“Don’t do crime, CRIME IS BAD xoxo from Prague” — the Everest ransomware gang’s leak site was hacked and defaced this weekend.

https://techcrunch.com/2025/04/07/someone-hacked-everest-ransomware-gang-dark-web-leak-site/

Funny? Sure. But here’s the dark side:

When ransomware gangs get hacked, victim data often ends up even more exposed—spreading further across the dark web, forums, and private channels.

Hackers hacking hackers isn’t justice. It’s just collateral damage for victims.

You Can Have the Best Security, If Your Habits Are Trash #OPSEC #Cybersecurity #PrivacyMatters #Infosec #ThreatModel #Surveillance #Metadata #DigitalAnonymity #CyberGhost #Encryption #DataLeaks #CyberHygiene #OnlineSecurity #SecureHabits #DeadSwitch

http://tomsitcafe.com/2025/04/04/%f0%9f%a9%b9-you-can-have-the-best-security-if-your-habits-are-trash/

#security #privacy #DataLeaks #SexualContent

'Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.

Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, and LGBT apps Pink, Brish and Translove.'

https://www.bbc.com/news/articles/c05m5m5v327o

BBC: Kink and LGBT dating apps exposed 1.5m private user images online. “Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists. Anyone with the link was able to view the private photos from five platforms developed by M.A.D […]

https://rbfirehose.com/2025/03/30/bbc-kink-and-lgbt-dating-apps-exposed-1-5m-private-user-images-online/

There are entire Telegram channels dedicated to selling your leaked data.

We’re talking:
Full ID bundles (name, address, SSN, license/passport)
Hacked medical records
Database dumps from past breaches

If you’ve uploaded your ID or personal info, it could be there.
Use Optery or Incogni to remove exposed data
Freeze credit. Monitor accounts. Stay alert.

Micah Lee: Exploring the Paramilitary Leaks. “It’s come to my attention that this dataset is rather challenging for journalists and researchers to wrap their heads around. I wrote a book, Hacks, Leaks, and Revelations, aimed at teaching journalists and researchers how to analyze datasets just like this. I’m also quite interested in what’s in here myself – this is one of the only datasets […]

https://rbfirehose.com/2025/03/23/micah-lee-exploring-the-paramilitary-leaks/

ICYMI: RainSMediaRadio NewsMeta Fires 20 Employees Over Alleged Data Leaks and Confidentiality Breaches https://www.rainsmediaradio.com/2025/03/meta-fires-20-employees-over-alleged.html?utm_source=dlvr.it&utm_medium=mastodon Follow, Like & Share #Meta #DataLeaks #Privacy #Cybersecurity #SocialMedia

HIPAA Journal: Clinical Trials Database Containing 1.6 Million Records Exposed Online. “A database containing approximately 1.6 million clinical trial records has been exposed over the Internet and could be accessed without a password. The 2 TB database was found by cybersecurity researcher Jeremiah Fowler, who reports that the database contains 1,674,218 records, including PDF survey results […]

https://rbfirehose.com/2025/02/25/hipaa-journal-clinical-trials-database-containing-1-6-million-records-exposed-online/

Tom’s Hardware: Security researcher finds vulnerability in internet-connected bed, could allow access to all devices on network. “Dylan Ayrey has released an extended blog with the help of Jake King highlighting the security flaws of the Eight Sleep and the steps he ended up taking to make them no longer an issue, particularly in the face of features that wounded up locked behind a […]

https://rbfirehose.com/2025/02/24/toms-hardware-security-researcher-finds-vulnerability-in-internet-connected-bed-could-allow-access-to-all-devices-on-network/

"Hackers leaked thousands of files from Lexipol, a Texas-based company that develops policy manuals, training bulletins, and consulting services for first responders.

The manuals, which are crafted by Lexipol’s team of public sector attorneys, practitioners, and subject-matter experts, are customized to align with the specific needs and local legal requirements of agencies across the country.

But the firm also faces criticism for its blanket approach to police policies and pushback on reforms.

