| Website | https://XposedOrNot.com |
| Blog | https://blog.xposedornot.com/ |
| GitHub | https://github.com/DevaOnBreaches |
Hey everyone, quick question for @XposedOrNot Community Edition (breach alerts and monitoring), which mode should we set as default?
Got a surprise gift for one of you who votes ✨
Credential theft is still the easiest way attackers get into organizations.
The new Verizon DBIR paints a pretty eye-opening picture.
First up:
Credential reuse and theft are behind most initial access breaches. No big zero days. No fancy backdoors. Just stolen or reused passwords.
Only about 3% of passwords meet today's complexity standards.
Most are still way too simple.
(Seriously, longer passphrases are the way to go.)
When credentials are stolen, attackers don’t just log in and poke around.
They often hit Basic Web Application Attacks and sometimes even hijack compromised API keys along with it.
Now here's something scary:
30% of devices found in infostealer logs were enterprise-licensed.
And 46% of those mixed personal and business credentials on the same machine.
In ransomware cases, the overlap is even worse.
54% of ransomware victims had their domains show up in infostealer logs.
And 40% of those had corporate email addresses exposed too — making credential reuse a ticking time bomb.
Credential misuse doesn’t just start attacks.
68% of breach incidents involved stolen creds somewhere during the attack chain.
Managing all this isn’t easy either.
Credential reuse in third-party environments?
It took a median of 94 days to remediate fully. Ouch.
Another big stat:
About 40% of all stolen credentials include a corporate email address.
That’s prime material for lateral movement and account takeovers.
And finally...
Third-party involvement in breaches has doubled this year. From 15% to 30%.
Supply chain risks are no joke anymore.
👀 The threat landscape evolves, but weak and reused credentials stay at the heart of it all.
🔗 Full Verizon DBIR report here: https://www.verizon.com/business/resources/reports/dbir/
Here’s your weekly #databreach news roundup:
Baltimore City Public Schools, MTN, Frederick Health, WorkComposer, and Blue Shield of California.
https://blog.xposedornot.com/weekly-databreaches-roundup-week-17-2025/
Baltimore City Public Schools was hit by a #databreach affecting over 31,000 people, including employees, volunteers, and students. Sensitive info compromised.
MTN Group reveals a cybersecurity incident compromising the personal info of some subscribers in certain markets. Network & billing systems are unaffected, investigation is ongoing. Affected customers will be notified soon. #databreach
My weekend plan is to boost my pylint score (it's stuck at 9.22, lol) and finally upgrade my dev setup from Ubuntu 20.04 to 24.04.
It's time for some cleanup!
What's your plan for this weekend?
XposedOrNot: Open-source API for real-time alerts on domain data breaches. Protects your online identity with user-friendly monitoring and immediate notifications. Ideal for personal and profession...
A January ransomware attack at Frederick Health Medical Group has compromised the data of nearly 1 million patients, exposing sensitive personal and health information. #databreach
WorkComposer, a popular employee monitoring tool, leaked 21M+ real-time screenshots via an unsecured cloud bucket exposing sensitive data like passwords, emails, and IPs exposing 200K+ users. #databreach
Blue Shield of California exposed the protected health info of 4.7M members to Google Ads via misconfigured Google Analytics (April 2021–Jan 2024). Data includes claims, plan details, and more—SSNs & financials are unaffected. #databreach
