Security news aggregator

Latest coverage for Leak

Data leaks can expose passwords, personal records, and business secrets, enabling identity theft, fraud, extortion, and follow-on cyberattacks.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Leak is the unauthorized disclosure or exposure of information to people or systems not meant to receive it. It may be deliberate or accidental and can involve personal data, credentials, API keys, source code, trade secrets, or internal documents. A leak can result from theft and publication, an employee sending data to the wrong recipient, or an exposed cloud storage bucket, database, log, repository, or backup. The term describes the exposure, not necessarily how attackers obtained it; reporting may refer to both confirmed disclosure and suspected exposure.

Security teams should establish what data was accessible, to whom, and for how long, while distinguishing evidence of access from mere exposure. Exposed passwords, tokens, and keys should be revoked or rotated quickly, and affected systems checked for reuse or further access. Personal or regulated data may trigger privacy and reporting obligations, while leaked proprietary material can require legal and threat-intelligence monitoring. Prevention includes least-privilege access, secret scanning, safe sharing controls, encryption where appropriate, and monitoring for misconfigured public resources.

Showing 7 most recent headlines Filtered view
Krebs on Security 2 years, 5 months ago

Who is Alleged Medibank Hacker Aleksandr Ermakov?

Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia's most destructive ransomware groups, but little more is shared about the accused. Here's a closer look at the activities of Mr. Ermakov's alleged hacker handles.

Bank Info Security 2 years, 5 months ago

Breach Roundup: EquiLend Faces Cyberattack, Systems Offline

Also: Ivanti Exploitation Continues; Apple Fixes First Zero-Day of 2024This week, U.S. short seller lender EquiLend Holdings was hacked, the Ivanti exploitation continued, Apple addressed the first zero-day of 2024, Ukraine said hackers had hit a Russian research center, Kasseika ransomware evolved, North Korean hackers were active, and Trello experienced a data leak.

Bank Info Security 2 years, 5 months ago

Ransomware on Tap as Major Water Providers Fall Victim

US and UK Water Giants Report Network Breaches and Data Leaks, But No EncryptionTwo major water providers in the U.S. and U.K. report that they recently fell victim to ransomware attacks. In both cases, attackers appear to have stolen employee or customer data that they're now holding to ransom. Ransomware trackers say known attacks, affecting all sectors, have been surging.

Bank Info Security 2 years, 5 months ago

Medical Lab Database Exposed 1.3M Records, COVID Test Info

Researcher Reported Configuration Issue to Cloud Vendor After Lab Failed to RespondAn unsecured database appearing to belong to a Netherlands-based medical laboratory exposed 1.3 million records on the internet, including COVID test results and other personal identifiable information, said a security researcher who discovered the trove and reported his findings to the company.

'Aleksandr Ermakov' isn't allowed down under after being linked to ten-million-record leak Australia's government has used the "significant cyber incidents" sanctions regime it introduced in 2021 for the first time, against a Russian named Aleksandr Gennadievich Ermakov whom authorities have deemed responsible for the 2022 attack on health insurer Medibank Private.…