Substack has disclosed a security incident involving unauthorized access to limited user data, reportedly obtained through scraping activity described by the threat actor as “noisy.”

The company states that credentials and financial information were not affected, and that mitigations were implemented quickly after discovery. Users have been advised to remain cautious of potential phishing attempts.

From an infosec perspective, this incident underscores challenges around detection timing, data exposure via scraping, and post-incident communication.

How should platforms better monitor and respond to large-scale scraping risks?

Source: https://www.securityweek.com/substack-discloses-security-incident-after-hacker-leaks-data/

Engage in the discussion and follow @technadu for measured cybersecurity analysis.

#Infosec #DataExposure #Scraping #IncidentResponse #CyberRisk #TechNadu #SecurityOperations

Naver Corp. CEO Choi Soo-yeon apologized after a technical update exposed past Knowledgei answers of public figures, assuring prompt resolution and full cooperation with regulators.
#YonhapInfomax #NaverCorp #ChoiSooYeon #Knowledgei #PersonalInformation #DataExposure #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=104367

SoundCloud’s December 2025 breach has been added to HIBP, confirming exposure of ~29.8M user accounts.

The incident stemmed from unauthorized access to an internal service dashboard that enabled correlation of email addresses with public profile data. No credentials or financial information were compromised, but the case highlights how internal tooling can expand the attack surface.

What practical controls help reduce correlation risk in large platforms?
Source: https://cyberinsider.com/soundcloud-breach-added-to-hibp-29-8-million-accounts-exposed/

Share insights and follow TechNadu for independent InfoSec coverage.

#InfoSec #SoundCloud #HIBP #DataExposure #PrivacyEngineering #CyberRisk #SecurityOperations

The reported BreachForums database exposure illustrates a recurring pattern in underground ecosystems: infrastructure weaknesses outweigh perceived anonymity.

Key considerations:
• Metadata remains a critical risk vector
• Forum resilience often masks fragile backends
• Legal and reputational fallout can be long-lasting

This incident reinforces why data minimization and secure configuration matter - regardless of intent or audience.

Source: https://cybersecuritynews.com/breachforums-hack/

Join the discussion and follow @technadu for fact-based cybersecurity reporting.

#InfoSec #ThreatIntel #DarkWeb #DataExposure #CyberRisk #OperationalSecurity

Healthcare staff data is being exposed at alarming rates — protecting patients starts with protecting those who care for them. 🩺🔓 #HealthDataSecurity #DataExposure

https://www.helpnetsecurity.com/2025/12/05/incogni-healthcare-staff-data-exposure-report/

Researchers enumerated 3.5B WhatsApp phone numbers through the platform’s contact-discovery feature, revealing public profile photos and text for millions of users. Meta applied rate-limiting after the disclosure and says no non-public data was exposed.
This case raises important questions about phone numbers as identifiers and long-term privacy safeguards.
Share your insights & follow for more security-focused analysis.

#InfoSec #CyberSecurity #Privacy #DataExposure #WhatsApp #SecurityResearch #DigitalIdentity #TechNadu

Two billion email addresses were exposed

https://www.troyhunt.com/2-billion-email-addresses-were-exposed-and-we-indexed-them-all-in-have-i-been-pwned/

#HackerNews #emailbreach #dataexposure #cybersecurity #privacy #awareness

South Carolinas Dillon County probes possible hack #DillonCounty #SouthCarolina #NetworkDisruption #ForensicInvestigation #LawEnforcement #DataExposure #Cyberattack https://dysruptionhub.com/dillon-county-sc-possible-hack/

Oops… Ernst & Young accidentally exposed 4TB of data on Azure — a reminder that even experts can slip when cloud hygiene falters. ☁️🧾 #CloudSecurity #DataExposure

https://securityaffairs.com/184062/data-breach/ernst-young-exposes-4tb-sql-server-backup-publicly-on-microsoft-azure.html

4TB and no client or personal data eh? 👏🏻

https://infosec.exchange/@technadu/115475109972392589 - A 4TB SQL Server backup tied to EY was exposed on Microsoft Azure, discovered by Neo Security during an asset mapping scan.

