may be based in Indonesia. However, after further analysis, the firm believes the hackers might have exaggerated the scale of the breach.  

The report indicates that much of the leaked data is linked to Puneet Agarwal, who served as a Joint Secretary in the Defence Ministry between 2019 and 2021. His personal information, including Aadhaar details, financial records, and travel documents, were found in the files. This suggests that the breach might have come from his personal device rather than DRDO’s secured internal network.  


Major Security Risks 

The exposure of such sensitive information highlights major cybersecurity vulnerabilities. It raises concerns about insider threats and whether India’s defence infrastructure is adequately protected from sophisticated cyberattacks.  

Athenian Tech has stressed the need for stronger security measures, tighter access controls, and constant monitoring to prevent such incidents from happening again.  

One of the biggest concerns is that classified documents were stored on a personal device, which indicates serious gaps in data security policies. If the hackers also obtained login credentials, they could use them to infiltrate more secure systems and gain access to additional classified information.  

Read more »
United States
Data Breach Military Operations National Security Security Breach Signal app United States

Experts Warn Trump Officials Using Signal for War Plans Risk Massive Leaks

 

Reports that senior Trump administration officials discussed classified military operations using the encrypted texting app Signal have raised serious security concerns. Although Signal provides encryption, lawmakers and cybersecurity specialists have warned that it is still susceptible to hacking and should never be used for private government communications. 

When journalist Jeffrey Goldberg of The Atlantic was accidentally included in a Signal group discussion where senior Trump officials were discussing military operations in Yemen, the issue became apparent. Goldberg called the conversation an act of "shocking recklessness" and said it included "precise information about weapons packages, targets, and timing.” 

Mark Montgomery, senior director of the Foundation for Defence of Democracies, criticised the decision, saying, "I guess Signal is a few steps above leaving a copy of your war plan at the Chinese Embassy—but it's far below the standards required for discussing any elements of a war plan.” 

Signal has become increasingly popular in Washington despite cybersecurity concerns after Chinese-affiliated hackers significantly compromised U.S. telecommunications networks. To safeguard against spying, officials recommend using encrypted services such as Signal. Experts warn that even while the app has robust encryption and deletes messages automatically, it is not approved for use in government-level sensitive communications. 

Lawmakers call for investigation

Top Democrats have slammed the use of Signal for military discussions, describing it as a significant security breach. Bennie Thompson (D-Miss.), the ranking member of the House Homeland Security Committee, criticised the Trump administration for failing to vet group chat users. “It should go without saying that administration officials should not be using Signal for discussing intelligence matters,” Thompson noted. 

House Foreign Affairs Committee Ranking Member Gregory Meeks (D-N.Y.) has requested a hearing, calling the episode "the most astonishing breach of our national security in recent history." Ranking member of the House Intelligence Committee, Jim Himes (D-Conn.), said he was "horrified" by the usage of an insecure app. He cautioned that lower-level officials might risk criminal charges for such a failure. 

Michael Waltz, Trump's National Security Adviser, admits to organising the Signal group chat, which inadvertently included writer Jeffrey Goldberg. Waltz first blamed a staff member, but later admitted that he founded the group himself. "It is embarrassing, definitely. We're going to get to the bottom of it," he added, adding that he was engaging Elon Musk on technical matters. 

In support of Waltz, Trump described him as a "good man" who had only "learnt a lesson." "The leak was the only glitch in two months, and it turned out not to be a serious one," he said, downplaying the breach as a small mistake. But there has been a quick pushback, with lawmakers and security experts voicing serious concerns.
Read more »
Data Theft
AT&T cloud storage services CyberCrime cybercriminal arrests Data Breach Data Hackers data security Data Theft

Connor Moucka Extradited to U.S. for Snowflake Data Breaches Targeting 165 Companies

 

Connor Moucka, a Canadian citizen accused of orchestrating large-scale data breaches affecting 165 companies using Snowflake’s cloud storage services, has agreed to be extradited to the United States to face multiple federal charges. The breaches, which targeted high-profile companies like AT&T and Ticketmaster, resulted in the exposure of hundreds of millions of sensitive records. 

