BleepingComputer

@[email protected]
18K Followers
7 Following
7.4K Posts

Breaking technology news, security guides, and tutorials that help you get the most from your computer.

Feel free to send us story tips at [email protected].

Sometimes a bot, sometimes not.

Websitehttps://www.bleepingcomputer.com/
Twitterhttps://twitter.com/BleepinComputer
Show threadBleepingComputerMar 21, 2025

The threat actor who claimed to breach Oracle Cloud shared the following URL as proof of the breach showing what appears to be a file containing their email address uploaded to Oracle's servers:

https://web.archive.org/web/20250301161517/http:/login.us2.oraclecloud.com/oamfed/x.txt?x

BleepingComputer contacted Oracle with further questions about how the threat actor was able to do so.

Wayback Machine

Show threadBleepingComputerNov 1, 2024
BleepingComputer has discovered this is a far larger campaign, where threat actors are impersonating support centers for Amazon, Adobe, Facebook, Hulu, YouTube TV, Peakcock TV, Verizon, Netflix, Roku, PayPal, Squarespace, Grammarly, iCloud, Ticketmaster, and Capital One.
Show threadBleepingComputerJun 3, 2024

Last week, the same researchers shared a sample of this data with us that contained BleepingComputer forum accounts.

All of these credentials were stolen via information-stealing malware based on the format (url:name:password) of the data.

Show threadBleepingComputerMar 11, 2024
After making purchases, its common for fraudsters to publish pictures of their Roku order confirmations to provide rep to the seller, proving that the stolen accounts work.
Show threadBleepingComputerMar 11, 2024

Threat actors have been conducting credential stuffing attacks on Roku for the past few months using Open Bullet 2/SilverBullet configs that rotate through proxies to bypass brute force detections.

The stolen Roku accounts are then sold for as little as 50ยข each on stolen account marketplaces that provide instructions on how to hijack them to illegally purchase hardware using the stored credit card.

Show threadBleepingComputerMay 3, 2023

After the publishing of our story, Clop ransomware told BleepingComputer they deleted Brightline's data, not realizing what business they were in.

Article updated:

Show threadBleepingComputerMar 9, 2023
The Health Benefit Exchange Authority shared the following statement with BleepingComputer about the DC Health Link data breach, confirming our reporting that data was posted online.
Show threadBleepingComputerMar 9, 2023

The stolen information is already up for sale on a hacking forum, with the threat actor (IntelBroker) claiming it contains the information of at least 170,000 individuals.

A sample shows it includes names, dates of birth, addresses, emails, phone numbers, SSNs, and much more.

Show threadBleepingComputerMar 9, 2023

The personal information of House members and their staff was stolen from the servers of DC Health Link, the House health care plan admin.

Impacted U.S. House members were notified of the breach via email by House CAO Catherine L. Szpindor, as first reported by
Henry Rodgers (https://twitter.com/henryrodgersdc)

Twitter

Twitter
Show threadBleepingComputerMar 1, 2023

In the private advisory, LastPass asked business customers to keep the information "confidential", but it was ultimately leaked to the public.

To prevent the advisories from being indexed by search engines, these advanced disclosures contained the noindex HTML tags.