Security news aggregator

Latest coverage for Leak

Data leaks can expose passwords, personal records, and business secrets, enabling identity theft, fraud, extortion, and follow-on cyberattacks.

11 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Leak is the unauthorized disclosure or exposure of information to people or systems not meant to receive it. It may be deliberate or accidental and can involve personal data, credentials, API keys, source code, trade secrets, or internal documents. A leak can result from theft and publication, an employee sending data to the wrong recipient, or an exposed cloud storage bucket, database, log, repository, or backup. The term describes the exposure, not necessarily how attackers obtained it; reporting may refer to both confirmed disclosure and suspected exposure.

Security teams should establish what data was accessible, to whom, and for how long, while distinguishing evidence of access from mere exposure. Exposed passwords, tokens, and keys should be revoked or rotated quickly, and affected systems checked for reuse or further access. Personal or regulated data may trigger privacy and reporting obligations, while leaked proprietary material can require legal and threat-intelligence monitoring. Prevention includes least-privilege access, secret scanning, safe sharing controls, encryption where appropriate, and monitoring for misconfigured public resources.

Showing 11 most recent headlines Filtered view
Bank Info Security 2 years, 3 months ago

Trend Micro Spots Possible iSoon Campaign

Victims Include at Least 70 Organizations Across 23 CountriesSecurity researchers say they've spotted a hacking campaign with a strong focus in Southeast Asia that could be the work of Chinese state hacking contractor iSoon, the company whose February internal data leak threw a spotlight on a network of private sector companies hacking on behalf of Beijing.

Bank Info Security 2 years, 3 months ago

After 70M Individuals' Data Leaks, AT&T Denies Being Source

Dataset Leaked for Free; ShinyHunters Cybercrime Gang First Advertised It in 2021Data breach blast from the past: Data pertaining to 70 million individuals that the ShinyHunters gang claimed were AT&T customers has been leaked via a hacking forum, three years after criminals first offered it for sale. AT&T said the information didn't appear to have been stolen from its systems.

Bank Info Security 2 years, 3 months ago

Ransomware Groups: Trust Us. Uh, Don't.

Review of Attacks Finds Inconsistent Data Leaks and Victim Naming, Broken PromisesRansomware groups hope threats are enough to sway victims so they don't have to follow through. For victims who pay ransoms, the results are almost guaranteed to be less than advertised - more akin to buying a pig in a poke than a contractual guarantee of service.