A total of 28 breaches were found and analysed resulting in 146,769,692 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Dubsmash (2), Reverb Nation, Work 5, Wobi and Medical Company Nauka. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A Palo Alto-based SaaS company (software as a service) who say they are a leader in next-gen smart home technology, has suffered a data breach. They work closely with companies such as Talk Talk as well as over 240 service providers, including big names such as Comcast. The company is communicating with a threat actor who has recently leaked a sample of the data breach with the threat of “Depending on (redacted) actions in the coming days, I may release the entire breach for free, including staff tokens, information, and all user data, plus the the app's codebase."

A huge eSports gaming company based in Delhi, India, has suffered a data breach. The breach happened back in December 2020 but has only recently come into circulation on the usual dark-web channels. The company, which was founded back in 2014, has been hosting offline and online gaming tournaments across eight cities in India. They have “passion and a commitment to the best gaming experience.”

A well-known and prominent ransomware gang has taken a different approach to encouraging their victims to pay up. The publicly traded company MeridianLink, which specialises in digital lending, has refused to pay a ransomware gang and in return, the gang has launched a complaint with the Securities and Exchange Commission (SEC) in the USA.

The screen shot of a complaint form on the SEC website has been posted by the gang on their onion site, as well as an automated response email from the SEC. The gang wrote, “It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under item 1.05 of Form 8-K within the stipulated four business days, as mandated by the new SEC rules.”

They are referencing a new law in the US giving companies four working days to disclose that they have suffered a cyber security incident. However, the law doesn’t take effect until later this year.

VULNERABILITY CHAT

Cybersecurity startup, Unciphered has identified a vulnerability in early cryptocurrency wallets. The vulnerability originates from a flaw in the Bitcoin JS software used for wallet generation between 2011 and 2015, potentially exposing wallets to exploitation. Users are being advised to transfer assets to wallets generated with updated, secure software.

12 Common Vulnerabilities and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Junos OS (Juniper), Windows (Microsoft) and Web Appliance (Sophos).

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

INFORMATION PRIVACY HEADLINES

French police have been accused of secretly using facial recognition software developed by an Israeli company, Briefcam. Disclose, which calls itself a "non-profit investigative newsroom," said on Tuesday that French law enforcement acquired the software from Briefcam.

ChatGPT parent Open AI has pushed out its co-founder and CEO Sam Altman after a review found he was "not consistently candid in his communications" with the board of directors. "The board no longer has confidence in his ability to continue leading OpenAI," the artificial intelligence company said in a statement.