Ever wondered how TechCrunch verifies data breaches?

In this reporter's notebook, I look back at some of the biggest data breaches we've confirmed in recent years — including StockX, 23andMe, and a huge leak of U.S. military emails — and how we did it.

https://techcrunch.com/2024/03/15/how-to-verify-a-data-breach/

New, by me: A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users’ access to their Facebook, Google and TikTok accounts.

The SMS routing company's database was connected to the internet with no password.

More: https://techcrunch.com/2024/02/29/leaky-database-two-factor-codes/

New, by me: The U.S. DOD is notifying tens of thousands of people that their personal information was exposed in an email data spill last year.

TechCrunch learned that the breach disclosure letters relate to an unsecured U.S. government cloud email server (hosted by Microsoft) that was spilling sensitive emails to the open internet.

Anyone with the email server's public IP address could access the sensitive but unclassified emails inside using only a web browser.

More: https://techcrunch.com/2024/02/14/department-defense-data-breach-microsoft-cloud-email/

New, by me: The startup that develops the phone app for WinStar, dubbed the "world's biggest casino," has secured an exposed database that was left on the internet without a password.

The app maker, Dexiga, took the database offline after a security researcher found the leaking database.

Dexiga's CEO claimed the database contained "publicly available information." But it wasn't — the database contained customer names, phone numbers, and email and home addresses.

More: https://techcrunch.com/2024/02/09/winstar-hotel-casino-app-exposed-customer-personal-data/

New from 404 Media: inside the underground site where "neural networks" churn out fake IDs
- I tested the service, called OnlyFake, made two IDs in minutes
- I then used one to successfully bypass the identity verification check on a cryptocurrency exchange
- Massive implications for crime, cybersecurity. What does it mean for us when fake IDs are a mouse click away?

https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/

New, by me: VF Corp., the parent company of the popular apparel brands Vans, Supreme, and The North Face, said Thursday that hackers stole the personal data of 35.5 million customers in a December cyberattack.

More: https://techcrunch.com/2024/01/18/vf-corporation-vans-supreme-owner-data-breach-millions/

New: Travel giant Mondee has secured a publicly exposed database that was spilling sensitive customer information, including flight and hotel itineraries and unencrypted credit card numbers.

@hak1mlukha discovered the database, about 1.7 TB in size, and asked for help in alerting the company.

The database became inaccessible a short time after TechCrunch contacted Mondee for comment.

More: https://techcrunch.com/2023/08/02/mondee-data-exposed-credit-cards-flight-itineraries

New: Oil giant Shell exposed an internal database containing the personal information of electric vehicle customers who use its worldwide network of recharge stations.

More: https://techcrunch.com/2023/06/09/shell-recharge-security-lapse-exposed-drivers-data/