[Security News] Data Breaches from Disney, MediSecure, and Life360

Security weekly, security news, Penta Security, Cloudbric, Desney, MediSecure, Live360

July 25, 2024

 

1. Disney‘s internal Slack containing unreleased projects leaked – hackers

The attacker group, calling itself NullBulge, alleges that the stolen data includes information taken from 10,000 Slack channels, including all messages and files. According to the attackers’ post on a popular data leak forum, the stolen data includes unreleased projects, raw images and code, some login details, links to internal web pages, and other information. Internal chat leaks pose severe risks to exposed companies, as messages provide malicious actors with the means to compromise sensitive information, conduct unauthorized access, and potentially exploit confidential company resources.

Source : Cyber News, Security Week, Hack Read

 

2. MediSecure Data Breach: 12.9 Million Australian Users’ Sensitive Data Hacked

In one of the largest cyber breaches in Australian history, MediSecure, a former provider of digital prescriptions, has revealed that hackers earlier this year stole the personal and medical data of approximately 12.9 million Australians. This large number represents almost half of the country’s people, making it an unusually big breach. This event has raised big worries about keeping data safe and making sure companies are responsible with personal information. The hackers absconded with an enormous 6.5 terabytes of data, equivalent to a vast amount of textual information.

Sources: Cyber Security News, The Guardian, Cyber Daily

 

3. Over 400,000 Life360 user phone numbers leaked via unsecured API

A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. Known only by their ’emo’ handle, they said the unsecured API endpoint used to steal the data provided an easy way to verify each impacted user’s email address, name, and phone number. As first spotted by HackManac, the breach behind this data leak occurred in March 2024, with emo saying they weren’t behind the incident.

Source : Bleeping Computer, SC Media, Tech Radar, Hack Read

 

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security

Click here for inquiries regarding the partner system of Penta Security

Check out the product lines of  Cloudbric by Penta Security:

Cloud-based Fully Managed WAAP: Cloudbric WAF+

Agent based Zero Trust Network Access Solution: Cloudbric PAS

Agentless Zero Trust Network Access Solution: Cloudbric RAS

Blockchain: Blockchain Security Solution

Click here for inquiries regarding the partner system of Cloudbric