'/%3e%3cpath%20d='M50.3943%2022.237V39.5876H43.5185V22.7481C43.5185%2019.2029%2042.0411%2017.3949%2039.036%2017.3949C35.7325%2017.3949%2034.0778%2019.5338%2034.0778%2023.7585V32.9759H27.2434V23.7585C27.2434%2019.5338%2025.5857%2017.3949%2022.2822%2017.3949C19.2949%2017.3949%2017.8027%2019.2029%2017.8027%2022.7481V39.5876H10.9298V22.237C10.9298%2018.6918%2011.835%2015.8754%2013.6453%2013.7877C15.5128%2011.7049%2017.9623%2010.6355%2021.0028%2010.6355C24.522%2010.6355%2027.1813%2011.9885%2028.9542%2014.6917L30.665%2017.5633L32.3788%2014.6917C34.1517%2011.9885%2036.811%2010.6355%2040.3243%2010.6355C43.3619%2010.6355%2045.8114%2011.7049%2047.6847%2013.7877C49.4931%2015.8734%2050.3963%2018.6899%2050.3943%2022.237Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_89_8'%20x1='30.5'%20y1='0'%20x2='30.5'%20y2='65'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%236364FF'/%3e%3cstop%20offset='1'%20stop-color='%23563ACC'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
Reuters confirms TeleMessage breach includes messages and metadata from over 60 US officials, including diplomatic, emergency, and Secret Service personnel.
#dataleak
5 posts4 participants0 posts today
The leaked Apple mobile iOS database includes tens of millions of records, such as names, IDs, mobile phone operators.
#Apple #dataleak #cybersecurity
https://cnews.link/iphone-users-data-leak-china-privacy-breach-3/
Replied in thread
DNIP Briefing #20: ID auf Knopfdruck - Das Netz ist politisch https://dnip.ch/2025/04/08/dnip-briefing-20-id-auf-knopfdruck/ #DNIPbriefing #Digitalisierung #digitalization #Cybersecurity #Datenleck #DataLeak #ArtificialIntelligence #ChatGPT #IdentityTheft #OpenSource #Llama #DigitalIdentity #Strava #Datenschutz #pvivacy #Medienkompetenz #DigitaleGesellschaft #FakeID #OpenAI #Bellingcat #DigitalHistory
Das Netz ist politisch · DNIP Briefing #20: ID auf Knopfdruck - Das Netz ist politischDie Redaktion präsentiert jeden Dienstag die Geschichten, die sie bewegt, aufgerüttelt oder zum Nachdenken angeregt hat.
This is something you need to read in order to believe
subject: VoLTE
provider O2 UK
nightmare: infosec
Enormous. Outragerous are some of the words I would use. Take you time to read and learn because they are not the only culprits on the planet with such bad data protection practices
Excerpt
>>
Quite quickly I realised something was wrong. The responses I got from the network were extremely detailed and long, and were unlike anything I had seen before on other networks. The messages contained information such as the IMS/SIP server used by O2 (Mavenir UAG) along with version numbers, occasional error messages raised by the C++ services processing the call information when something went wrong, and other debugging information. However, most notable were a set of five headers near the bottom of the message:
SIP Msg
...
P-Mav-Extension-IMSI: 23410123456789
P-Mav-Extension-IMSI: 23410987654321
P-Mav-Extension-IMEI: 350266809828927
P-Mav-Extension-IMEI: 350266806365261
...
Cellular-Network-Info: 3GPP-E-UTRAN-FDD;utran-cell-id-3gpp=2341010037A60773;cell-info-age=26371
Synthesised excerpt of IMS signalling message for demonstration; not a genuine IMEI/IMSI/cell ID.
Two sets of IMSIs, two sets of IMEIs, and a Cell ID header. How curious…
Sure enough, when comparing both the IMSIs and IMEIs in the message to those of my own devices, I had been given both the IMSI and IMEI of my phone which initiated the call, but also the call recipient's.
<<
^Z
#O2 #UK #TeleCom #InfoSec #DataLeak #WTF
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/
A Childcare Center in the United States had a server exposing children's documents publicly for years.
I wasn't the first to alert them about this either. I mentioned this to @PogoWasRight and she told me she notified them about the issue on a call in 2022. The call wasn't properly followed up by the company and the data ended up being exposed for almost another 3 years.
You can read more about it here: https://jltee.substack.com/p/us-childcare-center-leaks-thousands-of-childrens-private-data
The Hub of Stupi.. *misconfigs · U.S. Childcare Center Leaks Thousands of Children's Private Data
A misconfigured database from ticket resale platform TicketToCash exposed data from 520,000 users including names, addresses, partial credit card info & actual tickets.
Read: https://hackread.com/ticket-resale-platform-tickettocash-exposed-user-data/
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · Ticket Resale Platform TicketToCash Left 200GB of User Data ExposedFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
Massive privacy breach: 21M employee screenshots leaked from WorkComposer 
Researchers discovered a misconfigured S3 bucket that exposed:
Passwords, API keys, and sensitive login details
Confidential internal documents
Fallout risks include:
• GDPR and CCPA violations
• Business data compromise
• Employee trust erosion
Employee monitoring tools must protect, not expose.
Security hygiene isn’t optional — it’s the foundation.
#CyberSecurity #DataLeak #PrivacyBreach #WorkComposer #Compliance
https://cybernews.com/security/employee-monitoring-app-leaks-millions-screenshots/
Correcting one of my posts: It was not Atrium Health that owned the data Jeremiah Fowler reported on to Website Planet. I heard from Atrium Health today and it was Carolina Anesthesiology, P.A., who owned the data that were exposed.
