A dump called "Collection #1" has been released by parties unknown, containing email addresses and cracked passwords: in its raw form, it contains 2.7 billion records, which Troy "Have I Been Pwned" Hunt (previously) de-duplicated to come up with 773 million unique records -- of those 140,000,000 email addresses and 10,000,000 passwords have never been seen in the HaveIBeenPwned database before. Read the rest

After a successful phishing attack that captured over 50 accounts, hackers stole 500,000 records from the San Diego Unified School District, for staff, current students, and past students going all the way back to 2008; including SSNs, home addresses and phone numbers, disciplinary files, health information, emergency contact details, health benefits and payroll info, pay information, financial data for direct deposits. Read the rest

Facebook has notified 6.8 million users that, due to a bug, the company allowed its third-party developers to access all the users' photos, including those marked as private. Read the rest

Equifax doxed 145 million Americans, dumping their most sensitive financial data into the world forever, with repercussions that will be felt for decades to come. Read the rest

Long before Quora admitted to being breached and losing 100,000,000 million users' account data, it had disqualified itself from being used, by dint of its impulse to hoard knowledge and the likelihood that its limping business model would cause it to imminently implode. Read the rest

A user called FBSaler is offering personal data for Facebook users at $0.10 each, claiming to have account data from 120,000,000 users to offer; to prove that they have the goods, they've dumped the private messages sent by 81,000 Facebook users; and account data from 176,000. Read the rest

Cathay Pacific started investigating a potential breach in March; by May they'd learned of breaches to a system with 9.4 million travelers' data on it, then for some reason they didn't tell anyone about it, until now: "The following personal data was accessed: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks and historical travel information." They are sorry if you are upset: "We are very sorry for any concern this data security event may cause our passengers." Read the rest

Yesterday, at least 90,000,000 Facebook users were forced to log back into the service without any explanation; later, the company revealed that at least 50,000,000 of them had been hacked, but wouldn't say how. Read the rest

When news broke yesterday that Facebook had suffered a breach affecting at least 50,000,000 users, Facebook users (understandably) began to widely share links to articles about the breach. Read the rest

Firefox Monitor is a new service from Mozilla that draws on data from Have I Been Pwned? (previously) to keep you informed when your data is breached and shows up online. The service also includes important advice, including "Treat security questions like extra passwords" by creating "long, random answers." It's good advice: certainly, it's easier to put into practice than convincing your mother to travel back in time and change her "maiden name." Read the rest

When Vancouver tech retailer NCIX went bankrupt, it stopped paying its bills, including the bills for the storage where its servers were being kept; that led to the servers being auctioned off without being wiped first, containing sensitive data -- addresses, phone numbers, credit card numbers, passwords, etc -- for thousands of customers. Also on the servers: tax and payroll information for the company's employees. Read the rest

Jesse writes, "Vancouver tech retailer NCIX was driven into the ground last year (much to the morbid fascination of local techies). Now their fetid corpse is in the news again, after their SQL servers were sold for $1500 at auction without being wiped, containing the personal data – including credit card details – of thousands of customers." Read the rest

Last year Equifax sheepishly admitted that it had breached hundreds of millions of Americans', Britons' and Canadians' private financial data and then suppressed the news (subsequent months revealed that the company had suffered multiple breaches, so many it didn't know what it had lost and wasn't looking very hard). Read the rest

The porn extortion scam works like this: you get an email from a stranger claiming that he hacked your computer and recorded video of you masturbating to pornography, which he'll release unless you send him some cryptocurrency. Read the rest

On August 2, 2017, security researcher Dylan Houlihan contacted Panera Bread to warn them that their customer loyalty website had a serious defect that allowed attackers to retrieve the names, email and physical addresses, birthdays and last-four of the credit cards for up to seven million customers. Read the rest

Fedex acquired a company called Bongo International in 2014; Bongo specialized in helping North American companies sell overseas and after the acquisition, Fedex renamed the company FedEx Cross-Border International. Read the rest

A leaked set of disclosures made by Equifax to the US Senate have revealed that the breach of 145.5 million Americans' sensitive financial data was even worse than suspected to date: in addition to data like full legal names, dates of birth, Social Security Numbers, and home addresses, it appears that Equifax also breached drivers' license numbers and issue-dates. Read the rest