Displaying items by tag: data leak

Using a famous idiom, it looks like the shoe is on the other foot as BreachForums has found themselves the victim of a data breach and release of data. The breach took place in November of 2022 and culminated with the arrest of one of the owners of the forum. The responsible parties were able to attack and exfiltrate data from the site including user information, IP addresses and internal messages sent between users and the forum.

After learning that there were malicious ads containing links to ChatGPT apps (for Windows), Apple launched a legitimate app for IOS. The app brings the very popular LLM to Apple users at a time when some are becoming more hesitant about its use. It has not been that long since Samsung accidentally leaked confidential information via the platform. This prompted both Microsoft (a heavy investor) and OpenAI themselves to start work on private environments where data put into the model is not used to train it.

A recent incident where ChatGPT users at Samsung unknowingly exposed sensitive data via ChatGPT has raised concerns in multiple industries. The banking and finance industry saw several companies put a stop on the use of ChatGPT and certain regulators began investigating how its use could leak PII, or other financial information. To combat this new obstacle to business adoption, Microsoft is looking to offer a private business model which would exclude user input from being used to train the LLM.

The Lapsus$ group, the same ones that broke into NVIDIA and Stole corporate data and had their attack VM encrypted, appear to have also broken into Samsung. Lapsus$ has leaked what they claim to be source code for several sensitive applications include apps that run in the Trust Zone on Samsung Mobile Devices.