Moucka, also known by online aliases such as “Waifu,” “Judische,” and “Ellyel8,” was arrested in Kitchener, Ontario, on October 30, 2024, at the request of U.S. authorities. Last Friday, he signed a written agreement before the Superior Court of Justice in Kitchener, consenting to his extradition without the standard 30-day waiting period. The 26-year-old faces 20 charges in the U.S., including conspiracy to commit computer fraud, unauthorized access to protected systems, wire fraud, and aggravated identity theft. Prosecutors allege that Moucka, along with co-conspirator John Binns, extorted over $2.5 million from victims by stealing and threatening to expose their sensitive information. 

The data breaches tied to this cybercrime operation have had widespread consequences. In May 2024, Ticketmaster’s parent company, Live Nation, confirmed that data from 560 million users had been compromised and put up for sale on hacking forums. Other companies affected include Santander Bank, Advance Auto Parts, and AT&T, among others. Moucka and Binns are believed to be linked to “The Com,” a cybercriminal network involved in various illicit activities, including cyber fraud, extortion, and violent crimes. 

Another alleged associate, Cameron Wagenius, a 21-year-old U.S. Army soldier, was arrested in December for attempting to sell stolen classified information to foreign intelligence agencies. Wagenius has since indicated his intent to plead guilty. U.S. prosecutors claim Moucka and his associates launched a series of cyberattacks on Snowflake customers, gaining unauthorized access to corporate environments and exfiltrating confidential data. 
These breaches, described as among the most extensive cyberattacks in recent history, compromised sensitive 
records from numerous enterprises. While the exact date of Moucka’s extradition remains undisclosed, his case underscores the growing threat of cyber extortion and the increasing international cooperation in tackling cybercrime. His legal representatives have not yet issued a statement regarding the extradition or upcoming trial proceedings.
Read more »
Online Scams
Collectibles.com Customer Information Data Breach Online Scams

Massive Data Leak Exposes Nearly a Million Collectors – Are You at Risk?

 



A major online platform for collectible items, Collectibles.com, has accidentally exposed the private information of nearly a million users. This security flaw could put many people at risk of identity theft, fraud, and online scams, according to cybersecurity experts.  


How the Data Was Leaked  

Cybersecurity researchers from Cybernews discovered that the website had an unprotected database, meaning anyone could access it without a password. This database contained 300GB of data and over 870,000 records, each linked to a different user. The leaked information included full names, email addresses, profile pictures, account details, records of collectible card sales, and other transaction history.  

Experts warn that such leaks can be dangerous because cybercriminals might use this data for fraudulent activities, such as identity theft or phishing scams. Phishing is when scammers send fake emails or messages pretending to be from a trusted company to trick users into revealing passwords or financial information.  


What Is Collectibles.com?  

Previously known as Cardbase, Collectibles.com is an online marketplace where users can buy, sell, and track trading cards, comics, and memorabilia. In 2024, the company announced it had around 300,000 users. However, this data leak suggests the number of affected users might be much higher.  


Company’s Response and Security Concerns  

Cybernews contacted Collectibles.com to inform them about the security issue. However, aside from an automated response, the company did not take immediate action. It took ten days for the exposed database to be secured, but it remains unclear how long the data was accessible before it was discovered.  

There is also uncertainty about whether hackers accessed the information before Cybernews reported it. If cybercriminals obtained this data, they could already be using it for scams or fraud.  


Why Do These Leaks Happen?  

One of the main reasons for data leaks is unsecured cloud databases. Many companies store customer information online but do not always follow proper security practices. Some businesses assume that cloud providers are fully responsible for security, but in reality, companies must also take steps to protect their data.  

Cybercriminals and researchers alike use tools to search the internet for unprotected databases. Once found, these databases can be exploited in different ways, from selling private information to launching scams.  


How Users Can Protect Themselves  

If you have an account on Collectibles.com, consider taking the following steps:  

1. Change your password immediately to ensure your account remains secure.  

2. Enable two-factor authentication (2FA) to add an extra layer of protection.  

3. Be cautious of phishing emails that may try to trick you into revealing personal details.  

4. Monitor your accounts for suspicious activity and report anything unusual.  

Cybersecurity experts emphasize that companies must take data security seriously to prevent such leaks. At the same time, users should remain cautious and take steps to protect their personal information online.  


