Tech support scam caused massive data breach at Australian airline Qantas
It’s possible to leak PII describing 5.7 million people without breaching privacy rules
Data leaks can expose passwords, personal records, and business secrets, enabling identity theft, fraud, extortion, and follow-on cyberattacks.
Search across headline titles and summaries.
Background for this topic.
Leak is the unauthorized disclosure or exposure of information to people or systems not meant to receive it. It may be deliberate or accidental and can involve personal data, credentials, API keys, source code, trade secrets, or internal documents. A leak can result from theft and publication, an employee sending data to the wrong recipient, or an exposed cloud storage bucket, database, log, repository, or backup. The term describes the exposure, not necessarily how attackers obtained it; reporting may refer to both confirmed disclosure and suspected exposure.
Security teams should establish what data was accessible, to whom, and for how long, while distinguishing evidence of access from mere exposure. Exposed passwords, tokens, and keys should be revoked or rotated quickly, and affected systems checked for reuse or further access. Personal or regulated data may trigger privacy and reporting obligations, while leaked proprietary material can require legal and threat-intelligence monitoring. Prevention includes least-privilege access, secret scanning, safe sharing controls, encryption where appropriate, and monitoring for misconfigured public resources.
Weekly headline count for the current query.
It’s possible to leak PII describing 5.7 million people without breaching privacy rules
Leaked negotiations spill the tea
Per usual, there's no fix – or even any documentation – for GitLost
ShinyHunters leaks names, addresses, DOBs, and more after Christian college discloses cyberattack
Open API could reveal everything an attacker needs to impersonate bank officials
Plus more blasts from the past: NetWare, FTP, and HTTP
Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks
California AG claims genetics biz downplayed 2023 mega-leak while paying ransom to attacker
Telco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there
Reform UK leader alleges Moscow broke into his phone and leaked £5M gift story, but security specialists await evidence
Customers' info potentially handed to anyone who could send an HTTP request
UPDATED: Sorry, kids, everything's back up so get to work on your new assignment - An essay on the ethics of paying ransoms, because it looks like that's what happened here
GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough
GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough The Cybersecurity and Infrastructure Security Agency (CISA) is warning anyone who uses GrassMarlin, a tool developed by the National Security Agency (NSA), about a new vulnerability that attackers can use to snoop on sensitive information.…
Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump
Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump Updated Logistics technology company Pitney Bowes, which makes franking machines for US postage, is the latest scalp claimed by ShinyHunters and its ongoing spree of pay-or-leak attacks against major organizations.…
Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records
Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records Carnival Corporation, the world's largest cruise company, is dealing with choppy waters after Have I Been Pwned flagged what it claimed were 7.5 million unique email addresses all allegedly tied to one of its subsidiaries. …
Mexican IT services firm admits it was hacked, but says client operations weren't affected A Mexican IT infrastructure and digital transformation biz is on clean-up duty after a criminal posted screenshots of what they claimed was company video surveillance footage to a cybercrime forum.…
A lesson in how not to respond to vulnerability reports UPDATED Vibe-coding platform Lovable is pooh-poohing a researcher’s finding that anyone could open a free account on the service and read other users' sensitive info, including credentials, chat history, and source code. However, the company’s story keeps changing: First it attributed the publicly exposed info to "intentional behavior" and "unclear documentation," then threw bug-bounty service HackerOne under the bus.…