McHire, McDonald's hiring chatbot platform, was protected by a default "123456" password
Read more: https://cnews.link/mcdonalds-mchire-chatbot-data-leak-8/
#McDonalds #privacy #chatbot #AI #dataleak
#dataleak
4 posts4 participants0 posts today
Would You Like an IDOR With That? Leaking 64m McDonald's Job Applications
Would you like an IDOR with that? Leaking 64 million McDonald’s job applicationsWould you like an IDOR with that? Leaking 64 million McDonald’s job applicationsWhen applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We discovered a vulnerability that could allow an attacker to access more than 64 million job applications. This data includes applicants' names, resumes, email addresses, phone numbers, and personality test results.
A job search platform exposed over 5 million resumes, putting millions of job seekers at risk of identity theft and targeted scams.
#resume #dataleak #cybersecurity #privacy
Read more: https://cnews.link/livecareer-resume-data-leak-6/
Cybernews researchFlirtAI wingman app leaked 160K chat screenshots through unprotected cloud storage.
#dataleak #datingapp #privacy #cybersecurity
Read more: https://cnews.link/iphone-flirtai-app-leaks-chat-screenshots-6/
In August 2020, @SchizoDuckie and I published what was to become the first of a series of articles or posts called "No Need to Hack When It's Leaking."
In today's installment, I bring you "No Need to Hack When It's Leaking: Brandt Kettwick Defense Edition." It chronicles efforts by @JayeLTee, @masek, and I to alert a Minnesota law firm to lock down their exposed files, some of which were quite sensitive.
Read the post and see how even the state's Bureau of Criminal Apprehension had trouble getting this law firm to respond appropriately.
Great thanks to the Minnesota Bureau of Criminal Apprehension for their help on this one, and to @TonyYarusso and @bkoehn for their efforts.
Cybernews researchTalentHook, a cloud-based applicant tracking system, left a misconfigured instance open. It spilled tens of millions of job seekers' CVs, full of personal details ranging from full names to home addresses.
#CV #dataleak #cybersecurity #infosec
Read more: https://cnews.link/talenthook-data-leak-exposes-millions-6/
Ransomware Group Anubis has leaked what they extracted from Disneyland Paris
https://www.ransomware.live/id/RGlzbmV5bGFuZCBQYXJpc0BhbnViaXM=
When Cybernews published an article about a 16 billion credentials leak, some of us strongly criticized the article as irresponsible and misleading journalism. Although some people have tried to suggest that the Cybernews article had some value in highlighting infostealers, the article was so riddled with falsehoods and misleading statements that the confusion and misunderstandings it created outweighs any benefit one might try to ascribe to it.
To his credit, @JayeLTee and a colleague have taken the time to analyze the datasets used in Cybernews‘ reporting and to fact-check their reporting with actual data and proof from their own research.
He has now written up their findings, in which they identified no less than five significant false claims by Cybernews. You can read his report here:
https://jltee.substack.com/p/fact-checking-claims-by-cybernews
The Hub of Stupi.. *misconfigs · Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn't
A handful of stolen classified tools sparked one of hacking's greatest mysteries and birthed a legendary cyber group.
With great thanks to @masek and @JayeLTee and others who assisted or tried to, including Rogers ISP and law enforcement in Canada, we can finally say:
Bolton Walk-In Clinic patient data leak locked down!
Read about this very frustrating effort to get exposed patient data locked down:
https://databreaches.net/2025/06/30/bolton-walk-in-clinic-patient-data-leak-locked-down-finally/
Replied in thread
@masek @JayeLTee For the life of me, I cannot understand why this got kicked over to the anti-rackets branch, but thank you for what you managed to accomplish.
I will post an update to this leak on my blog sometime this week, but in the interim:
Any patients of the Bolton Walk-In Clinic should consider filing a complaint with the provincial Privacy Commission and requesting an investigation into the clinic's failure to comply with medical privacy laws such as PHIPA. IMO, the IPC should also be asked to require the clinic to notify every patient whose unencrypted information was exposed.