Read more »
zero-click
Data Breach Hackers paragon Spyware WhatsApp zero-click

WhatsApp Fixes Security Flaw Exploited by Spyware

 



WhatsApp recently fixed a major security loophole that was being used to install spyware on users' devices. The issue, known as a zero-click, zero-day vulnerability, allowed hackers to access phones without the user needing to click on anything. Security experts from the University of Toronto’s Citizen Lab uncovered this attack and linked it to Paragon’s spyware, called Graphite.  

The flaw was patched by WhatsApp in late 2023 without requiring users to update their app. The company also chose not to assign a CVE-ID to the vulnerability, as it did not meet specific reporting criteria.  

A WhatsApp spokesperson confirmed that hackers used the flaw to target certain individuals, including journalists and activists. WhatsApp directly reached out to around 90 affected users across multiple countries.  


How the Attack Worked  

Hackers used WhatsApp groups to launch their attacks. They added their targets to a group and sent a malicious PDF file. As soon as the file reached the victim’s phone, the device automatically processed it. This triggered the exploit, allowing the spyware to install itself without any user action.  

Once installed, the spyware could access sensitive data and private messages. It could also move beyond WhatsApp and infect other apps by bypassing Android’s security barriers. This gave attackers complete control over the victim’s device.  


Who Was Targeted?  

According to Citizen Lab, the attack mostly focused on individuals who challenge governments or advocate for human rights. Journalists, activists, and government critics were among the key targets. However, since only 90 people were officially notified by WhatsApp, experts believe the actual number of victims could be much higher.  

Researchers found a way to detect the spyware by analyzing Android device logs. They identified a forensic marker, nicknamed "BIGPRETZEL," that appears on infected devices. However, spotting the spyware is still difficult because Android logs do not always capture all traces of an attack.  


Spyware Linked to Government Agencies  

Citizen Lab also investigated the infrastructure used to operate the spyware. Their research uncovered multiple servers connected to Paragon’s spyware, some of which were linked to government agencies in countries like Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Many of these servers were rented through cloud platforms or hosted directly by government agencies.  

Further investigation revealed that the spyware's digital certificates contained the name “Graphite” and references to installation servers. This raised concerns about whether Paragon's spyware operates similarly to Pegasus, another surveillance tool known for being used by governments to monitor individuals.  


Who Is Behind Paragon Spyware?  

Paragon Solutions Ltd., the company behind Graphite spyware, is based in Israel. It was founded in 2019 by Ehud Barak, Israel’s former Prime Minister, and Ehud Schneorson, a former commander of Unit 8200, an elite Israeli intelligence unit.  

Paragon claims that it only sells its technology to democratic governments for use by law enforcement agencies. However, reports have shown that U.S. agencies, including the Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE), have purchased and used its spyware.  

In December 2024, a U.S.-based investment firm, AE Industrial Partners, bought Paragon, further raising questions about its future operations and how its surveillance tools may be used.  


Protecting Yourself from Spyware  

While WhatsApp has fixed this specific security flaw, spyware threats continue to evolve. Users can take the following steps to protect themselves:  

1. Update Your Apps: Always keep your apps updated, as companies frequently release security patches.  

2. Be Cautious of Unknown Files: Never open suspicious PDFs, links, or attachments from unknown sources.  

3. Enable Two-Factor Authentication: Adding an extra layer of security to your accounts makes it harder for hackers to break in.  

4. Check Your Device Logs: If you suspect spyware, seek professional help to analyze your phone’s activity.  

Spyware attacks are becoming more advanced, and staying informed is key to protecting your privacy. WhatsApp’s quick response to this attack highlights the ongoing battle against cyber threats and the need for stronger security measures.  


Read more »
Oracle Cloud
Data Breach Data Leak Data Theft Login Servers Oracle Cloud

Oracle Denies Claim of Server Breach

 

Following a threat actor's claim to be selling 6 million data records allegedly stolen from Oracle Cloud's federated SSO login servers, Oracle denies that it was compromised. 

“There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data," the company noted. 

This accusation follows the release of many text files yesterday by a threat actor going by the moniker rose87168, which included a sample database, LDAP details, and a list of the businesses they said were pilfered from Oracle Clouds' SSO platform.

The threat actor provided BleepingComputer with this URL as additional evidence that they were able to access Oracle Cloud servers. It displays an Internet Archive URL indicating that they submitted a.txt file to the login.us2.oraclecloud.com server that contained their ProtonMail email address.

