In a significant data breach, hacktivist group NullBulge has infiltrated Disney's internal Slack infrastructure, leaking 1.2TB of sensitive data. This breach, posted on the cybercrime platform Breach Forums on July 12, 2024, exposes many of Disney's internal communications, compromising messages, files, code, and other proprietary information.

According to the YouTube channel Gamers Nexus, over 600,000 customer warranty claims for MSI products were publicly accessible via Google search. MSI, a leading computer hardware and peripherals manufacturer, had exposed data that included sensitive information such as names, addresses, phone numbers, and specific order details.

British bulk SMS provider IdentifyMobile exposed 200M records because a developer misconfigured an AWS S3 bucket and made it public. A research group from Germany spotted the issue and were able to access more than six terabytes of data. The said data included not only SMS message content but also phone numbers, sender names, and sometimes other account information.

Twilio also recently disclosed a security incident in relation to this news, but their alert email completely downplayed the level of data that was available from this AWS bucket.

During installation, the router sent several data packets to an Amazon server in the US. These packets contained the configured SSID name and password in clear text, as well as some identification tokens for this network within a broader database and an access token for a user session that could potentially enable a MITM attack.

Linksys has refused to acknowledge/respond to the issue.

To attend the championship this year, fans must use a digital ticket provided through UEFA’s Ticket application. According to Heise, this app requires access to personal data, including name, email, phone number, and GPS permissions. While app store descriptions note the collection of personal information and activity data for analysis purposes, they omit any mention of location sharing.

OpenAI, which is co-defendant with Microsoft, is seeking an informal discovery conference to compel the Times to produce documents demonstrating the originality and ownership of the copyrighted works in question. According to OpenAI’s court filing, the information is critical to their defense against claims of copyright infringement.

Moritz Körner, Member of the European Parliament, disclosed the decision on Twitter. Swedish publisher SVG said, “The question was removed at the last moment from Thursday’s ambassadorial meeting in Brussels”.

Patrick Breyer, a staunch defender of digital rights, laments the Pirate Party’s exit from the EU Parliament as a blow to online privacy.

A user on the online forum 4chan has leaked a massive 270GB of data purportedly belonging to The New York Times. This leak includes what is claimed to be the source code for the newspaper’s digital operations.

The latest proposal mandates user consent for monitoring messages on all communication apps, including those with end-to-end encryption.

Access was gained through a third-party cloud database provider, which we know to be Snowflake.

The only exception is private messages, and some users have reported difficulty opting out.