The data, a sample of which was given to the Daily Dot by a group referring to itself as “the puppygirl hacker polycule,” includes approximately 8,543 files related to training, procedural, and policy manuals, as well as customer records that contain names, usernames, agency names, hashed passwords, physical addresses, email addresses, and phone numbers.

Among the manuals seen by the Daily Dot, agencies include police departments, fire departments, sheriff’s offices, and narcotics units."

https://www.dailydot.com/debug/lexipol-data-leak-puppygirl-hacker-polycule/

Spain's Cybersecurity Breach: The Arrest of a Notorious Hacker Targeting Military Agencies

In a significant law enforcement operation, Spanish authorities have apprehended a hacker suspected of orchestrating cyberattacks against critical military and governmental organizations, including NA...

https://news.lavx.hu/article/spain-s-cybersecurity-breach-the-arrest-of-a-notorious-hacker-targeting-military-agencies

The Register: Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek . “Wiz, a New York-based infosec house, says that shortly after the DeepSeek R1 model gained widespread attention, it began investigating the machine-learning outfit’s security posture. What Wiz found is that DeepSeek – which not only develops and distributes trained openly available […]

https://rbfirehose.com/2025/01/31/the-register-guess-who-left-a-database-wide-open-exposing-chat-logs-api-keys-and-more-yup-deepseek/

Engadget: Subaru’s poor security left troves of vehicle data easily accessible. “Subaru left open a gaping security flaw that, although patched, lays bare modern vehicles’ myriad privacy issues. Security researchers Sam Curry and Shubham Shah reported their findings (via Wired) about an easily hacked employee web portal. After gaining access, they were able to remotely control a test […]

https://rbfirehose.com/2025/01/25/engadget-subarus-poor-security-left-troves-of-vehicle-data-easily-accessible/

404 Media: Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location. “Some of the world’s most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law […]

https://rbfirehose.com/2025/01/12/candy-crush-tinder-myfitnesspal-see-the-thousands-of-apps-hijacked-to-spy-on-your-location-404-media/

Voici une étude intéressante autour des mots de passe volés de VPN

Les mots de passe VPN sont-ils sécurisés ? (FR)

Lien vers l'article (l'étude) complet
https://urlr.me/K7R8tJ

Engadget: Huge Volkswagen data leak exposed the locations of 460,000 EV drivers. “A Volkswagen software subsidiary called Cariad experienced a massive data leak that left 800,000 EV owners exposed, according to reporting by the German publication Spiegel Netzwelt. The leak allowed personal information to be left online for months, including movement data and contact information.”

https://rbfirehose.com/2025/01/02/engadget-huge-volkswagen-data-leak-exposed-the-locations-of-460000-ev-drivers/

Search Engine Land: Exploit reveals how and why Google ranks content. “An exploit discovered by Mark Williams-Cook has revealed more than 2,000 properties Google uses to classify queries and websites, as well as specific classifications such as consensus scoring and query types.”

https://rbfirehose.com/2024/12/29/search-engine-land-exploit-reveals-how-and-why-google-ranks-content/

Digital Trends: You can play Halo’s original 1999 demo for the first time. “The Halo franchise has been around for a long time, but we’ve never seen a leak quite this big before. More than 25 years of Halo content has leaked onto the internet, including a playable version of the game from before it was even a first-person shooter.”

https://rbfirehose.com/2024/12/29/digital-trends-you-can-play-halos-original-1999-demo-for-the-first-time/

In November 2024, a BreachForums user called "Nam3L3ss" dumped more than 100 databases on BreachForums. The databases were cleaned-up databases from the Clop MOVEit breach of 2023. He plans to leak even more databases in the coming weeks and months. Some will also be from MOVEit, but he claims there will be many others from other sources.

He is not selling the data. He is just giving it away.

Being a psychologist by background, I really wanted to understand what he has been doing and why. So we chatted. And chatted. And I've written some of it up in a multi-part interview format that begins here:

Conversation with a “Nam3L3ss” Watchdog: Preface
https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-preface/

To jump directly to specific parts:

Part 1, his background and motivation:
https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-part-1-background/

Part 2, his methods:
https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-part-2-methods/

Part 3 ethical concerns and his goals:
https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-part-3-ethics-and-goals/