The attackers uploaded a text file with their email address without having access to Oracle Cloud servers, as BleepingComputer explained when they got in touch with Oracle once more. 

Alleged Oracle data leak 

Rose87168 is currently offering the allegedly stolen data from Oracle Cloud's SSO service for an undisclosed fee or in exchange for zero-day exploits on the BreachForums hacking community. The information, which included enterprise manager JPS keys, Java Keystore (JKS) files, and encrypted SSO passwords, was allegedly stolen during an intrusion into Oracle servers based in 'login.(region-name).oraclecloud.com'.

"The SSO passwords are encrypted, they can be decrypted with the available files. also LDAP hashed password can be cracked," rose87168 says. "I'll list the domains of all the companies in this leak. Companies can pay a specific amount to remove their employees' information from the list before it's sold.” 

They've also promised to share part of the data with anyone who can help decrypt the SSO or LDAP credentials. The threat actor told BleepingComputer that they acquired access to Oracle Cloud servers about 40 days ago and claimed to have emailed the firm after exfiltrating data from the US2 and EM2 regions.

In the email conversation, rose87168 said that they asked Oracle to pay 100,000 XMR for information on how they infiltrated the systems, but the company allegedly refused to pay after requesting for "all information needed for fix and patch.” 

When questioned how they breached the servers, the attackers stated that all Oracle Cloud servers are running a vulnerable version with a public CVE (flaw) that does not yet have a public PoC or exploit. However, BleepingComputer was unable to independently verify whether this was the case.
Read more »
Rhysida Ransomware
Cybersecurity Attack Data Breach Pennsylvania State Education Association (PSEA) Ransomware attack Rhysida Ransomware

Pennsylvania Education Union Alerts Over 500,000 Individuals of Data Breach

 

The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying more than half a million individuals that their personal data was compromised in a cybersecurity breach that occurred in July 2024.

Representing over 178,000 education professionals—including teachers, support staff, higher education employees, nurses, retirees, and future educators—PSEA disclosed the breach in letters sent to 517,487 affected individuals.

"PSEA experienced a security incident on or about July 6, 2024, that impacted our network environment," the organization stated in its notification. "Through a thorough investigation and extensive review of impacted data, which was completed on February 18, 2025, we determined that the data acquired by the unauthorized actor contained some personal information belonging to individuals whose information was contained within certain files within our network."

Types of Stolen Data

The stolen information varies by individual and includes sensitive personal, financial, and health-related details. This may include:
  • Driver’s license or state ID numbers
  • Social Security numbers
  • Account PINs and security codes
  • Payment card details
  • Passport information
  • Taxpayer identification numbers
  • Online credentials
  • Health insurance and medical records
In response to the breach, PSEA is offering free credit monitoring and identity restoration services through IDX for those whose Social Security numbers were affected. Eligible individuals must enroll by June 17, 2025. The union also advised affected individuals to monitor their financial statements, review credit reports for suspicious activity, and consider placing a fraud alert or security freeze on their credit files.

Although PSEA has not directly attributed the attack to a specific threat group, the Rhysida ransomware gang took responsibility for the breach on September 9, 2024. The cybercriminals reportedly demanded a 20 BTC ransom and threatened to leak stolen data if their demands were not met. While it remains unclear if PSEA complied with the ransom request, Rhysida has since removed the stolen data from its dark web leak site.

Rhysida, a ransomware-as-a-service (RaaS) group, first emerged in May 2023 and has been linked to several high-profile cyberattacks. Notable incidents include breaches at the British Library, the Chilean Army, and Sony subsidiary Insomniac Games. In November 2023, the group leaked 1.67 TB of documents after Insomniac refused to pay a $2 million ransom.

More recently, Rhysida affiliates targeted Lurie Children’s Hospital in Chicago in February 2024, attempting to sell stolen data for 60 BTC (approximately $3.7 million at the time). Other victims include the Singing River Health System, which suffered a data breach affecting 900,000 individuals in August 2023, and the City of Columbus, Ohio, where 500,000 residents’ data was compromised in July 2024.

Cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, have warned that Rhysida ransomware affiliates continue to launch opportunistic attacks across various industry sectors. Additionally, the U.S. Department of Health and Human Services (HHS) has linked the group to multiple cyberattacks targeting healthcare institutions.
Read more »
Subscribe to: Posts (Atom)