A total of 11 breaches were found and analysed resulting in 7,785,424 leaked accounts containing a total of 15 different data types. The breaches found publicly and freely available included Gemini [2], Exvagos, Stealer - BradMax 0325, Debbie Sells Columbia and American Express. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

An insurance company established in Tokyo who are described as a hub for Asian insurance suffered a data breach last year, however recently the data has made its way in circulation publicly. Since 1986 the company has performed well launching various products and parter companies. The hack happened some time back in 2021 and then the data was sold before being released for general consumption.

Indian online clothing marketplace which offers unique designs from across the globe recently suffered a major security breach. With head quarters in Delhi, the company has been running for over a decade. A cyber security company has reached out to the company for comment, the company is yet to confirm or deny the incident.

A ransomware gang posted a message explaining that one of their 'supports' had recently reached out to them. He said a local company scammed him, so they naturally stepped in to help - user information and admin logins were soon leaked. The gang have also been targeting the Greek government in attempt to fight corruption. Is this gang the new Robin of the ransomware scene?

The Israeli government has been threatened by a ransomware gang recently, the gang made a statement saying “back to prove what’s been denied or censored” as well as “the worst is yet to come” with a date and time given.

VULNERABILITY CHAT

IT giant Ivanti, has released a second vulnerability used in attacks on the Norwegian government through their Endpoint Manager Mobile (EPMM). The company says the vulnerability allows threat actors to take a number of actions on a victim device that can be used with the first bug to bypass administrator authentication. The US Cybersecurity and Infrastructure Agency (CISA) has separately issued a warning urging customers to immediately patch their devices.

A number of stable pools on Curve Finance (a decentralised exchange (DEX) that focuses on stablecoin trading) using Viper (a Pythonic Programming Language for (EVM) Ethereum Virtual Machine) have been exploited. It is thought Vyper versions 0.2.15, 0.2.16 and 0.3.0 are vulnerable to malfunctioning reentrancy locks that has cost Curve Finance over $47 million so far.

INFORMATION PRIVACY HEADLINES

RyanAir have been hit with a complaint via Spain's Data Protection Agency by NOYB (None of Your Business) accusing them of violating customers' data protection rights by using facial recognition to verify their identity when booking through online travel agents. RyanAir has responded by saying its biometric and non-biometric processes are fully compliant with all GDPR regulations.

The privacy radar is ramping up again against OpenAI, this time regarding WorldCoin, in their own words - Worldcoin consists of a privacy-preserving digital identity (World ID) and, where laws allow, a digital currency (WLD) received simply for being human. The controversy, they are offering free crypto tokens in exchange for having your eyeball scanned!