My corrected post is at:
https://databreaches.net/2025/04/24/no-need-to-hack-when-its-leaking/
(I can't believe it but I just had to correct my correction on the name of the actual owners. Please make this week be over.)
8 million UK healthcare worker records, including IDs and financial data, exposed due to unsecured staff management database from UK-based software firm.
Read: https://hackread.com/uk-software-firm-exposed-healthcare-worker-records/
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · UK Software Firm Exposed 1.1TB of Healthcare Worker RecordsFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
Database for an internal chat with millions of chat messages and over 130,000 files with PII and PHI from the United States exposed publicly for over a month.
Contacted the company responsible for setting up the chat and one of their clients, a Mental Health Clinic, but no one replied back to me and just silently fixed the issue.
https://jltee.substack.com/p/internal-chat-database-for-multiple-us-companies-exposed
The Hub of Stupi.. *misconfigs · Internal chat database for multiple US companies exposed publicly
Replied to Chum1ng0 - Security Research 
@chum1ng0 Good job persevering and getting that one closed down by collaborating with their government!
#dataleak #infosec #CNIL #RGPD
Quelques chiffres sur la fuite de données #twitter dont on a parlé récemment.
382 fichiers CSV, 438 GB décompressés.
94 twitter_users_extra_ZZZ.csv = 935 millions de lignes sans grand intérêt
288 fichiers twitter_users_NNN.csv, = 1.7 G lignes.
Peu de données réellement personnelles, seulement 9 millions de lignes avec une adresse e-mail, valide ou pas.
Certaines rares lignes comportent aussi une description et/ou une URL.
EDIT: CSV bizarres mal parsés
Twitter (X) Hit by 2.8 Billion Profile Data Leak in Alleged Insider Job
https://hackread.com/twitter-x-of-2-8-billion-data-leak-an-insider-job/
Hackread - Latest Cybersecurity, Tech, AI, Crypto & Hacking News · Twitter (X) Hit by 2.8 Billion Profile Data Leak in Alleged Insider JobFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
Replied in thread
DNIP Briefing #17: Das Duell - Das Netz ist politisch https://dnip.ch/2025/03/18/dnip-briefing-17-das-duell/
#DNIPBriefing #ArtificialIntelligence #Urheberrecht #copyright #China 
#USA 
#DeepSeek #Alibaba #Baidu #Pressefreiheit #FreePress #Diktatur #dictatorship #Menschenrechte #HumanRights #Whistleblower #PokemonGo #Datenschutz #privacy #Überwachung #surveillance #LastPass #Cybersecurity #DataLeak #Datenleck #DataBreach #cryptocurrency #cryptocurrencies
Das Netz ist politisch · DNIP Briefing #17: Das Duell - Das Netz ist politischDie Redaktion präsentiert jeden Dienstag die Geschichten, die sie bewegt, aufgerüttelt oder zum Nachdenken angeregt hat.
All-in-One platform leaks millions of attachments from their clients.
This server contained a bit of everything, from sensitive piercing selfies next to identity docs, to passports, cvs, insurance docs and more.
Read about it here: https://jltee.substack.com/p/all-in-one-platform-gohighlevel-exposed-attachments-from-clients
The Hub of Stupi.. *misconfigs · All-in-One Platform GoHighLevel Exposed Attachments From Their Clients Publicly
La Empresa de Marketing xtremosur.cl ha sido publicada en BreachForums por Arikos actor malicioso.
https://blog.security-chu.com/2025/03/Arikos-actor-malicioso-publica-xtremosur-marketing-Chile.html
Another day, another leak, another inaccurate claim by an entity, and another inappropriate attack on a researcher. Buckle up.
@JayeLTee had alerted me to his nasty encounter with TeammateApp's CEO. See his post https://infosec.exchange/@JayeLTee/114057470165488882 and his substack at https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security
My report/commentary is at :
No need to hack when it’s leaking, Monday edition: TeammateApp:
https://databreaches.net/2025/02/24/no-need-to-hack-when-its-leaking-monday-edition-teammateapp/
Infosec ExchangeJayeLTee (@JayeLTee@infosec.exchange)🇳🇿 I've had quite a few outrageous responses to my alerts, this is another one of those, sent by teammateapp.com CEO.
After my initial alert and follow up email, I get a reply lying about the severity of the exposure and telling me to stop harassing the company.
This CEO also didn't know what Proton is and thought I work for them and threatened to report me to them in case I didn't stop. :blobshrug:
Read about it here: https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security
#cybersecurity #infosec #privacy #database #databreach #leak #newzealand #nz #teammateapp #ceo #incidentresponse
#TopSec data leak exposes 7,000+ documents linking the Chinese cybersecurity firm to gov’t surveillance & censorship. Hardcoded credentials, sensitive word monitoring, and more uncovered.
Read: https://hackread.com/leaked-files-chinese-cybersecurity-firm-govt-censorship/
Hackread - Latest Cybersecurity, Tech, AI, Crypto & Hacking News · Leaked Files Tie Chinese Cybersecurity Firm to Government CensorshipFollow us on Bluesky, Twitter (X) and Facebook at @Hackread
This is funny, "only read access" makes this in any country or legal system still a databreach/leak of gigantic proportions.
https://www.cbsnews.com/news/treasury-says-elon-musk-doge-has-read-only-access-to-payment-systems/
#Musk #DOGE #databreach #dataleak #cybersecurity