But confirming the source of the alleged data theft has proven inconclusive, such is the nature of the data broker industry, which gobbles up individuals’ personal data from disparate sources with little to no quality control.
But this alleged breach of a data broker appears to be an outlier, in part because some of the data appears genuine and some already verified.
The proliferation and commoditization of personal data across the data broker industry also makes it more challenging to identify the source of data leaks.
And even if this particular data breach remains unsolved, it shows once more that the data broker industry is out of control and poses real privacy issues to ordinary people.
We couldn’t definitively solve the mystery of this data breach, but there was enough there to detail our verification efforts.
Privacy watchdogs in the U.K. and Canada have launched a joint investigation into the data breach at 23andMe last year.
In its data breach notices, the company said it didn’t detect the hackers’ activities for around five months, from April until September 2023.
23andMe said it only became aware of the account breaches in October 2023, when hackers advertised the stolen data on the unofficial 23andMe subreddit and a well-known hacking forum.
Hackers broke into around 14,000 accounts of 23andMe customers by reusing their passwords from previous breaches, a technique known as password spraying.
That’s how the hackers were able to scrape information on 6.9 million users by only hacking 14,000 accounts.
But the enormous growth of API usage — around half of all internet traffic — is putting businesses’ data at risk.
Cybersecurity startup Vorlon says it helps businesses protect their data from such incidents using its platform, and raised $15.7 million to improve its technology.
Founded in 2022 by former Palo Alto Networks executives Amir Khayat and Amichay Spivak, Vorlon analyzes network traffic to detect and remediate potential API abuse in real-time.
Vorlon uses AI to analyze and map all the API communication it monitors and translate it into human-readable language.
Khayat said Vorlon doesn’t send chatbot data anywhere; instead, it sends user queries to its own databases, and the chatbot will return the information from the startup’s database.
AT&T has begun notifying U.S. state authorities and regulators of a security incident after confirming that millions of customer records posted online last month were authentic.
According to AT&T the records contained valid data on more than 7.9 million current AT&T customers.
AT&T took action some three years after a subset of the leaked data first appeared online, which prevented any meaningful analysis of the data.
The full cache of 73 million leaked customer records was dumped online last month, allowing customers to verify that their data was genuine.
AT&T eventually acknowledged that the leaked data belongs to its customers, including about 65 million former customers.
U.S. consulting firm Greylock McKinnon Associates disclosed a data breach in which hackers stole as many as 341,650 Social Security numbers.
The data breach was disclosed on Friday on Maine’s government website, where the state posts data breach notifications.
A spokesperson for the Justice Department did not respond to a request for comment.
We received confirmation of which individuals’ information was affected and obtained their contact addresses on February 7, 2024,” the firm wrote.
GMA told victims that “your personal and Medicare information was likely affected in this incident,” which includes names, dates of birth, home address, some medical information and health insurance information, and Medicare claim numbers, which included Social Security Numbers.
India’s largest audio and wearables brand BoAt is investigating a possible data breach after hackers advertised a cache of alleged customer data online.
A sample of alleged customer data was uploaded on a known cybercrime forum, which includes full names, phone numbers, email addresses, mailing addresses and order numbers.
In a statement emailed to TechCrunch, BoAt said it was investigating the matter but did not disclose specifics.
At BoAt, safeguarding customer data is our top priority,” the company said.
The brand, however, postponed its public listing plans later, after seeing a slowdown in the public market.
Death, taxes, and regular, terrifying cybersecurity leaks.
Those are the facts of life, as the latest AT&T data breach is teaching us yet again.
A TechCrunch investigation into leaked customer data from the American telco giant has led to AT&T resetting certain customer account passcodes to prevent them from being at risk.
The root of the security weakness is a massive, and AT&T’s data breach included a leaked dataset concerning more than seventy million former and current AT&T account holders.
Only a fraction are still current, but the scale of the leaked dataset that TechCrunch dug into makes it plain that despite huge amounts of work and investment, there are still regular, exploitable, and dangerous for consumers.
The U.K. government has blamed China for a 2021 cyberattack that compromised the personal information of millions of U.K. voters.
The data breach began as early as 2021 but wasn’t detected until a year later.
Dowden said that a separate attempted cyberattack by a China-backed hacking group targeted the email accounts of U.K. lawmakers in 2021, but that parliamentary authorities mitigated the attempted breaches before any email accounts were compromised.
The Norwegian government previously attributed a 2018 data breach on its systems to APT31.
In 2020, Google security researchers linked APT31 to the targeting of email accounts belonging to the Trump and Biden presidential campaigns.
It contains the personal information of some 73 million AT&T customers.
Some AT&T customers have confirmed their leaked customer data is accurate.
But AT&T still hasn’t said how its customers’ data spilled online.
Hunt concluded the leaked data was real by asking AT&T customers if their leaked records were accurate.
But by now AT&T should be able to provide a better explanation as to why millions of its customers’ data is online for all to see.
Documentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month and publicly disclosed last week.
Mintlify helps developers create documentation for their software and source code by requesting access and tapping directly into the customer’s GitHub source code repositories.
These private tokens allow GitHub users to share their account access with third parties apps, including companies like Mintlify.
“The targets of this attack were GitHub tokens of our users,” Wang told TechCrunch by email.
We are currently working with GitHub and our customers to uncover if any of the other tokens were used by the attacker,” Wang said.