EY remediated promptly, confirming no client or personal data was affected.

#CyberSecurity #EY #DataExposure #Azure #Infosec #ThreatIntel #DataProtection #CloudSecurity

A 4TB SQL Server backup tied to EY was exposed on Microsoft Azure, discovered by Neo Security during an asset mapping scan.

The file’s naming pattern and metadata indicated it was a full unencrypted database dump - a critical visibility gap in cloud storage hygiene.

EY remediated promptly, confirming no client or personal data was affected.

As botnets continuously scan public cloud assets, how can enterprises proactively detect these exposures before attackers do?

💬 Join the discussion & follow @technadu for deeper security intelligence.

#CyberSecurity #EY #DataExposure #Azure #Infosec #ThreatIntel #DataProtection #CloudSecurity

compliance-savvy narratives to amplify pressure and market impact. Defenders must assume both data leakage and reputational/legal escalation vectors when triaging similar claims. #ransomNews #redhat #dataexposure

Event startup Partiful wasn’t stripping GPS locations from user-uploaded photos

https://fed.brid.gy/r/https://techcrunch.com/2025/10/04/event-startup-partiful-wasnt-stripping-gps-locations-from-user-uploaded-photos/

⚠️ WestJet breach leaks travel data of 12M The Canadian airline WestJet suffered a data breach exposing flight itineraries, passport info, email addresses and more for 12 million customers. The airline is notifying affected individuals. #ransomNews #WestJetBreach #DataExposure

Thousands of Indian bank transfer records found online

https://fed.brid.gy/r/https://techcrunch.com/2025/09/25/thousands-of-indian-bank-transfer-records-found-online/

Salesloft confirms breach via GitHub → attackers stole Drift OAuth tokens & compromised Salesforce integrations.

Victims include Cloudflare, Zscaler, Palo Alto, Tenable, Rubrik, Proofpoint, Elastic & more (700+ orgs).
Experts: Non-human identities like API tokens are the next security blind spot.

💬 How is your org tackling API token risks? Follow @technadu for updates.

#Salesloft #GitHubBreach #CyberAttack #DataExposure #ThreatActor #CyberSecurity #SupplyChainRisk

🚨 CVE-2025-49870: High-risk SQLi in WordPress Paid Membership Subscriptions plugin (10K+ sites).
✅ Fixed in v2.15.2
❌ Exploitable without login
💥 Attackers could query or tamper with DB data
Still shocking to see SQL injection so prevalent in 2025.
💬 Are devs overlooking basics, or is plugin culture the real issue?
🔔 Follow @technadu for more threat intel.

#WordPress #SQLInjection #Vulnerability #PluginSecurity #WebSecurity #DataExposure #CMSecurity

🚨 Security researcher finds 1,300+ exposed TeslaMate servers leaking
Tesla data — from trip locations to charging times.

⚡ “You’re unintentionally sharing your car’s movements with the world.” – Seyfullah Kiliç, SwordSec
💬 Who’s responsible — open-source devs or end-users?

🔎 Follow @technadu for more #infosec & #privacy insights.

#Tesla #CyberSecurity #DataExposure

👜 Louis Vuitton suffers global data breach impacting customers in the UK, South Korea, and Turkey. Luxury comes at a cost—especially when data is on the line.
#LuxuryBreach #DataExposure 🌐🔓

https://securityaffairs.com/179908/data-breach/global-louis-vuitton-data-breach-impacts-uk-south-korea-and-turkey.html

🔐 94% of enterprises faced API security incidents in the past year—yet only 36% have dedicated API security solutions. Time to rethink your strategy.
#APISecurity #DataExposure 🚧📊

https://www.helpnetsecurity.com/2025/07/08/report-enterprise-api-security-risks/