Back in March 2024, a leak from the American internet provider AT&T was published containing the user data of over 73 million AT&T customers. This included names, telephone numbers, addresses, SSNs (Social Security numbers) and poorly encrypted passwords. At least 7.6 million of the passwords, i.e. over 10%, have already been decrypted by hackers. According to AT&T, they are not aware of the source of the leak. (Tech Crunch)
This was not the only time that AT&T’s customer data fell into the wrong hands. In April 2024, AT&T noticed a second leak in which phone numbers, call history and other metadata about calls and text messages were stolen. Message and call content is not recorded and, according to AT&T, was not stolen, but “almost all” 116 million customers are affected. The data comes from Snowflake, a company that AT&T uses to analyze customer data. (Tech Crunch)
Also in April of this year, the “service” spy.pet was launched, which had been recording and collecting messages on public Discord servers for months. Over 4 billion messages from over 620 million users, spread across 14,000 chat servers, are said to have been affected. Although the messages themselves are all public, spy.pet sorted them by user so that instead of having to search through all 14,000 servers yourself, you could see all of a user’s messages at once, including deleted and edited messages. (The Register)
An American subsidiary of the Japanese car manufacturer Toyota was the victim of a far-reaching data leak this August. The 240 GB leak includes contact, financial, customer and employee data, as well as databases, network infrastructure, emails and other data.
All data since December 2022 is not included, which suggests that the leak may have been obtained from an old backup server. (Bleeping Computer)
In October last year, the Internet Archive, the world’s largest online library and preservation site, suffered 3 major attacks. A DDoS attack followed by a data leak of the main site on October 10th. Another data leak of the Internet Archive’s Zendesk site became known on October 20. The Zendesk site was responsible for archive support requests. The first leak included login data from over 31 million user accounts, the second one included over 800 thousand partially confidential support tickets. (Bleeping Computer, Bleeping Computer)
JONATHAN ZELLER
Junior Software Developer
sequire technology