Tag: data exposure
47 articles

Law Firm's Single Password Weakness Exposes Client Data
A shocking security lapse at a law firm has put client data at risk due to a single, weak password that was used across the board. This simple yet critical mistake highlights the importance of robust password management in protecting sensitive information.

Musk Vows Data Purge After Grok Exposes User Repos
Elon Musk has vowed to wipe out all user data uploaded to SpaceXAI, following a shocking discovery that the company's AI tool, Grok Build, was secretly sending entire repositories, complete with full Git history and raw files, to a Google Cloud Storage bucket. The purge promises a clean slate, with Musk assuring that zero data will remain.

Grok Build Exposes Git Repositories to Unintended Storage
Elon Musk has made a bold promise to erase all user data uploaded to Grok Build before now, assuring users that their content will be completely deleted. This move comes after a researcher discovered that Grok Build was inadvertently storing entire Git repositories, including sensitive files and commit history, in a Google Cloud Storage bucket.

Medtronic Breach Exposes Patient Health Data to Cybercrooks
Medtronic is alerting patients that their personal and health information may have been compromised in a recent data breach, but has reassured them that the incident didn't impact the safe operation of its medical devices. The breach, detected on April 15, occurred between April 13 and 19, and Medtronic is now notifying affected individuals.

India's .bank.in Domain Registry Exposes Sensitive Bank Employee Data
A major security slip-up by the registrar for India's .bank.in domain has left 5,576 bank employees' sensitive credentials and contact details exposed, putting their security at risk. This breach undermines the very purpose of the .bank.in namespace - to protect Indian banking web identities from phishers and fraudsters.

Human Error Exposes Security Breaches Despite AI Advances
Despite advancements in AI, human error continues to expose security breaches, as seen in a recent Salesforce supply-chain compromise where a legacy credential was exploited. A company called Klue, which integrates with Salesforce, was compromised when attackers used OAuth tokens to access customer data.

Nissan Discloses Oracle PeopleSoft Breach Exposing Payroll Records
Nissan has alerted the California Attorney General to a potential data breach, revealing that a cyber attack on Oracle PeopleSoft systems may have exposed sensitive payroll records of hundreds of companies, including Nissan, from May 27 to June 9. The automaker believes it was specifically targeted in the attack, which may have compromised a range of personnel data.

Securing Agentic AI Workspaces Requires Unified Governance
Nine out of 10 organisations are already harnessing AI assistants, but many are flying blind - unsure if these powerful tools have been compromised. As AI agents assume their own identities and access rights, a misconfigured or compromised agent can quickly become a high-speed pathway for data breaches and credential abuse.

LastPass Breach Exposes Customer Data in Supply Chain Hack
LastPass recently discovered a security incident at Klue, a third-party platform they use, which led to an unauthorized actor accessing some customer data through its Salesforce environment. Fortunately, customer vaults and core products remain secure, and swift action has been taken to mitigate the breach.

Icarus Hack Exposes Hundreds of Firms in Supply-Chain Breach
On June 11, a massive supply chain breach occurred when hackers exploited a weak link at Klue, a market intelligence provider used by over 250,000 companies worldwide, gaining access to sensitive data across hundreds of firms. The attackers used a compromised legacy credential to obtain OAuth tokens and infiltrate connected customer environments.

US Carrier Exposed Credit Card Data in Clear Text
A newly hired database admin stumbled upon a shocking discovery on her first day - a main production server containing sensitive customer data, including full 16-digit credit card numbers stored in plain text, Social Security numbers, and billing information. The exposed data was found on a server that didn't even require a secondary system lookup, making it alarmingly accessible.

Telco Exposes Customer Data in Cleartext, Ignoring Basic Security Protocols
A new hire was granted sudo-level access to a live production database on their first day, with management's casual instruction to "take a look" - and promptly uncovered customer records stored in easily accessible cleartext. This alarming lapse in security protocols left sensitive customer information, including full personal details and payment numbers, exposed and vulnerable.

Weak Onboarding Passwords Expose Corporate Systems to Unnecessary Risk
Poorly handled onboarding passwords can put entire corporate systems at risk, exposing sensitive data to potential breaches - and it's a problem that's easier to prevent than you think. Temporary passwords sent via email or SMS can be intercepted, forwarded, or compromised, creating an open invitation for attackers.

ServiceNow Security Incident Exposes Customer Data via API Flaw
ServiceNow recently patched a critical API flaw that allowed attackers to access sensitive customer data, but not before detecting anomalous activity that hinted at a broader intrusion. The company quietly alerted affected customers through a discreet support bulletin and direct outreach.

CEO's File Share Mishap Exposes Workplace Security Lapses
Imagine being called in to help a CEO recover deleted files, only to discover a shocking secret: a treasure trove of explicit content stored on a company file share that's accessible to anyone. The awkward moment that followed will leave you cringing - and wondering how something so sensitive could be so carelessly exposed.

CISA Faces Scrutiny Over Leaked Credentials
The US Cybersecurity and Infrastructure Security Agency (CISA) is under fire after dozens of its internal credentials were accidentally exposed on a public GitHub account, sparking concerns over potential security breaches. Despite the agency's assurance that no sensitive data was compromised, lawmakers and experts are demanding answers on how this incident occurred.

Trump Mobile Website Exposed Thousands of User Records
A shocking security lapse has been uncovered on the Trump Mobile website, allegedly exposing thousands of users' sensitive information, according to a report by The Register. The breach claim, made by a techie, raises serious concerns about the website's data protection measures.

CISA Exposes Sensitive Data in Unsecured GitHub Repository
A shocking security lapse was uncovered when a GitGuardian researcher stumbled upon a public GitHub repository containing 844 MB of sensitive production infrastructure material from a national agency, left exposed for a staggering six months. This alarming data leak highlights the gravity of unsecured data, with expert Guillaume Valadon describing it as one of the most serious secrets leaks he's ever seen.

GitHub Breach Exposes Internal Repositories
GitHub has confirmed a cyber incident that exposed its internal repositories, sparking concerns about the security of code and sensitive data. The breach raises questions about the potential impact on users and the measures being taken to prevent future incidents.

Autonomous AI Exposes New Risks in Enterprise Environments
As autonomous AI weaves itself into the fabric of enterprise operations, it brings a new wave of complexity and unpredictability, testing the limits of infrastructure and IT teams like never before. The result? A whole new landscape of operational and infrastructure risks that threaten to upend traditional security and recovery models.

UK Water Supplier Fined $1.3M for Data Exposure Lapse
A UK water supplier has been slapped with a $1.3 million fine after a devastating cyber attack exposed the personal data of nearly 664,000 customers and employees, with sensitive information even being published on the dark web. The hefty penalty was reduced by 40% after the company admitted liability and cooperated with investigators.

NVIDIA Discloses GeForce NOW Breach Affecting Armenian Users
NVIDIA recently discovered a security breach affecting users of GeForce NOW in Armenia, which was caused by a compromised system operated by a third-party partner, not by NVIDIA's own network. The company is working closely with the partner to resolve the issue and notify affected users.

Defense Contractor Exposes Military Training Data Through API Flaw
A defense contractor's careless API flaw left sensitive military training data vulnerable, sparking a 152-day saga between the contractor and the open-source security project Strix that ultimately led to the exposure being patched. The breach was caused by a low-privilege account having broad access to user records and training materials due to lax authorization checks.

Voter Data Exposes Personal Info to Potential Abuse
Your voter data is at risk of being exposed and used against you, with publicly available registration files potentially revealing sensitive information about you and your family. Even redacted files can be easily linked to other public datasets, making it simple for employers, fraud rings, or others to access your personal info.