Skip to main content

Tag: data exposure

47 articles

Vulnerable password on whiteboard amidst blurred office equipment and files.

Law Firm's Single Password Weakness Exposes Client Data

A shocking security lapse at a law firm has put client data at risk due to a single, weak password that was used across the board. This simple yet critical mistake highlights the importance of robust password management in protecting sensitive information.

Analyst 207
Dimly lit server room with exposed cables and a hint of data deletion.

Musk Vows Data Purge After Grok Exposes User Repos

Elon Musk has vowed to wipe out all user data uploaded to SpaceXAI, following a shocking discovery that the company's AI tool, Grok Build, was secretly sending entire repositories, complete with full Git history and raw files, to a Google Cloud Storage bucket. The purge promises a clean slate, with Musk assuring that zero data will remain.

Analyst 207
Laptop and external hard drive on a desk with a blurred cloud storage interface nearby, indicating potential data exposure.

Grok Build Exposes Git Repositories to Unintended Storage

Elon Musk has made a bold promise to erase all user data uploaded to Grok Build before now, assuring users that their content will be completely deleted. This move comes after a researcher discovered that Grok Build was inadvertently storing entire Git repositories, including sensitive files and commit history, in a Google Cloud Storage bucket.

Analyst 207
Medical device on hospital bed with blurred computer records in background.

Medtronic Breach Exposes Patient Health Data to Cybercrooks

Medtronic is alerting patients that their personal and health information may have been compromised in a recent data breach, but has reassured them that the incident didn't impact the safe operation of its medical devices. The breach, detected on April 15, occurred between April 13 and 19, and Medtronic is now notifying affected individuals.

Analyst 207
Bank interior with teller counters, computers, and papers, hint of digital infrastructure in background.

India's .bank.in Domain Registry Exposes Sensitive Bank Employee Data

A major security slip-up by the registrar for India's .bank.in domain has left 5,576 bank employees' sensitive credentials and contact details exposed, putting their security at risk. This breach undermines the very purpose of the .bank.in namespace - to protect Indian banking web identities from phishers and fraudsters.

Analyst 207
Office workstation with laptop and CRM software, overlooking cityscape through large window.

Human Error Exposes Security Breaches Despite AI Advances

Despite advancements in AI, human error continues to expose security breaches, as seen in a recent Salesforce supply-chain compromise where a legacy credential was exploited. A company called Klue, which integrates with Salesforce, was compromised when attackers used OAuth tokens to access customer data.

Analyst 207
Rows of file cabinets and server racks in a brightly-lit corporate office with a slightly ajar cabinet drawer hinting at a…

Nissan Discloses Oracle PeopleSoft Breach Exposing Payroll Records

Nissan has alerted the California Attorney General to a potential data breach, revealing that a cyber attack on Oracle PeopleSoft systems may have exposed sensitive payroll records of hundreds of companies, including Nissan, from May 27 to June 9. The automaker believes it was specifically targeted in the attack, which may have compromised a range of personnel data.

Analyst 207
Securing Agentic AI Workspaces Requires Unified Governance

Securing Agentic AI Workspaces Requires Unified Governance

Nine out of 10 organisations are already harnessing AI assistants, but many are flying blind - unsure if these powerful tools have been compromised. As AI agents assume their own identities and access rights, a misconfigured or compromised agent can quickly become a high-speed pathway for data breaches and credential abuse.

Analyst 207
Worker's desk with desktop computer, papers, and blurred screen in bright office setting.

LastPass Breach Exposes Customer Data in Supply Chain Hack

LastPass recently discovered a security incident at Klue, a third-party platform they use, which led to an unauthorized actor accessing some customer data through its Salesforce environment. Fortunately, customer vaults and core products remain secure, and swift action has been taken to mitigate the breach.

Analyst 207
Modern office setting with computer servers and symbolic breach objects.

Icarus Hack Exposes Hundreds of Firms in Supply-Chain Breach

On June 11, a massive supply chain breach occurred when hackers exploited a weak link at Klue, a market intelligence provider used by over 250,000 companies worldwide, gaining access to sensitive data across hundreds of firms. The attackers used a compromised legacy credential to obtain OAuth tokens and infiltrate connected customer environments.

Analyst 207
Blurred screens and interfaces surround a prominent computer server in a dimly lit data center, conveying vulnerability.

US Carrier Exposed Credit Card Data in Clear Text

A newly hired database admin stumbled upon a shocking discovery on her first day - a main production server containing sensitive customer data, including full 16-digit credit card numbers stored in plain text, Social Security numbers, and billing information. The exposed data was found on a server that didn't even require a secondary system lookup, making it alarmingly accessible.

Analyst 207
Dimly lit server room with rows of computer equipment and a blurred figure in the background.

Telco Exposes Customer Data in Cleartext, Ignoring Basic Security Protocols

A new hire was granted sudo-level access to a live production database on their first day, with management's casual instruction to "take a look" - and promptly uncovered customer records stored in easily accessible cleartext. This alarming lapse in security protocols left sensitive customer information, including full personal details and payment numbers, exposed and vulnerable.

