FireEye disclosed yesterday: a sophisticated state-actor compromise of FireEye's network with theft of the company's red-team assessment tooling. The disclosure is unusual in its candour and the implications are wider than the tools themselves.
Twitter accounts of Obama, Musk, Bezos, and many others compromised yesterday for a Bitcoin scam. The technical mechanism is internal-tooling abuse via social engineering of Twitter staff. The platform-trust implications are substantial.
easyJet disclosed today: 9 million customer records and approximately 2,200 payment-card details, taken in a sustained intrusion through January and February. The disclosure-timing question is going to be the regulatory point of focus.
Capital One disclosed yesterday: 100 million records, exfiltrated from S3 by a former AWS employee through SSRF against a misconfigured WAF. The cloud-side architecture lessons are operationally important.
Citrix disclosed yesterday that the FBI had notified them of an intrusion. Resecurity attributes to IRIDIUM and indicates six terabytes of internal documentation taken. The vendor-side compromise category continues.
Quora disclosed yesterday: 100 million users affected in a breach detected on Friday. The disclosure is fast and the password posture is sound. A useful contrast with Marriott.
Marriott disclosed yesterday: 500 million guest records taken from the Starwood reservations database, with unauthorised access dating back to 2014. The acquisition-due-diligence question is the structural lesson.
Facebook disclosed yesterday that 50 million access tokens were taken via a chained vulnerability in the View As feature. The technical detail and the GDPR exposure are both substantial.
Reddit disclosed yesterday: an attacker bypassed the company's SMS-based two-factor authentication and accessed historical user data including a 2007 backup. The lesson is about SMS as a second factor.
Uber disclosed yesterday that 57 million records were taken in October 2016. The company paid the attackers $100,000 to delete the data and called it a bug bounty. The disclosure ethics here are, even by the standards of this year, exceptional.
Equifax disclosed yesterday: 143 million US consumers, plus UK and Canadian populations. Apache Struts, the March CVE we patched in March. The window between exploit and exploitation is the operational story.
Yahoo confirmed today: a 2014 breach affecting at least 500 million accounts. State-actor attribution. The disclosure timing during a Verizon acquisition is its own story.
Wikileaks publishes the DNC email cache the day before the Democratic Convention. The disclosure timing, the Guccifer 2.0 persona, and CrowdStrike's attribution to Russian state actors are converging on a different kind of incident.
The LinkedIn breach from 2012 has resurfaced, and the population is not 6.5 million as originally disclosed. It is 167 million. Credential reuse just got worse.
TalkTalk has disclosed a breach. Customer data, possibly including bank details. The incident response and communications have been remarkable in their unevenness.
The Impact Team carried out the threat. Two dumps in three days, the second containing source code and CEO email. The harm pattern I worried about in July is in motion.
Avid Life Media has confirmed a breach of Ashley Madison. The Impact Team are demanding the site close. The disclosure conversation has shifted into a domain where consent, identity, and harm intersect uncomfortably.
OPM has disclosed a major intrusion. Four million current and former federal employees, on the early count. The SF-86 question changes the threat model.
Anthem disclosed last night. Eighty million records, including Social Security numbers. The early indicators point at a credential-driven path with database-side data movement.