Discord.io let Discord users make custom links for their channels. On August 14, a major data breach caused by a vulnerability in the website's code let a third-party attacker steal information and put it up for sale on a breached data forum. That includes hashed passwords, billing information and Discord IDs.

"We have decided to take down our site until further notice," Discord.io wrote in a post. The company plans a "a complete rewrite of our website's code, as well as a complete overhaul of our security practices" as it looks for a way to mitigate the breach and prevent future problems.

This is different from the Discord breach that the company may have reached out to you about this week. A separate incident, affecting Discord and not the separate Discord.io entity, happened earlier this year when an unauthorized user gained access to Discord data via a third-party service provider. The hacker stole data on service tickets, which included personal information like driver's license numbers, for 180 users. Discord is reaching out via email to let impacted users know about the incident, and offering credit monitoring and identity theft protection services to prevent further damage.

"Discord is not affiliated with Discord.io. We do not share any user information with Discord.io directly and we do not have access to or control of information in Discord.io's custody," a Discord spokesperson said. "We are committed to protecting the privacy and data of our users and encourage our users to enable Two-Factor Authentication (2FA) to help keep their accounts protected, and consider SMS Authentication."

The post Discord's March data breach only affected 180 users, but it's worth a security checkup appeared first on Best News.

DNAR Profiles contain sensitive details including self-reported information like display names and locations, as well as shared DNA percentages for DNA Relatives matches, family names, predicted relationships and ancestry reports. Family Tree profiles contain display names and relationship labels, plus other information that a user may choose to add, including birth year and location. When the breach was first revealed in October, the company said its investigation “found that no genetic testing results have been leaked.”

According to the new filing, the data “generally included ancestry information, and, for a subset of those accounts, health-related information based upon the user’s genetics.” All of this was obtained through a credential-stuffing attack, in which hackers used login information from other, previously compromised websites to access those users’ accounts on other sites. In doing this, the filing says, “the threat actor also accessed a significant number of files containing profile information about other users’ ancestry that such users chose to share when opting in to 23andMe’s DNA Relatives feature and posted certain information online.”

Following the discovery of the breach, 23andMe instructed affected users to change their passwords and later rolled out two-factor authentication for all of its customers. In another update on Friday, 23andMe said it had completed the investigation and is notifying everyone who was affected. The company also wrote in the filing that it “believes that the threat actor activity is contained,” and is working to have the publicly-posted information taken down.

Update, December 2 2023, 7:03PM ET: This story has been updated to include information provided by a 23andMe spokesperson on the scope of the breach and the number of DNA Relative participants affected.

The post 23andMe hackers accessed ancestry information on millions of customers using a feature that matches relatives appeared first on Best News.

Ransomed.vc said it wouldn't ransom Sony, and instead would be selling the data "due to Sony not wanting to pay." It posted a sampling of files as "proof" of their claims. Ransomed.vc gave a deadline of September 28. On Tuesday, a threat actor under the name "MajorNelson," claimed that Ransomed.vc lied about the breach, and leaked the data that Ransomed.vc claimed to have, according to malware repository vx-underground. Engadget could not independently verify the claims.

"We are currently investigating the situation," a Sony spokesperson told Engadget.

Ransomed.vc emerged as attackers and a ransomware-as-a-service organization that lets others pay to launch attacks. The group threatens victims with data protection fines under laws like the GDPR if they do not pay the ransom. In other words, pay us a few hundred thousand dollar ransom, or we'll report you to pay up a million dollar fine. MajorNelson appears to be an independent threat actor motivated by a disdain for Ransomed.vc, calling the reports about their efforts lies.

"RansomedVCs are scammers who are just trying to scam you and chase influence," MajorNelson wrote. "Enjoy the leak." According to MajorNelson, the leak includes credentials for internal systems, incident response policies and more.

In 2011, a threat actor exposed personally identifiable information from 77 million PlayStation network accounts. Sony took the network offline for 23 days as it mitigated the damage, and in 2019, it agreed to pay a £250K fine in the UK for its failure to adequately prepare for the attack.

