A total of 21 breaches were found and analysed resulting in 10,517,319 leaked accounts containing a total of 19 different data types. The breaches found publicly and freely available included Moscow Electronic School, Paystand, Slide Team, Pitzi and ScrumDo. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A popular business to business payment provider that uses cloud-based technology and the Ethereum blockchain as its engine has suffered a data breach. It was an extensive breach with source code, user information, API keys, and banking data exposed. A couple of years ago, the company had some serious funding from Silicon Valley, which allowed them to launch their payment provider solution, that enables companies to send large amounts of money to each other without paying any fees. Instead, the companies pay a monthly sum to use the service.

A PowerPoint presentation website that offers a wide range of downloadable professional-looking PowerPoint templates has been breached. They offer over 1 million templates with some pretty snazzy designs. With over 150K customers and a large team crossing six different countries, we guess threat actors couldn’t help but target this one.

VULNERABILITY CHAT

Sad news is coming out of the hacking community: the recently arrested threat actor pompompurin has reportedly attempted suicide. This was the administrator of the infamous BreachForums that was seized by the FBI a couple of months ago. The young threat actor is around 19 years old and even though he has committed serious crimes, it's a shame this story has gotten so dark.

An interesting insight into the moral values of a well-established ransomware gang Last week, one of the gang affiliates attacked a daycare centre. These cyber gangs run programmes where they allow others to use their software but take a cut of the money. However, they do have some rules. For instance, some gangs ban attacks on infrastructure and things like hospitals. When the gang's administrator discovered one of their affiliate had successfully attacked a daycare centre, he or she released an apology and claimed to have fired the affiliate.

INFORMATION PRIVACY HEADLINES

ChatGPT is back in Italy after Garante (Italy's data protection authority) confirmed changes have included increased transparency for how data is processed and opt-out rights. Meanwhile, it seems Meta is to be punished with a considerable fine from the DPC (Ireland), with a potential halt on of data transfers from the EU to the US. Nevertheless, with Meta's pivot to AI and cost cuts their share price continues to soar.

Coinbase are facing a lawsuit that claims they are violating certain provisions of Illinois' biometric information privacy act (PIPA) relating to the exchange's know your customer (KYC) processes. The suit argues "Coinbase have no written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric information." Research from Schillings found that data practices are falling short of legal requirements, with protection measures 'not working' exposing brands to repetitional risk.