Analyst 207
Busy office scene with people working, an unattended laptop and other objects representing risks of weak passwords.

Weak Onboarding Passwords Expose Corporate Systems to Unnecessary Risk

Poorly handled onboarding passwords can put entire corporate systems at risk, exposing sensitive data to potential breaches - and it's a problem that's easier to prevent than you think. Temporary passwords sent via email or SMS can be intercepted, forwarded, or compromised, creating an open invitation for attackers.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit data center.

ServiceNow Security Incident Exposes Customer Data via API Flaw

ServiceNow recently patched a critical API flaw that allowed attackers to access sensitive customer data, but not before detecting anomalous activity that hinted at a broader intrusion. The company quietly alerted affected customers through a discreet support bulletin and direct outreach.

Analyst 207
Laptop screen displays file share interface on a plain surface in a corporate office setting.

CEO's File Share Mishap Exposes Workplace Security Lapses

Imagine being called in to help a CEO recover deleted files, only to discover a shocking secret: a treasure trove of explicit content stored on a company file share that's accessible to anyone. The awkward moment that followed will leave you cringing - and wondering how something so sensitive could be so carelessly exposed.

Analyst 207
Laptop screen shows GitHub repository with blurred username and repository name, in a softly focused CISA office background.

CISA Faces Scrutiny Over Leaked Credentials

The US Cybersecurity and Infrastructure Security Agency (CISA) is under fire after dozens of its internal credentials were accidentally exposed on a public GitHub account, sparking concerns over potential security breaches. Despite the agency's assurance that no sensitive data was compromised, lawmakers and experts are demanding answers on how this incident occurred.

Analyst 207
Smartphone screen on a desk shows a blurred webpage, hinting at data vulnerability.

Trump Mobile Website Exposed Thousands of User Records

A shocking security lapse has been uncovered on the Trump Mobile website, allegedly exposing thousands of users' sensitive information, according to a report by The Register. The breach claim, made by a techie, raises serious concerns about the website's data protection measures.

Analyst 207
Computer screen displays GitHub repository on a clutter-free desk with scattered papers.

CISA Exposes Sensitive Data in Unsecured GitHub Repository

A shocking security lapse was uncovered when a GitGuardian researcher stumbled upon a public GitHub repository containing 844 MB of sensitive production infrastructure material from a national agency, left exposed for a staggering six months. This alarming data leak highlights the gravity of unsecured data, with expert Guillaume Valadon describing it as one of the most serious secrets leaks he's ever seen.

Analyst 207
Brightly-lit tech workspace with rows of workstations and a few developers in the background.

GitHub Breach Exposes Internal Repositories

GitHub has confirmed a cyber incident that exposed its internal repositories, sparking concerns about the security of code and sensitive data. The breach raises questions about the potential impact on users and the measures being taken to prevent future incidents.

Analyst 207
Large, open office space with workstations and people, featuring a blank whiteboard on the wall.

Autonomous AI Exposes New Risks in Enterprise Environments

As autonomous AI weaves itself into the fabric of enterprise operations, it brings a new wave of complexity and unpredictability, testing the limits of infrastructure and IT teams like never before. The result? A whole new landscape of operational and infrastructure risks that threaten to upend traditional security and recovery models.

Analyst 207
Locked filing cabinet with scattered papers, symbolizing data security breach.

UK Water Supplier Fined $1.3M for Data Exposure Lapse

A UK water supplier has been slapped with a $1.3 million fine after a devastating cyber attack exposed the personal data of nearly 664,000 customers and employees, with sensitive information even being published on the dark web. The hefty penalty was reduced by 40% after the company admitted liability and cooperated with investigators.

Analyst 207
Cluttered computer workstation in a small office with a blurred laptop screen.

NVIDIA Discloses GeForce NOW Breach Affecting Armenian Users

NVIDIA recently discovered a security breach affecting users of GeForce NOW in Armenia, which was caused by a compromised system operated by a third-party partner, not by NVIDIA's own network. The company is working closely with the partner to resolve the issue and notify affected users.

Analyst 207
Military personnel train in a neutral facility with computer terminal in background.

Defense Contractor Exposes Military Training Data Through API Flaw

A defense contractor's careless API flaw left sensitive military training data vulnerable, sparking a 152-day saga between the contractor and the open-source security project Strix that ultimately led to the exposure being patched. The breach was caused by a low-privilege account having broad access to user records and training materials due to lax authorization checks.

Analyst 207
Voter registration document with redacted fields on a plain surface in a public office setting.

Voter Data Exposes Personal Info to Potential Abuse

Your voter data is at risk of being exposed and used against you, with publicly available registration files potentially revealing sensitive information about you and your family. Even redacted files can be easily linked to other public datasets, making it simple for employers, fraud rings, or others to access your personal info.

Analyst 207