Latest News: Data Breaches

According to multiple reports, a threat actor is attempting to sell the stolen data of over 21.3 million PrestaShop users on a dark web forum. Potential buyers can already view a subset of the data for free before deciding whether to bid on the entire database. The data obtained in the breach

A group of hackers claims to have breached PayPal and is offering a dataset of 15.8 million credentials on the deep web. The threat actor behind the allegedly stolen data insists it is up to date and describes it as a “goldmine” for cybercriminals. PayPal denies the breach. According to

K7 Security Labs researchers have raised the alarm after discovering an infostealer malware affecting Windows devices, dubbed “Silent Watcher.” Part of the Cmimai malware family, Silent Watcher demonstrates sophisticated mechanisms to achieve long-term persistence and redundant data

Google revealed that it’s the latest major company victim in a series of data breaches involving the exploitation of Salesforce CRM users. ShinyHunter, the threat actor, used social engineering tactics to impersonate IT support staff in phone calls to employees of target businesses. As of now,

A jury found Meta guilty of contravening the California Invasion of Privacy Act for using data from the female health tracking app, Flo Health. A co-defendant in the trial, Flo, had reached a settlement with the plaintiffs earlier in the trial. Claiming more than 420 million users worldwide, Flo

Tea, a viral dating advice app, suffered a major data leak, exposing 72,000 user images as well as direct messages. According to reports, the app itself left a Firebase storage bucket publicly accessible, with no authentication, encryption, or access controls — meaning anyone with the URL could

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about an unencrypted and non-password-protected database that contained 3,587,960 records. The database, which presumably belongs to an Australian fashion brand, held invoices, shipping information, and return details.

Cybersecurity researchers have discovered what’s believed to be the largest-ever data breach, consisting of up to 16 billion login credentials. The data consists of usernames, passwords, session cookies, and authentication tokens from almost every major website and online service, including

A California court has ordered Google to pay $314 million in damages regarding allegations that it misappropriated users’ cellular data to transfer background data for its services without their consent. According to the plaintiffs, these transfers would continue even when the phone is in a

Cybersecurity researcher Jeremiah Fowler discovered and reported to vpnMentor an unencrypted and non-password-protected database that contained 245,949 records. The database, which presumably belonged to a tax credit consulting agency, held PII, driver’s licenses, military discharge forms,