Security news aggregator

Latest coverage for Leak

Data leaks can expose passwords, personal records, and business secrets, enabling identity theft, fraud, extortion, and follow-on cyberattacks.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Leak is the unauthorized disclosure or exposure of information to people or systems not meant to receive it. It may be deliberate or accidental and can involve personal data, credentials, API keys, source code, trade secrets, or internal documents. A leak can result from theft and publication, an employee sending data to the wrong recipient, or an exposed cloud storage bucket, database, log, repository, or backup. The term describes the exposure, not necessarily how attackers obtained it; reporting may refer to both confirmed disclosure and suspected exposure.

Security teams should establish what data was accessible, to whom, and for how long, while distinguishing evidence of access from mere exposure. Exposed passwords, tokens, and keys should be revoked or rotated quickly, and affected systems checked for reuse or further access. Personal or regulated data may trigger privacy and reporting obligations, while leaked proprietary material can require legal and threat-intelligence monitoring. Prevention includes least-privilege access, secret scanning, safe sharing controls, encryption where appropriate, and monitoring for misconfigured public resources.

Showing 3 most recent headlines Filtered view

'Have I Been Pwned' Founder Troy Hunt Reviews Impact on People and OrganizationsThe volume of data breaches that result in stolen personal data being leaked online has been surging, "courtesy of the ShinyHunters," and while it affects individuals, the organizations being extorted are bearing the brunt of such attacks, said Troy Hunt, founder and CEO of Have I Been Pwned.

Hackers Constantly Break 'Confirmation of Data Destruction' PromisesWhen a business that stores children's personal data gets hit by data-leaking extortionists, what should it do? For Instructure, which develops online learning platform Canvas, the answer was to pay a ransom, and tell victims, straight-faced, to have "digital confirmation of data destruction."

Internal Communications Dumped Online, Revealing Fresh Victims, Repeat TacticsRansomware group The Gentlemen, a relative newcomer to the cybercrime scene, suffered a leak of its internal communications, revealing previously non-public victims, a variety of tactics, techniques and tools, and a relentless focus on popping backup and storage infrastructure.