The post Sony investigates the alleged data breach that has led to hacker infighting appeared first on Best News.

According to a notice on the McLaren website, the company learned of the breach on August 31. An investigation into the impacted files concluded on October 10, and if you’ll take a look at today’s date, it took an additional month for the company to let the public know about the incident.

“Potentially affected current and former patients of McLaren are encouraged to remain vigilant against incidents of identity theft by reviewing account statements and explanations of benefits for unusual activity and to report any suspicious activity promptly to your insurance company, health care provider, or financial institution,” the nonprofit said in a statement.

While McLaren hasn’t released any details about the attack, such as who is behind it or possible motivations, the ALPHV/BlackCat ransomware group claimed responsibility for the attack, according to Bleeping Computer. Ransomware groups are known to do this for publicity, but the actor behind an attack usually can’t be confirmed until a third-party security researcher independently verifies it.

McLaren encompasses 13 hospitals and employs 490 physicians across Michigan and Indiana, with an annual revenue of $6.6 billion. Its offering identity protection services to affected people that enroll by February 9. There’s currently no evidence that data leaked in the breach has been misused, according to McLaren.

The post Data breach of Michigan healthcare giant exposes millions of records appeared first on Best News.

As of Monday afternoon, the Boeing services website remained out of order. A notice posted to the site acknowledged a cyber incident affecting Boeing’s parts and distribution business, but reiterated that it did not impact the safety of its aircrafts. “In connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems,” a Boeing spokesperson told Engadget. “We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate.”

The saga started on October 27 when LockBit listed Boeing as a victim on its website, saying that the company had until November 2 to negotiate a payment. While LockBit briefly removed Boeing from its list of victims on its website, the ransomware gang returned on November 7 stating that Boeing had ignored its attempts to negotiate. LockBit initially threatened to release 4GB of sample data before it decided to leak all of the data it had stolen on November 10.

The Boeing backup data released by LockBit includes configuration data for IT management software, auditing and monitoring logs and some Citrix information believed to be connected to a previous exploit.

LockBit has grown into a notorious ransomware gang since its first appearance on Russian cybercrime forums in January 2020. There have been about 1,700 attacks in the US linked to LockBit, with companies paying about $91 million in ransoms to the gang, according to the FBI. Victims include the Chinese bank ICBC, chip giant Taiwan Semiconductor Manufacturing Company and Canadian book seller Indigo Books and Music, among others.

This article contains affiliate links; if you click such a link and make a purchase, we may earn a commission.

The post Cybercriminal gang LockBit leaks alleged Boeing data appeared first on Best News.

It started in Greece at the end of June. Attackers that discovered the vulnerability and sent emails to a government organization containing the exploit. If someone clicked the link while logged into their Zimbra account, it automatically stole email data and set up auto-forwarding to take control of the address.

While Zimbra published a hotfix on open source platform Github on July 5, most of the activity deploying the exploit happened afterward. That means targets didn’t get around to updating the software with the fix until it was too late. It’s a good reminder to update the devices you’ve been ignoring now, and ASAP as more updates become available. “These campaigns also highlight how attackers monitor open-source repositories to opportunistically exploit vulnerabilities where the fix is in the repository, but not yet released to users,” the Google Threat Analysis Group wrote in a blog post.

Around mid-July, it became clear that threat group Winter Vivern got ahold of the exploit. Winter Vivern targeted government organizations in Moldova and Tunisia. Then, a third unknown actor used the exploit to phish for credentials from members of the Vietnam government. That data got published to an official government domain, likely run by the attackers. The final campaign Google’s Threat Analysis Group detailed targeted a government organization in Pakistan to steal Zimbra authentication tokens, a secure piece of information used to access locked or protected information.

Zimbra users were also the target of a mass-phishing campaign earlier this year. Starting in April, an unknown threat actor sends an email with a phishing link in an HTML file, according to ESET researchers. Before that, in 2022, threat actors used a different Zimbra exploit to steal emails from European government and media organizations.

