Data Breach at GoTo: Encrypted Customer Information Compromised

On January 23, 2023, GoTo released a statement detailing an update to the ongoing data breach investigation. Business owners should pay attention to this incident and its implications for their security practices. Details of the Hack: According to GoTo’s statement, the attack was first confirmed on November 30, 2022, involving unauthorized access to the company’s systems. The attackers gained access …

PayPal Hack: 35,000 Accounts Compromised in Credential Stuffing Attack

On December 20, 2022, PayPal, one of the most widely used online payment platforms, confirmed that 35,000 users’ accounts had been compromised due to a security breach. An unauthorized party viewed and potentially obtained some personal information of PayPal customers between December 6, 2022, and December 8, 2022. As soon as PayPal identified the breach, the company immediately took steps …

T-Mobile Data Breach Impacts Millions

The mobile phone provider recently announced that a data breach had impacted 37 million T-Mobile accounts. In a Form 8-K filing with the US Securities and Exchange Commission, T-Mobile said they realized an authorized entity obtained data via a single API on January 5, 2023. Unlike other data breach cases where customer data is sometimes preserved, the hackers have stolen …

Twitter Data of 235 Million Accounts Leaked

A dataset purportedly comprising the email addresses and phone numbers of over 400 million Twitter users just a few weeks ago was listed for sale on the hacker forum Breached Forums. The information was initially released on December 23, 2022, by a hacker going by the handle “Ryushi.” The attacker demanded $200,000 for an “exclusive” sale of the information. The …

LastPass Security Breach: Encrypted Passwords at Risk

LastPass, a popular password manager, announced that an unauthorized party accessed the company’s archived backups of its production data on a third-party cloud-based storage service. According to the company’s investigation, a threat actor accessed the cloud storage environment in August 2022 with information obtained from an earlier incident. Although the threat actor did not access customer data in the August …

DraftKings Data Breach Exposes Personal Information of 68,000 Customers

In late November 2022, sports betting firm DraftKings announced that it had suffered a data breach affecting approximately 68,000 customers. The company stated that the breach resulted from a credential stuffing attack, in which attackers obtained credentials from a third-party source and attempted to use them to access DraftKings accounts. According to DraftKings, the attackers were able to withdraw around …

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program’s data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for sale on a cybercrime forum called Breached. When Krebs called the seller, also known as …

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of human resources, benefits, and payroll. For the past 21 years, they’ve worked with both corporate clients …

Vice Society Claims Cincinnati State College Cyberattack

Data allegedly stolen from Cincinnati State Technical and Community College has been leaked after Vice Society attacked the campus. Many of the stolen documents were posted on the hackers’ websites. These documents date from several years ago until November 24, 2022, suggesting that threat actors still have access to the compromised systems, but this has not been confirmed. The leaked …

Dropbox Suffers Major Breach in Phishing Attack

It’s no secret that cyber attacks are on the rise, and that no company is immune to them. Dropbox, a cloud storage company, was the lastest victim when their GitHub account was compromised. This allowed attackers access to 130 code repositories, which contained sensitive data. Dropbox was notified of a potential breach on October 14th from GitHub, who observed suspicious …