Recent Breaches & Leaks - A thread documenting modern hacks and database leaks (mostly as a result of DEI vibe coders)

  • 🔧 Site instability resolved. You can report double-posts and broken attachments. For bigger issues, use the Technical Grievances thread.
    🇵🇦 Nuestro primer dominio localizado está en español en kiwifarms.pa. Our first localized domain is on Spanish on kiwifarms.pa.
  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
Destacado
Organized Derailment

Organized Derailment

Now yous can't breathe.
kiwifarms.net
Registrado
27 de Sep, 2021
I'll start by sharing the Tea App security incident.

Someone on 4chan hacked Tea App - Python script that scrapes a Firebase public Bucket and downloads all of the users photos/drivers licenses. No authentication required or anything. Bank of America (maybe wells Fargo) did the same exact thing for YEARS with mobile deposits. Just millions of check images in a public AWS bucket. Jeet coding at it's finest IMO.

SCR-20250725-jckg.webp
 
Pardon my callousness about this situation but

Dumb fucking whores that are so social media brain-rotted that they can't judge a dude's character with their five God-given senses thinking it's perfectly normal to publicly hyper-analyze and tarnish the reputation of average dudes for fun deserve this so bad. In a just world, they'd be made an example of and this would never happen again.

When guys break up with a lunatic psychopath woman, they only tell their closest buddies and their future partners about her. When a modern woman loses an argument once, she tells the entire world he's a dangerous narcissist until the end of time and, if TikTok is any indication, even while they're still in the fucking relationship.

Edit: I was having a shit day when I wrote this lol. Still, hoes be trippin' or whatever
 
Última edición:
I'm absolutely baffled that so many of these giant corpos just had social security numbers, credit card numbers, and bank accounts in plaintext repositories.

Is basic encryption beyond the skillset of India's finest poo coders?
 
Jace on ice dijo:
I'm absolutely baffled that so many of these giant corpos just had social security numbers, credit card numbers, and bank accounts in plaintext repositories.

Is basic encryption beyond the skillset of India's finest poo coders?
Presiona para expandir...
How else are they going to sell your data to foreign powers?
 
I have a strong suspicion that Tea was a giant honeypot and 4chan is being implicated to try and get rid of it (it will work this time for sure.)
 
Black Man Underwear dijo:
How else are they going to sell your data to foreign powers?
Presiona para expandir...
I mean they could keep it encrypted at rest then use the buyers public key to encrypt for transit… under no circumstance should data like this be publicly accessible & unencrypted.
Jace on ice dijo:
I'm absolutely baffled that so many of these giant corpos just had social security numbers, credit card numbers, and bank accounts in plaintext repositories.

Is basic encryption beyond the skillset of India's finest poo coders?
Presiona para expandir...
Jeets never learned about PKI.
 
Última edición:
grapeshark77 dijo:
I looked at their Instagram and this reply is being spammed in the comments to anyone who asks about the leak. It seems a little convenient that it's two years old and everyone is totally safe now.

Ver archivo adjunto 7691314
Presiona para expandir...
They say their data is deleted right away, but the question is why they’ve stored data for two years at this point (if not indefinitely). Sounds like grounds for a class action lawsuit/tort if true.

The response also totally sounds like a woman talking.
 
Jace on ice dijo:
I'm absolutely baffled that so many of these giant corpos just had social security numbers, credit card numbers, and bank accounts in plaintext repositories.

Is basic encryption beyond the skillset of India's finest poo coders?
Presiona para expandir...
It's easier to live life believing that none of your information is private and to handle hardship as it comes as a result of a faulty system and overconfident companies who ask too much.
Note that when the Social Security program was put into place it was insisted it not be used as an identifier or serial number as it is today.
 
NASCAR RANSOMWARE INCIDENT

Between March 31 and April 3 (2025) NASCAR was targeted by the Medusa ransomware group in a cyberattack that resulted in over 1 terabyte of internal data being stolen. This included info like staff emails, Social Security numbers, sponsorship contracts, facility maps, legal documents, and internal credentials etc.. The attackers demanded a $4 million ransom and publicly listed NASCAR on their leak site on April 8. NASCAR didn’t confirm the breach publicly until late July, Still don't know if NACAR paid ransom or not. Hopefully they had immutable backups and told the ransomware chinks to eat cock.
 

WestJet confirmed that a June 13 cyberattack exposed the personal data of about 1.2 million customers. Hackers gained access through Citrix after resetting an employee’s password, compromising both Windows and Microsoft cloud networks.

Stolen data includes names, birthdates, addresses, passports or IDs, travel details, complaints, West(Jeet) Rewards information, and RBC Mastercard records, though no card numbers, CVVs, expiry dates, or passwords were taken. The FBI is assisting, and WestJeet is still investigating the full impact. Affected customers are being offered two years of free identity theft protection and monitoring, redeemable by November 30.
 
70,000 government IDs stolen in Discord breach.
Link
Omnicapeshit dijo:
On Wednesday, Discord said that ID images of roughly 70,000 users “may have had government-ID photos exposed” in a recent breach of a third-party service Discord entrusted to manage the data. The affected users had communicated with Discord’s Customer Support or Trust & Safety teams and subsequently submitted the IDs in reviews of age-related appeals.
Presiona para expandir...
 
Omnicapeshit dijo:
70,000 government IDs stolen in Discord breach.
Link
Presiona para expandir...
vxunderground claims it's much, much worse than what dicksword announced. (xitter 1, xitter 2)
Discord is being extorted by the people who compromised their Zendesk instance
They've got 1.5TB of age verification related photos. 2,185,151 photos
tl;dr 2.1m Discord users drivers license and/or passport might be leaked. Unknown number of e-mails
Presiona para expandir...
Previously, the Threat Actors responsible for the Discord Zendesk compromise claimed they had gotten access by compromising a BPO (Business Process Outsource) employee.They were not lying.It turns out that in August the Threat Actors who compromised Discord began sending emails to Discord outsourced employees offering them money in exchange for access to Discords internals.The people they emailed was a very small team located in Southeast Asia. This particular office only has a handful of employees assigned to working Discord helpdesk (including age verification). This team is assigned to primarily handle back log work. This team had a great deal of access and were believed to be "trusted".One of the emails this small team received offered $500 compensation to prove they're a Discord BPO employee. They offered an additional "several thousand dollar" lump sum payment in exchange for giving them access.The Discord BPO employees were told to ignore the emails. Unfortunately, it appears one of these BPO employees did not ignore the emails and accepted the bribe.$500 in this Southeastern Asian country is an astronomical amount of money. The "several thousand dollar" lump sum payment would be enough for this person to live comfortably for several years in their country.
Presiona para expandir...
It'd be really funny so I hope it's true, despite the source and those leak rumours always being massively exaggerated. Never forget those allowing, if not mandating those incompetent companies to process your personal information are responsible in equal measure and should be dealt with pitchforks.
 
Combustion Engine dijo:
It'd be really funny so I hope it's true, despite the source and those leak rumours always being massively exaggerated. Never forget those allowing, if not mandating those incompetent companies to process your personal information are responsible in equal measure and should be dealt with pitchforks.
Presiona para expandir...
people who were honest with their age and actually submitted their ids are giant cattle
 
Destacado
Debes iniciar sesión o registrarte para responder aquí.
Atrás
Top Abajo