Yesterday we reported that the source code stealing group, Lapsus$, claimed they have breached and stollen source code from Microsoft. They made the announcement on their Telegram account by posting a screenshot of the projects they claimed to have access to. Now, as with other leaks, they have dropped a compressed file (7zip) via Torrent which appears to contain around 37GB of source code.

The latest report from the ITRC (Identity Theft Resource Center) has been released and it shows us some sadly unsurprising data. According to the report, 2021 data compromises are up 68% (1,862) compared to 2020 numbers and 23% higher than the highest year on record 2017 (1,506). The report adds that compromise of sensitive personal data is also up but has not topped 2017 as the record year for that type of data loss. Attack trends have changed slightly with attackers appearing to target specific data rather than just trying to dump everything. This has led to an overall reduction in the total number of actual victims while the number of repeat victims is still very high.

You have to love how easy it is to find information out in the wilds of the internet. In the last couple of weeks a number of cloud-databases have been found to be leaking data to the interment due to an almost total lack of security. The latest one seems to be a group of 191… Million voters in the US. Yup, if you have voted in any election since 2000 your personal information is out there on the open internet. The information that is out contains names, addresses, party affiliation and voter ID numbers… it is not as bad as it could be, but it is still bad.

Hey remember the group that launched the DDoS attack on Steam? Well they are back and have decided to make a little bit bigger of a statement than just throwing packets at a group of servers. This time they appear to have managed to grab a large number of user information from companies like Blizzard, Ubisoft and many others. They have taken this information and (unsurprisingly) dumped it to paste bin. If you do not know who we are talking about it is the DerpTrolling “hacker” group and they have been on a mission to shame just about every game publishing/distribution company on the planet.

Since the beginning of 2014 the IT world has been rocked by more than a few major breaches. The number of credit cards and user information now up for sale is staggering. So how have these attacks managed to get in and make off with so much data so quickly? Of course there are the usual suspects in these cases, weak passwords and users downloading malware on their systems that allow a potential attacker into their system.

Global auction service eBay was hacked. The company began sending alerts to its users to change their passwords. The attack compromised the personal data of eBay users - names, (encrypted) passwords, email addresses, and phone numbers. However, the company assures that the financial information of users are safe, and there is no indication that the PayPal was hacked too.

One of the largest US retail chains, Target, founded in 1902 admitted that unknown attackers stolen encrypted PINs from their system. Alienated data contained the names of customers, credit and debit card and CCV numbers that are used to activate the card on Target's webpage.

The threat of a data breach is one that every company faces and it is also an eventuality that they all know can happen at any time. The number of daily attempt to penetrate corporate security is staggering as is the number of successful attack where at least some data is taken. It is for this reason that we still a confused when companies want to move to a cloud based or subscription style software agreement. Once all of that billing information is stored in a single spot (even multiple data centers) it becomes a very big target. Adobe has found that out the hard way as they are now reporting a breach that lost the information for approximately 2.9 Million users and source code for Cold Fusion and Acrobat.

Pirate Pay founder Gottfird Svartholm has managed to successfully appeal the two year sentence imposed after he was found guilty of hacking Logica, a Swedish IT company (as well as aggravated fraud and attempted aggravated fraud). Although throughout the trial Svartholm maintained his innocence the court (Nacka District) still felt he was responsible for at least hacking the IT company. Svartholm was also found guilty of hacking a local bank (Nordea). The court sentenced him to two years in prison.

On the pages of the popular MOBA title League of Legends warning appeared which states that the date of the players from the  North American servers are in danger. According to the statement, unknown perpetrators have come up with user names, e-mail address, masked passwords and some full names.