CTRL + ALT + SEC

Tag: PII

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/29/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online

This colossal data exposure involving ClaimPix, an auto insurance claims platform, serves as a stark warning about the pervasive dangers of basic security failures in the digital age. The discovery of an unsecured, unencrypted database containing a staggering 10.7 terabytes and 5.1 million files highlights critical shortcomings in data governance and cloud configuration management. For a platform entrusted with managing sensitive insurance and vehicle information, leaving such a massive repository of customer PII and operational data publicly accessible due to a lack of a simple password is a fundamental breach of trust and duty. This incident underscores that even with advanced security threats dominating the news, the simplest oversight—like misconfiguring storage access—can lead to catastrophic consequences.

The contents of the leak reveal the severe implications for data privacy and corporate legal exposure. Beyond standard PII like names and addresses, the exposure of vehicle records (VINs, license plates) and, most critically, approximately 16,000 Power of Attorney documents elevates the risk far beyond mere inconvenience. This combination of personal identity details and legal authorization is a potent toolkit for sophisticated criminals, enabling everything from identity theft and financial fraud to the highly specialized crime of vehicle cloning. The severity of this specific data mix places ClaimPix under immense scrutiny for compliance violations and potential long-term harm to the affected customers, demanding a comprehensive and transparent response regarding the full duration of exposure and the root cause.

While ClaimPix’s swift action to secure the database upon receiving the responsible disclosure is commendable, the lingering questions concerning the entity responsible for the database—whether ClaimPix directly or a third-party vendor—are paramount for risk analysis. This ambiguity is a key point for every business professional, emphasizing the critical need for rigorous vendor risk management and clear data ownership protocols. The incident provides an urgent case study for organizations to stress-test their security architectures, focusing on mandatory encryption, multi-factor access controls, and regular audits of cloud storage configurations. Ultimately, the ClaimPix leak is a powerful reminder that proactive, fundamental security hygiene is the bedrock of corporate responsibility and essential for maintaining customer trust in a data-driven ecosystem.

Projects
- TryHackMe – Firewall Fundamentals – Complete
- TryHackMe – IDS Fundamentals – In Progress
Articles
- Ransomware gang sought BBC reporter’s help in hacking media giant – Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a significant amount of money.
- Japan’s largest brewer suspends operations due to cyberattack – Asahi Group Holdings, Ltd (Asahi), the brewer of Japan’s top-selling beer, has disclosed a cyberattack that disrupted several of its operations.
- UK convicts “Bitcoin Queen” in world’s largest cryptocurrency seizure – The Metropolitan Police has secured a conviction in what is believed to be the world’s largest cryptocurrency seizure, valued at more than £5.5 billion ($7.3 billion).
- Google Ads Used to Spread Trojan Disguised as TradingView Premium – Bitdefender warns that the TradingView Premium ad scam now targets Google ads and YouTube, hijacking verified channels to spread spyware.
- Dutch teens arrested for trying to spy on Europol for Russia – Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday.
- US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online – Cybersecurity researcher Jeremiah Fowler discovered a massive 10.7TB ClaimPix leak exposing 5.1M customer files, vehicle data, and Power of Attorney documents. Read the full details.
- Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M – Medusa ransomware group claims 834 GB data theft from Comcast, demanding $1.2M ransom while sharing screenshots and file listings.
- Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws – Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers.
- Allianz Life says July data breach impacts 1.5 million people – Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are impacted.
- That annoying SMS phish you just got may have come from a box like this – Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing messages in campaigns that have been ongoing since 2023, researchers said.
Podcasts
October 6, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/14/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications

This reveals a significant data breach within McDonald’s recruitment platform, McHire, exposing the personal information of 64 million job applicants. The breach stemmed from two critical vulnerabilities: the persistence of default “123456” credentials for a test account belonging to Paradox.ai (the bot’s creator) and an insecure direct object reference (IDOR) weakness in an internal API. These flaws allowed security researchers Ian Carroll and Sam Curry unauthorized access to applicant data, including names, addresses, phone numbers, email addresses, and even the ability to view and intervene in ongoing chatbot conversations. The ease with which such widespread data could be accessed highlights severe lapses in security protocols and underscores the potential for malicious actors to exploit similar weaknesses if not promptly addressed.

The incident underscores the paramount importance of robust security practices, particularly in platforms handling vast amounts of personal identifiable information (PII). The fact that a simple, unchanged default password from a 2019 test account could grant administrative access, combined with an IDOR vulnerability allowing sequential access to applicant records, points to fundamental oversights in development and testing. While Paradox.ai swiftly remediated the vulnerabilities upon notification, the incident serves as a stark reminder that even seemingly minor security gaps can have massive implications. It also calls into question the adequacy of their penetration testing, as these issues were not identified internally prior to the researchers’ discovery.

