'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
They offer over 1 million PPT templates with some pretty snazzy designs...
01 May 2023BREACHAWARE HQ
A total of 21 breach events were found and analysed resulting in 10,517,319 exposed accounts containing a total of 19 different data types of personal datum . The breaches found publicly and freely available included Moscow Electronic School, Paystand, Slide Team, Pitzi and ScrumDo. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data, Socia-Demographic Data, Financial Data, Usage Data, Documentary Data, Special Category.
Data Breach Analysis
One affected entity, Moscow Electronic School, operates in the education sector, providing digital learning resources and tools. Breaches here can compromise sensitive student and staff data, raising concerns about privacy, potential identity theft, and the disruption of educational services. This also poses risks to parents and educators who rely on secure platforms for learning continuity.Paystand, a financial technology company specialising in digital payment solutions, highlights the critical vulnerabilities in the fintech sector. Exposure of financial and transactional data can lead to fraud, unauthorised transactions, and significant reputational damage for both the company and its clients.
Slide Team, a provider of presentation templates and resources, serves corporate and professional users. Breaches in this domain may include access to proprietary business information or personal data of employees, potentially impacting company confidentiality and competitive advantage.
Pitzi and ScrumDo operate in consumer services and project management software, respectively. These sectors handle sensitive client and project information, meaning breaches could disrupt business operations, erode client trust, and expose confidential data.
Spotlight
A popular business to business payment provider that uses cloud-based technology and the Ethereum blockchain as its engine has suffered a data breach. It was an extensive breach with source code, user information, API keys, and banking data exposed. A couple of years ago, the company had some serious funding from Silicon Valley, which allowed them to launch their payment provider solution, that enables companies to send large amounts of money to each other without paying any fees. Instead, the companies pay a monthly sum to use the service.A PowerPoint presentation website that offers a wide range of downloadable professional-looking PowerPoint templates has been breached. They offer over 1 million templates with some pretty snazzy designs. With over 150K customers and a large team crossing six different countries, we guess threat actors couldn’t help but target this one.
Vulnerability Chat
Sad news is coming out of the hacking community: the recently arrested threat actor pompompurin has reportedly attempted suicide. This was the administrator of the infamous BreachForums that was seized by the FBI a couple of months ago. The young threat actor is around 19 years old and even though he has committed serious crimes, it's a shame this story has gotten so dark.An interesting insight into the moral values of a well-established ransomware gang Last week, one of the gang affiliates attacked a daycare centre. These cyber gangs run programmes where they allow others to use their software but take a cut of the money. However, they do have some rules. For instance, some gangs ban attacks on infrastructure and things like hospitals. When the gang's administrator discovered one of their affiliate had successfully attacked a daycare centre, he or she released an apology and claimed to have fired the affiliate.
Information Privacy Headlines
ChatGPT is back in Italy after Garante (Italy's data protection authority) confirmed changes have included increased transparency for how data is processed and opt-out rights. Meanwhile, it seems Meta is to be punished with a considerable fine from the DPC (Ireland), with a potential halt on of data transfers from the EU to the US. Nevertheless, with Meta's pivot to AI and cost cuts their share price continues to soar.Coinbase are facing a lawsuit that claims they are violating certain provisions of Illinois' biometric information privacy act (PIPA) relating to the exchange's know your customer (KYC) processes. The suit argues "Coinbase have no written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric information." Research from Schillings found that data practices are falling short of legal requirements, with protection measures 'not working' exposing brands to repetitional risk.
Smarter Privacy Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan
