security breaches
Sumo Logic urges customers to reset API keys following security breach
Sumo Logic, a U.S.-based cloud data analytics and log analysis company, is urging users to reset API keys after discovering a security breach. In a security notice published this week,…
JumpCloud has told customers it reset their API keys to protect their organizations from an apparent security incident. The directory, identity and access management giant said in an email to…
Toyota confirms another years-long data leak, this time exposing at least 260,000 car owners
Two weeks ago, Toyota said it exposed the data of more than two million customers to the internet for a decade. Today, the automotive giant said it recently discovered the…
Telehealth startup Cerebral shared millions of patients’ data with advertisers
Cerebral has revealed it shared the private health information, including mental health assessments, of more than 3.1 million patients in the United States with advertisers and social media giants like…
Electronics giant Samsung has confirmed a data breach affecting customers’ personal information. In a brief notice, Samsung said it discovered the security incident in late-July and that an “unauthorized third…
Featured Article
DoorDash hit by data breach linked to Twilio hackers
Food delivery giant DoorDash has confirmed a data breach that exposed customers’ personal information. In a blog post shared with TechCrunch ahead of its publication at market close, DoorDash said malicious hackers stole credentials from employees of a third-party vendor that were then used to gain access to some of DoorDash’s internal tools. DoorDash said…
Apple patches nasty security bugs, HBO Max suddenly removes content, and a16z backs Neumann’s next thing
Hello hello! We’re back with another edition of Week in Review, the newsletter where we quickly recap the top stories to hit TechCrunch across the last seven days. Want it…
Featured Article
TechCrunch launches TheTruthSpy spyware lookup tool
TechCrunch today launched a spyware lookup tool that allows anyone to check if their Android device was compromised by a network of consumer-grade stalkerware apps, including TheTruthSpy. The aim is to help victims check if their device was compromised and reclaim control of their device. It follows a months-long investigation by TechCrunch into the apps…
Featured Article
What you might have missed at Black Hat and Def Con 2022
Hackers, researchers, cybersecurity companies and government officials descended on Las Vegas last week for Black Hat and Def Con, a cybersecurity double-bill that’s collectively referred to as “hacker summer camp.” This year’s cyber gathering was particularly exciting: Not only did it mark Black Hat’s 25th anniversary, but also the first time since the start of…
A newly discovered malware hijacks Facebook Business accounts
An ongoing cybercriminal operation is targeting digital marketing and human resources professionals in an effort to hijack Facebook Business accounts using a newly discovered data-stealing malware. Researchers at WithSecure, the…
Spyware maker Candiru linked to Chrome zero-day targeting journalists
Security researchers have linked the discovery of an actively exploited but since-fixed zero-day vulnerability in Google Chrome to an Israeli spyware maker targeting journalists in the Middle East. Cybersecurity company…
A ransomware attack on a debt collection firm is one of 2022’s biggest health data breaches
A ransomware attack on a little-known debt collection firm that serves hundreds of hospitals and medical facilities across the U.S. could be one of the biggest data breaches of personal…
Featured Article
A huge data leak of 1 billion records exposes China’s vast surveillance state
A massive store of data containing information on about one billion Chinese residents could be one of the biggest breaches of personal information in history. Portions of the leaked data appeared last week on a known cybercrime forum from someone selling the cache for 10 bitcoins, or about $200,000, and was allegedly siphoned from a…
AMD said it is investigating a potential data breach after RansomHouse, a relatively new data cybercrime operation, claims to have extorted data from the U.S. chipmaker. An AMD spokesperson told…
Hackers stole Social Security numbers in Flagstar data breach affecting 1.5 million customers
Flagstar Bank, one of the largest financial service providers in the United States, has notified more than 1.5 million customers of a data breach in which Social Security numbers were…
Ex-Amazon employee convicted over data breach of 100 million CapitalOne customers
Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, has been found guilty by a Seattle…
A hacked Kaiser Permanente employee’s emails led to breach of 70,000 patient records
Kaiser Permanente, the largest nonprofit health plan provider in the United States, has disclosed a data breach that exposed the sensitive health information of almost 70,000 patients. In a notice…
China-backed hackers are exploiting unpatched Microsoft zero-day
China-backed hackers are exploiting an unpatched Microsoft Office zero-day vulnerability, known as “Follina”, to execute malicious code remotely on Windows systems. The high-severity vulnerability — tracked as CVE-2022-30190 — is being…
US names and shames Venezuelan doctor as notorious ransomware maker
The U.S. has named a Venezuelan cardiologist as the alleged mastermind behind the notorious Thanos ransomware. According to the U.S. Justice Department, Moises Luis Zagala Gonzalez, 55, created and distributed…
Socket lands $4.6M to audit and catch malicious open source code
Securing the software supply chain is admittedly somewhat of a dry topic, but knowing which components and code go into your everyday devices and appliances is a critical part of…
Car rental giant Sixt hit by cyberattack, customers told to expect delays
Germany-based rental car giant Sixt has confirmed it’s been hit by a cyberattack that has caused widespread disruption to its global operations. According to a statement from Sixt, which has…
Health startup myNurse to shut down after data breach exposed health records
myNurse, a healthcare startup that provides chronic care management and remote patient monitoring services, said it will shut down at the end of the month after reporting a data breach…
Ukraine disrupts attempt by Russian hackers to take down energy provider
The Computer Emergency Response Team of Ukraine (CERT-UA) has disrupted an attempt by Sandworm, a hacking group known to work for Russia’s military intelligence, to take down a Ukrainian energy…
Panasonic says Canadian operations hit by ‘targeted’ cyberattack
Japanese tech giant Panasonic has confirmed its Canadian operations were hit by a cyberattack, less than six months after the company last fell victim to hackers. In a statement provided…
The Federal Bureau of Investigation has disclosed it carried out an operation in March to target a massive botnet controlled by Russian intelligence. The operation was authorized by courts in California…
Lapsus$ hacking group claims software consultancy giant Globant as its latest breach victim
Just days after police in the U.K. arrested seven people over suspected connections to the now-infamous hacking and extortion group, Lapsus$ is claiming its latest victim. Lapsus$, whose recent victims…
Lapsus$ found a spreadsheet of accounts as they breached Okta, documents show
The Lapsus$ hackers used compromised credentials to break into the network of customer service giant Sitel in January, days before subsequently accessing the internal systems of authentication giant Okta, according…
Okta says 366 corporate customers, or about 2.5% of its customer base, were impacted by a security breach that allowed hackers to access the company’s internal network. The authentication giant…
The U.S. Federal Trade Commission has proposed a settlement that will fine the former owner of U.S. custom clothing and merchandise retailer CafePress $500,000 for attempting to cover up a…
Data-stealing app found in Google Play downloaded thousands of times
A notorious Android banking trojan designed to steal user data, like passwords and text messages, has been discovered in Google Play and downloaded thousands of times. The TeaBot banking trojan, also…