2023 Compromise Roundup
2023-12-15 20:35:15 Author: krypt3ia.wordpress.com(查看原文) 阅读量:10 收藏

GPT

This post was created in tandem with ChatGPT4 with the Icebreaker Intel Analyst Agent by Scot Terban

January 2023:

Twitter Data Breach: Around 200 million Twitter users’ email addresses were sold on the dark web due to a flaw fixed in January 2022【54†source】.

Slack Security Incident: Unauthorized access to Slack’s GitHub account led to the download of private code repositories. No customer data or Slack’s primary codebase was affected【55†source】.

Chick-fil-A Data Breach: Suspicious activity linked to customer accounts was investigated, with customers advised to remove stored payment methods from their accounts【53†source】.

JD Sports Data Breach: Up to 10 million customers may have had their information accessed by hackers【50†source】.

T-Mobile Data Breach: Around 37 million customers had their data accessed by hackers. This raised questions about T-Mobile’s data security measures【51†source】.

MailChimp Breach: A threat actor accessed data from 133 MailChimp accounts through a social engineering attack【52†source】.

PayPal Data Breach: Unauthorized parties accessed PayPal customer accounts using stolen login credentials【52†source】.

February 2023: 8. Activision Data Breach: Sensitive employee data and content schedules were exfiltrated after an employee’s credentials were obtained in a phishing attack【45†source】.

Atlassian Data Breach: The SiegedSec hacking group extracted staff data and office floor plans【46†source】.

Reddit Data Breach: Internal docs, code, and business systems were accessed, but no primary production systems or non-public data were breached【47†source】.

Optus Data Breach Extortion Attempt: A man was sentenced for blackmailing customers using data from an Optus data breach【48†source】.

Weee! Data Breach: 1.1 million customers had their personal information exposed, but no payment data was exposed【48†source】.

Sharp HealthCare Data Breach: 62,777 patients’ personal information, including health insurance data, was compromised【49†source】.

March 2023:

ChatGPT Data Leak: Personal data of customers, including some credit card information, was leaked due to a bug【43†source】.

US House of Representatives Data Breach: Sensitive data belonging to federal legislators and families may have affected up to 170,000 people【44†source】.

April 2023:

Pizza Hut/KFC Data Breach: Yum! Brands confirmed personal data exposure during a ransomware attack in January【40†source】.

MSI Data Breach/Ransomware Attack: Money Message ransomware gang claimed to have stolen 1.5TB of information from MSI【41†source】.

Western Digital Data Breach: Unauthorized access to cloud systems was reported, impacting users’ ability to access cloud features【42†source】.

May 2023:

T-Mobile Data Breach (800 customers affected): Customer contact information, ID cards, and social security numbers were scraped from accounts【39†source】.

Discord Data Breach: Information may have been exposed after a malicious actor gained access【38†source】.

US Government Data Breach: Personal information of 237,000 employees was exposed in a Department of Transport breach【37†source】.

PharMerica Data Breach: Personal data of 5.8 million individuals were extracted from the health provider’s systems【36†source】.

Suzuki Data Breach: Operations at a plant in India were halted, incurring a production loss of over 20,000 vehicles【35†source】.

Apria Healthcare Data Breach: Almost 1.9 million customers were notified of a potential data exposure【34†source】.

June 2023:

MOVEit Hack: Sensitive data from firms like Zellis, British Airways, BBC, and Nova Scotia was compromised due to a file transfer tool hack【33†source】.

Intellihartx Data Breach: Over half a million patients’ medical details, including social security numbers, were stolen【32†source】.

Reddit Data Breach: BlackCat ransomware gang threatened to leak 80GB of confidential data【32†source】.

Bryan Cave/Mondelez Data Breach: Personal information of 51110 employees was compromised【31†source】.

UPS Canada Data Breach: Customers’ personal information may have been exposed due to fraudulent messages【30†source】

American Airlines Data Breach: Information of thousands of pilots applying to American Airlines and Southwest Airlines was stolen from a recruiting company’s database​

July 2023:

Roblox Data Breach: Data of 4,000 members of Roblox’s developer community, including phone numbers and email addresses, was exposed​

PokerStars Data Breach: Information of 110,000 customers, including social security numbers, was exposed by the Cl0p ransomware cartel​

​.Norwegian Government Breach: Hackers exploited a zero-day vulnerability in a third-party IT platform to hack into the government’s systems​​.Maximus Data Breach: Health-related data of 8 to 11 million US citizens was accessed due to the exploitation of the MOVEit transfer vulnerability​

August 2023: 35. Police Service of Northern Ireland Data Breach: Data of every police officer in Northern Ireland was leaked mistakenly during a Freedom of Information request response​

Missouri Medicaid Data Breach: Recipients’ health information was stolen, likely due to the MOVEit transfer vulnerability​

​.IBM MOVEit Data Breach: 4.1 million patients’ healthcare data was stolen due to a vulnerability in MOVEit transfer software​​.Discord.io Data Breach: Sensitive information of 760,000 users, including passwords and billing addresses, was extracted​​.Duolingo Data Breach: Data of 2.6 million users, including names and phone numbers, was leaked on BreachForums​​.Forever 21 data breach: 500,000 customers were affected, with names, dates of birth, bank account information, and Social Security numbers accessed​

September 2023: 41. Hunter Biden Data Breach lawsuit: Hunter Biden sued for accessing and sharing his personal information​

​.

SONY Data Breach: Ransomware.vc extracted over 6,000 files from SONY’s systems​

​.Ontario Birth Registry Data Breach (MOVEit): Around 3.4 million people’s healthcare data was exposed due to a vulnerability in the MOVEit file transfer tool​​.Topgolf Callaway Data Breach: Over one million customers’ data, including full names and addresses, was stolen​​.Freecycle Data Breach: Seven million users’ data, including user IDs and email addresses, was affected​

October 2023:

Indian Council of Medical Research Data Breach: Health data of around 815 million Indian citizens was exposed​

​.Okta Data Breach: Unauthorized access to Okta’s support case management system was gained using stolen credentials​

​.Air Europa Data Breach: Financial information of customers, including card numbers and CVV numbers, was accessed​​.23andMe Data Breach: Genetic data of customers was stolen in a credential-stuffing attack​

November 2023: 50. Vanderbilt University Medical Center Data Breach: Fell victim to a ransomware attack orchestrated by the Meow ransomware gang​

Toronto Public Library Data Breach: Sensitive information of employees and customers was stolen in a ransomware attack by the Black Basta gang​

Infosys Data Breach: A security event made several applications unavailable in its US unit​​.Boeing Data Breach: A cyber incident impacted various elements of its business​

December 2023: 54. Norton Healthcare Data Breach: Data breach impacting about 2.5 million people, involving unauthorized access to personal information​​.

Links:

  1. Twitter Data Breach: thenewstack.io
  2. Slack Security Incident: slack.com
  3. Chick-fil-A Data Breach: bleepingcomputer.com
  4. JD Sports Data Breach: malwarebytes.com
  5. T-Mobile Data Breach (January): t-mobile.com
  6. MailChimp Data Breach (January): mailchimp.com
  7. PayPal Data Breach (January): bleepingcomputer.com

文章来源: https://krypt3ia.wordpress.com/2023/12/15/2023-compromise-roundup/
如有侵权请联系:admin#unsafe.sh