API Vulnerabilities Discovered in LEGO Marketplace

Application programming interface (API) security vulnerabilities have been discovered in a LEGO resale platform owned by LEGO® Group, which could have put sensitive customer information at risk. An investigation by Salt Security’s research team, Salt Labs, found two API security Read More …

Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale

Restaurant customer management platform SevenRooms has confirmed it suffered a data breach after a threat actor began selling stolen data on a hacking forum. SevenRooms is a restaurant customer relationship management (CRM) platform used by international restaurant chains and hospitality Read More …

Hackers leak personal info allegedly stolen from 5.7M Gemini users

Gemini crypto exchange announced this week that customers were targeted in phishing campaigns after a threat actor collected their personal information from a third-party vendor. The notification comes after multiple posts on hacker forums seen by BleepingComputer offered to sell Read More …

Apple should pay €6m to French data watchdog for tracking users without consent, says official

Apple tracked users without their consent and deserves to be fined €6 million, according to a top advisor to France’s data privacy watchdog. The Commission nationale de l’informatique et des libertés (CNIL) launched an investigation into Apple after a complaint Read More …

Ransomware group Play threatens to publish Antwerp’s data

Ransomware group Play claims to hold 557GB of data from the city of Antwerp. The local government fell victim to a ransomware attack last week. Play listed the city of Antwerp on its darkweb page on Sunday. The ransomware group Read More …

Uber suffers new data breach after attack on vendor, info leaked online

Uber shared further information with BleepingComputer on how its data was stolen in a breach on Teqtivity, which provides asset management and tracking services for the company. Uber has suffered a new data breach after a threat actor leaked employee Read More …

UK: Cambridge Water customers’ bank details published to dark web after cyber attack

Bank account details of Cambridge Water customers have been published to the dark web, following a cyber attack. Customers have been left alarmed and furious after learning that names and current addresses, sort codes and account numbers are among the Read More …

Eufy’s security cameras send data to the cloud without consent, and that’s not the worst part

Eufy’s claims to keep “privacy in your own hands” have been rendered null, after a researcher caught the security camera company uploading local-only footage to the cloud without user authorization or knowledge. To top it all off, users have also Read More …

Lastpass says hackers accessed customer data in new breach

LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service. Read More …