A total of 17 breaches were found and analysed resulting in 80,089,084 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Luxottica, Polish credentials, Red Volcano, Raid Forums and Bella Clear. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A British publisher's research tool for online advertising founded in 2017 recently suffered a data breach. The company provides a SaaS platform for the supply side of ad tech and shows off some big household names in several industries across their web page. We have not seen any mention by the company about the data breach.

A Sri Lankan digital payment provider that was breached last year has seen its entire breached data dumped on the dark web. The payment provider was first launched in 2016 and had a bumpy start before going down several months later. However, after making a comeback in 2017 the company has gone from strength to strength, until last April, when the payment provider went offline for 36 hours.

By then it was being used by over 3,500 Sri Lankan businesses. Threat actors managed to download 64GB worth of data, which ranged from the standard data to credit card information. The company posted on Facebook after the attack, assuring its customers that no credit card information was exposed and has splashed across the front page of their website that they are "on the leading edge of safety and security."

An online mutual masturbation club has unfortunately (for its users) been breached. The site promotes the experience of meeting others while masturbating online and offline. The usual data types were exposed, along with over 170K unique email addresses. It's not a huge breach, but it's a slap in the face for mutual masturbators around the globe.

VULNERABILITY CHAT

A top Ransomware gang is actively recruiting new hackers, while at the same time stranger things are going on as they always are on 4chain. What looks like the US military trying to recruit nerds to sign up. By posting and engaging with users of the perks of the military.

The third high profile exploited Xero-day vulnerability linked to a file transfer service has seen the personal information of the high profile supply chain of Progress Software exposed. The service called MOVEit was used by Zellis, an award winning Payroll and HR Solutions company in the UK.

Barracuda's email security gateway vulnerability has caught out the Australian Capital Territory (ACT) government. Following a number of patches Barracuda has warned that impacted appliances must be replaced immediately.

INFORMATION PRIVACY HEADLINES

After over 10 years, Google's Street View is returning to Germany to make recordings all throughout the country, meant to be published in batches over time. Google said it is working closely with a German government privacy agency to ensure it meets local data privacy regulations.

Invidious, a free open source alternative front end to YouTube (it strips away advertising, user tracking and subscriptions) has been sent a cease and desist notice from YouTube's legal department.

US and UK government representatives have reached an agreement in principle for an extension to 'Privacy Shield 2.0' with a new 'data bridge' to make it easier for businesses to transfer data freely to certified organisations.