Additional details about earlier efforts by @JayeLTee and I to get this leak secured can be found in my post at https://databreaches.net/2024/12/03/bolton-walk-in-clinic-in-ontario-lock-down-your-backup-already/
A hacker attack on the University of Massachusetts Dartmouth (UMass Dartmouth) exposed more than 75K students and staff.
Continued thread
Und dann noch im Nachgang ...
Vogt am Freitag: Argument oder Ausrede? - Das Netz ist politisch
- von @revogt
https://dnip.ch/2024/11/22/vogt-am-freitag-argument-oder-ausrede/ #DNIP #Journalismus #journalism #Datenschutz #privacy #DataLeak #Datenleck #Datenschutz #privacy #OneLog #Zensur #censorship
Das Netz ist politisch · Vogt am Freitag: Argument oder Ausrede? - Das Netz ist politischViele Schweizer Zeitungsleserinnen und Zeitungsleser warten nach wie vor auf eine persönliche Information, dass der Logindienst gehackt wurde. Dies sei aus
Von #SingleSignOn Systemen bin ich noch nie ein Freund gewesen: Einmal gehackt, stehen einem sämtliche damit verbundene Accounts offen. Jeder Service verdient seine eigenen Zugangsdaten. Thanks god for password managers 
«In the darkness bind them»: Intransparenz bei OneLog - Das Netz ist politisch
- von @adfichter & @marcel
https://dnip.ch/2024/11/05/onelog-darkness-intransparenz/ #Journalismus #journalism #Datenschutz #privacy #DataLeak #Datenleck #OneLog #Zensur #censorship
Das Netz ist politisch · «In the darkness bind them»: Intransparenz bei OneLog - Das Netz ist politischTransparenz ist die Basis von Vertrauen und vertrauenswürdigem Journalismus. Genau diese fehlt aber rund um das «Schweizer Medien-Login», wie sich OneLog
A pro-Iranian threat actor has dumped the information of thousands of visitors and athletes from one of Saudi Arabia's major sporting events, the Saudi Games.
Attackers claim they've penetrated the Hôpital Privé de la Miotte in France, stealing sensitive personal details, including patients' home addresses.
Another "record" password leak? 
Turns out the 16B password dump is just recycled data! 
Stay sharp, don’t fall for the hype. Read more here: https://cyberinsider.com/16-billion-passwords-dump-hyped-as-record-leak-is-just-recycled-data/ #CyberSecurity #DataLeak #Infosec
CyberInsider · 16 Billion Passwords Dump Hyped as 'Record Leak' Is Just Recycled DataReports claiming a data breach involving 16 billion login credentials, the largest ever seen, are false and misleading.
A state forensics lab was leaking its files. Getting it locked down involved a number of people, notably @JayeLTee and @masek , although yours truly was also involved, as were others:
#dataleak #responsibledisclosure #infosec #govsec
Related:
https://jltee.substack.com/p/forensic-lab-with-links-to-montana-doj-leaks-phone-extracts
https://blog.literarily-starved.com/2025/06/postmortem-assumed-doj-montana-leak-of-phone-dumps/
US Forensic Lab was leaking phone data extracts for multiple cases, including ongoing ones.
Likely the most sensitive data I've found exposed to date, with links to the DOJ in Montana.
Thanks again to @masek and @PogoWasRight for helping get the message to the people responsible for this one.
https://jltee.substack.com/p/forensic-lab-with-links-to-montana-doj-leaks-phone-extracts
The Hub of Stupi.. *misconfigs · Forensic Lab With Links to Montana DOJ Leaks Phone Extracts
As much as I generally detest claims that something should be a wake-up call, @lawrenceabrams response to @cybernews "16 billion" story really should be a wake-up call for any news outlets who repeat any claims of discovered leaks or breaches by Cybernews.
DataBreaches.net will no longer link to Cybernews unless there is some reliable source that confirms that their claims are accurate and that they are not just reporting on leaks that they haven't even seriously tried to get locked down before they report on it.
#journalism #databreach #dataleak #infostealers #passwords #hype #clickbait #ethics