108M Accounts Exposed, Ticketmaster Chaos & KEV Vulnerabilities.

A total of 17 breach events were found and analysed resulting in 108,341,368 exposed accounts containing a total of 35 different data types of personal datum. The breaches found publicly and freely available included UK Spam Database, ULP Alien Txt File - Episode 34, Car Gurus, Ben NL and Stealer Log 0555. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

This week’s breach tally? 17 events, but don’t let the number fool you. These incidents blew the doors off with over 108 million exposed accounts and 35 data types scattered across the web like confetti at a hacker’s parade. The usual suspects showed up, stealer logs and spam databases, alongside platforms like Car Gurus and Ben NL. For third-party companies, it’s a not-so-gentle reminder: your employee data could easily be collateral damage. And for individuals? That’s your digital footprint up for grabs, fuelling everything from spam storms to identity theft. Big exposure, bigger implications.

Cyber Update

The hacking collective ShinyHunters is back in the headlines again, continuing its global tour of corporate headaches.

This time the spotlight lands on Ticketmaster, where the group claims to have obtained 10 million Mail & Print event tickets for major concerts featuring artists such as Taylor Swift, Jennifer Lopez, and The Rolling Stones. In classic ransomware fashion, the group is reportedly demanding $1 million. Pay up, they say, or the tickets, complete with barcodes, will be released publicly.

If that happened, venues could find themselves facing a logistical nightmare. Anyone could theoretically print the tickets and attempt to use them at the gates. Imagine thousands of fans arriving with identical barcodes and venue staff desperately trying to figure out which tickets are legitimate and which are duplicates.

Drop those tickets onto social media a few days before a show and you’d have opportunists printing their way into concerts faster than you can say “security check”.

The top affected events, according to the claims, include:
- Hozier, 400,000 tickets
- Morgan Wallen, 350,000 tickets
- Foo Fighters, 320,000 tickets
- Justin Timberlake, 205,000 tickets
- Kacey Musgraves, 205,000 tickets
- Taylor Swift, 175,000 tickets
- P!nk, 170,000 tickets
- Jennifer Lopez, 143,000 tickets
- The Rolling Stones, 100,000 tickets
- Pearl Jam, 100,000 tickets

For venue security teams, this would be the digital equivalent of someone photocopying the keys to the building and handing them out on the street.

Meanwhile, over here in the UK, the government appears to have stumbled into a rather awkward security hiccup of its own. Reports suggest that a .gov tax portal allowed users to bypass authentication simply by pressing the back button three times in the browser.

Yes, really.

Users accessing the portal would normally be prompted to authenticate when selecting a company number. But by navigating backwards in the browser, the authentication step could allegedly be skipped altogether. Once inside, users could reportedly view company information and even modify certain company details.

For a government currently pushing digital ID systems, stricter online safety rules, and stronger identity verification requirements for social media platforms, the timing is… less than ideal. Advocating for tighter digital security across the internet is one thing. Accidentally demonstrating that a browser’s back button can bypass authentication on a government portal is quite another.

If nothing else, it’s a helpful reminder that before redesigning the internet, it’s worth double-checking the login page.

Software Vulnerabilities

Ivanti Endpoint Manager, CVE-2026-1603 (authentication bypass), KEV
CISA added this one to the KEV catalogue after evidence of active exploitation, which is the cyber equivalent of seeing smoke and shouting “perhaps check the building”. The flaw allows attackers to bypass authentication controls in Ivanti Endpoint Manager, effectively turning “admin access required” into “optional suggestion.”
What to do: patch immediately and review authentication logs for suspicious activity.

SolarWinds Serv-U / related platform flaws, KEV addition
SolarWinds popped up again in the KEV list thanks to vulnerabilities being actively abused in the wild. Attackers can leverage these weaknesses to gain remote access or execute commands depending on configuration. The industry takeaway is painfully familiar: if your software has previously starred in a supply-chain thriller, it deserves particularly aggressive patch hygiene.

VMware Workspace ONE, actively exploited vulnerability (KEV)
Workspace ONE joined the KEV catalogue alongside Ivanti and SolarWinds. When identity management platforms get vulnerabilities, things escalate quickly because they sit right in the middle of authentication and device control. In short: if attackers compromise the gatekeeper, the rest of the estate becomes a guided tour.

Microsoft Windows / enterprise stack, March Patch Tuesday fixes (78+ vulnerabilities)
Microsoft’s March Patch Tuesday landed with a healthy bundle of fixes across Windows, Office, SQL Server and Azure components. While none were confirmed as exploited zero-days in the initial disclosures, the sheer number of issues reminds us that patch Tuesday is less a suggestion and more a monthly survival ritual.

The “patch velocity problem”
A recurring theme in vulnerability research: attackers increasingly weaponise flaws within hours of disclosure. That means the old corporate strategy of “we’ll patch in the next quarterly maintenance window” now sits somewhere between optimistic and delusional. The modern reality is simple, if it’s in KEV, it’s already being used against someone.

Data & Privacy Headlines

AI-powered cybercrime is scaling like a startup with venture funding. Fresh threat-intel reporting suggests attackers are increasingly automating entire attack chains with AI, reconnaissance, credential stuffing, and exploitation all running at machine speed. The result is a rather unpleasant “high-velocity threat engine” that dramatically accelerates how fast organisations get compromised.

Identity theft is now the favourite entry point. The same research highlights a shift away from traditional “break-in hacking” toward simply logging in with stolen credentials. With billions of compromised logins circulating in underground markets, criminals are discovering that the front door is often wide open, they just need the key.

The credential economy continues to balloon. Security researchers estimate billions of credentials have been harvested from malware-infected devices and are circulating across criminal marketplaces. It is less a data leak and more a thriving commodities market, usernames and passwords traded like digital soybeans.

Regulators quietly sharpening the knives on identity security. With identity-based attacks surging, regulators and security agencies are increasingly pushing organisations toward stronger authentication controls and better credential hygiene. Translation: if your security model still treats passwords as the primary defence layer, the future will be… uncomfortable.

The privacy paradox of security tooling. As companies deploy increasingly aggressive monitoring and identity-tracking systems to stop attackers, they are also creating new privacy risks inside their own infrastructure. The balance between “detect everything” and “collect nothing unnecessary” is rapidly becoming the next compliance tightrope.

Smarter Protection Starts with Awareness

Third-party exposure is now a first-order risk. You can’t patch what you can’t see.
Free Data Breach Exposure Scan: Check any domain in seconds: https://breachaware.com/scan