Despite the swift resolution and Paradox.ai’s assertion that only chat interactions of five applicants were accessed by the researchers and no data was shared online, the potential for harm was immense. The exposure of 64 million applicant records, even without highly sensitive data like Social Security numbers, still presents a significant privacy concern and could lead to various forms of targeted attacks like phishing. This incident should prompt other companies utilizing similar third-party recruitment platforms to scrutinize their own security measures and demand higher standards from their vendors to prevent similar breaches and safeguard applicant data.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications – Two vulnerabilities in an internal API allowed unauthorized access to contacts and chats, exposing the information of 64 million McDonald’s applicants.
- Google Gemini flaw hijacks email summaries for phishing – Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links.
- Telegram Messenger’s Ties to Russia’s FSB Revealed in New Report – The Telegram messaging app may have ties to Russia’s Federal Security Service (FSB), according to an investigation.
- Louis Vuitton suffers two hacks in a week as customer data is accessed in UK and Korea – Louis Vuitton has revealed that customer data was stolen during an unauthorised breach of the fashion giant’s UK operation’s systems.
- Russian Basketball Star Daniil Kasatkin Arrested in Ransomware Probe – Daniil Kasatkin, a Russian pro basketball player, faces US ransomware charges after his Paris arrest. His lawyer claims he’s “useless with computers,” raising questions about his alleged negotiator role in cybercrime.
- Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack – To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration.
- China’s Salt Typhoon Hacked US National Guard – Chinese hacking group Salt Typhoon targeted a National Guard unit’s network and tapped into communications with other units.
- Former US Army member confesses to Telecom hack and extortion conspiracy – A former US Army soldier pleaded guilty to hacking telecom databases, stealing data, and extorting companies by threatening to release the stolen info.
- Popular fitness app Fitify exposes 138K user progress photos – Fitify’s publicly accessible Google cloud storage bucket has exposed hundreds of thousands of files. Some of the files were user-uploaded progress pictures that individuals upload to track their body changes over time. After Cybernews contacted the company, the unprotected instance was closed.
- Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network – China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units.
July 21, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/16/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: 16 Billion Apple, Facebook, Google And Other Passwords Leaked

The confirmed leak of an estimated 16 billion login credentials, including passwords, making it potentially the largest breach in history. Unlike previous reports of individual company breaches, this “mother of all leaks” is attributed to multiple infostealers, aggregating data from a vast array of online services, including major platforms like Apple, Facebook, and Google, as well as VPNs and developer portals. Crucially, cybersecurity researcher Bob Diachenko clarified that this isn’t a direct breach of these large companies’ databases but rather a collection of credentials found in infostealer logs, often linked to reused passwords. This makes the leak a severe threat, serving as a “blueprint for mass exploitation” through phishing and account takeovers, emphasizing the urgent need for robust password hygiene.

The incident reignites the debate surrounding cybersecurity responsibility. While many experts, like Javvad Malik, advocate for a “shared responsibility” model, where both organizations protect users and individuals remain vigilant, others like Paul Walsh of MetaCert disagree. Walsh argues that expecting users to become security experts when even security providers struggle against sophisticated phishing attacks is unreasonable. This highlights a fundamental tension: while users are urged to adopt stronger password practices and multi-factor authentication, the industry also faces pressure to develop more inherently secure authentication methods that mitigate the risk posed by compromised databases, irrespective of password complexity.

In response to such massive leaks, the article strongly advocates for a pivotal shift from traditional passwords to more secure passkey technology. Experts like Rew Islam from Dashlane, co-chair of the FIDO Alliance, emphasize that passkeys are no longer a “nice-to-have” but an “essential” security measure, especially with major players like Facebook recently adopting them. Passkeys leverage factors users already employ, like facial or fingerprint recognition, offering a more convenient and significantly more secure authentication experience. The expectation is that widespread adoption by more companies, from banks to social media, will build user confidence and eventually lead to passkeys becoming the dominant authentication method for the majority of internet users within the next three years.

Projects
- TryHackMe – Hashing Basics – In Progress
Articles
- Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web – Resecurity researchers found 7.4 million records containing personally identifiable information (PII) of Paraguay citizens on the dark web.
- 16 Billion Apple, Facebook, Google And Other Passwords Leaked – If you thought that my May 23 report, confirming the leak of login data totaling an astonishing 184 million compromised credentials, was frightening, I hope you are sitting down now. Researchers have just confirmed what could be the largest leak ever, with an almost incredulous 16 billion login credentials, including passwords, exposed.
- Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider – Cloudflare on Thursday said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps).
- Iran’s government says it shut down internet to protect against cyberattacks – Earlier this week, virtually everyone in Iran lost access to the internet in what was called a “near-total national internet blackout.”
- Russian hackers bypass Gmail MFA using stolen app passwords – Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials.
Podcasts
June 23, 2025