As of 2022, Zimbra said it had more than 200,000 customers, including over 1,000 government organizations. “The popularity of Zimbra Collaboration among organizations expected to have lower IT budgets ensures that it stays an attractive target for adversaries,” ESET researchers said about why attackers target Zimbra.

The post An email vulnerability let hackers steal data from governments around the world appeared first on Best News.

The incident happened in May, as a part of a string of attacks linked to Clop. The hackers exploited a vulnerability in file transfer software MOVEit, attacking more then 2,000 organizations and impacting 62 million people, according to researchers at Emsisoft.

AutoZone realized it had fallen victim to the Clop attack in August, but it didn’t suss out what data had been affected by the attack until earlier this month. That said, Clop claimed responsibility for an attack on AutoZone in July, publishing 1.1GB of internal and employee data from the auto retailer, according to Bleeping Computer.

“AutoZone became aware that an unauthorized third party exploited a vulnerability associated with MOVEit and exfiltrated certain data from an AutoZone system that supports the MOVEit application,” AutoZone wrote in a notification to customers. It’s unclear which parts of the AutoZone systems the Clop hackers accessed and, although the Maine notification says social security numbers had been leaked, AutoZone did not provide any specifics.

AutoZone rakes in $17.5 billion in revenue each year, operating more than 7,000 retail locations.

The post AutoZone warns almost 185,000 customers of a data breach appeared first on Best News.

“We’re willing to make a deal with INL. If they research creating irl catgirls we will take down this post,” SiegedSec wrote in a post announcing the leak on Monday.

The hacktivist group SiegedSec conducted a high profile attack on NATO last month, leaking internal documents as a retaliation against those countries for their attacks on human rights. The group commonly attacks government and affiliated organizations for political reasons, like targeting state governments for passing anti-trans legislation earlier this year.

A spokesperson confirmed the breach to Engadget on Wednesday. “On Monday, Nov. 20, Idaho National Laboratory determined that it was the target of a cybersecurity data breach in a federally approved vendor system outside the lab that supports INL cloud Human Resources services. INL has taken immediate action to protect employee data,” an INL spokesperson said. The lab said it has reached out to authorities for help on how to proceed as it determines how to handle the breach.

INL works as a Department of Energy affiliate researching nuclear reactors, among other projects like sustainable energy. It employs more than 5,000 people.

The post Self-proclaimed 'gay furry hackers' breach nuclear lab appeared first on Best News.

“First American has experienced a cybersecurity incident,” says a statement on its website. “In response, we have taken certain systems offline and are working to return to normal business operations as soon as possible.” First American did not immediately respond to a request for comment.

In 2019, First American came under fire for its handling of sensitive information. It paid a $1 million fine to the New York State Department of Financial Services after a vulnerability in its proprietary “EaglePro” application left data like social security numbers and bank information exposed.

The post First American discloses a 'cybersecurity incident,' a few years after its major leak appeared first on Best News.

Initially, VF Corp warned customers that the cyberattack it experienced in December could have an impact on its holiday order fulfillment. The company said "unauthorized occurrences" on its IT systems caused operational disruptions, and the attackers likely stole personal information. Now, it's come out just how widespread the damage from the attack could be.

VF Corp did not respond to a request for comment clarifying what type of data the hackers stole. In the SEC filing, however, the company said it did not collect consumer social security numbers, bank account information or payment card information, and that there is no evidence the hackers stole passwords. It also said that the unauthorized users were "ejected" from its systems by December 15, after being discovered two days earlier.

"Since the filing of the Original Report, VF has substantially restored the IT systems and data that were impacted by the cyber incident, but continues to work through minor operational impacts," the latest filing states. VF still has not confirmed who was behind the attack.

The post Apparel supplier for North Face, Vans admits its cyberattack led to a data breach of 35 million customers appeared first on Best News.