The attackers claim it includes the source code for D-View network management software, as well as three million pieces of data involving personal information about customers and employees, including details of many Taiwan government officials and the company’s CEO.

D-Link has now confirmed that the data breach is real. Contrary to the attackers’ claims, however, D-Link says that its infected system contained only about 700 records, and that those records had been sitting idle for at least seven years.

“These records originated from a product registration system that expired in 2015. In addition, most of the data consisted of low-sensitivity and semi-public information.”

D-Link also suspects that the hackers intentionally altered the timestamps of recent logins to create the illusion of recent data theft.D-Link also emphasized that the majority of existing customers are unlikely to be affected by the incident.

According to reports, the data breach was caused by a phishing attack on a D-Link employee, which allowed the attacker to access the company’s network.

In response to the data breach, D-Link immediately shut down potentially affected servers and disabled all user accounts other than the two used during the investigation.

D-Link also noted that the hackers accessed a product registration system within a “lab test environment” running on an older D-View6 system that was phased out in 2015.

THIS IS A SPONSOR PROMOTION: >>>>>>>>>>>>>

Geekwills is an online shop that connects consumers with millions of products and brands around the world with the mission to empower them to live their best lives. Geekwills is committed to offering the most affordable quality products to enable consumers and sellers to fulfill their dreams in an inclusive environment.

The post D-Link confirms data breach occurred appeared first on TechGoing.

Sony stated that the intrusion was initiated by attackers through a zero-day vulnerability in the MOVEit Transfer platform. The vulnerability tracking number is CVE-2023-34362, which is a high-risk SQL injection vulnerability that can remotely execute arbitrary code.

It was reported in July this year that the Clop ransomware group used this vulnerability to launch large-scale attacks, endangering brands such as the cosmetics brand Estee Lauder.

The Clop ransomware group launched the intrusion on May 28 this year. Sony discovered the attack three days later, in early June, and discovered unauthorized downloads. Sony subsequently temporarily disconnected the Internet and fixed the related vulnerabilities.

The post 6,791 people affected, Sony confirms May data breach appeared first on TechGoing.

A total of 75,735 people were affected by the data breach, including nine residents of the US state of Maine, the notification said. These individuals all appear to be current or former Tesla employees.

Tesla wrote to affected users on August 18, “A media outlet called Handelsblatt notified Tesla on May 10, 2023 that it had obtained Tesla’s confidential information.” “The investigation revealed that two former Tesla employees appropriated and shared this information with the media in violation of Tesla’s information technology security and data protection policies.”

The letter also noted that Tesla had filed a lawsuit against the two former employees, but did not specify in which jurisdiction. The lawsuit filed by the company resulted in the seizure of electronic devices believed to contain company information, the letter said.

“Tesla has also obtained a court order prohibiting any further use, access or dissemination of this data by these former employees, subject to criminal penalties,” the letter reads. “Tesla is cooperating with law enforcement and outside experts and will continue to take appropriate steps as necessary.”

Tesla data privacy officer Steven Elentukh did not immediately respond to an email seeking comment on Sunday.

The post Tesla data leak affects more than 75,000 people appeared first on TechGoing.

A TSMC spokesperson said that the cybersecurity incident resulted in a data leak “related to the initial server settings and configuration,” but TSMC customer information was not affected.

TSMC’s official statement as follows:

TSMC has reviewed the cybersecurity incident, which did not affect TSMC's business operations and did not leak any of TSMC's customer information.

TSMC terminated the data exchange with the vendor immediately after the incident in accordance with the company's security protocols and standard operating procedures.

Ransom group LockBit claimed responsibility for the security incident, officially listing the data on its website and demanding a ransom of $70 million.

LockBit says it will also release passwords and login information if TSMC doesn’t pay. lockBit says the data in question was stolen from Kinmax Technology, which provides networking, cloud computing, storage and database management IT services for TSMC.

The post TSMC was attacked, hackers demanded $70 million ransom with data threats appeared first on TechGoing.

Brett Callow, a researcher at security analyst firm Emsisoft, revealed that he recently received a letter from logistics company UPS Canada advising users to be on the lookout for SMS scams and phishing emails during this time.

The company’s website has been updated with the latest news.

The company’s website has been updated with the latest news and information.

The company’s main business is to provide customers with information about the company’s business. The hacker used UPS’s information search tool from February 1, 2022 to April 24, 2023 to obtain a large amount of private data containing various information about the sender, and packaged the data for sale.

The company’s data is being sold.

The company’s Canadian customers’ business will still be affected by the incident, although Brett Callow believes that UPS did not directly state in the notification letter that “our company’s information was compromised” in order to “prevent user accountability.

The post Logistics company UPS hacked, information leaked, Canadian customer’s business threatened appeared first on TechGoing.

Toyota announced that about 2.15 million customer information had been made public in the past 10 years due to cloud platform processing errors. Information including names, addresses, phone numbers, email addresses, vehicle locations, and license plate numbers may have been leaked.

According to the report, the information leak involved the purchase of 10 models including Lexus LS, IS, and GS, and about 260,000 users who updated relevant data between February 9, 2015 and March 31, 2022. Toyota said that unclear rules on customer data storage and negligence in internal management were the main reasons for the information leak. Toyota has introduced a cloud-based monitoring system and has blocked network access from outside the company after discovering a possible leak of information. Japan’s “Mainichi Shimbun” reported that the information leak affected not only Japanese customers, but also customers from Asian and Oceanian countries.

Naoki Asakawa, editor-in-chief of Japan’s “Nikkei Computer”, commented that it is best for Toyota to clarify what information can be disclosed and what cannot be disclosed, so as to dispel customers’ concerns. Some analysts say that in the era of intelligent networking, more and more car functions will adopt the “cloud control” method, and car companies will face greater challenges in data security.

The post Toyota’s Information Breach Again: 2.41 Million Vehicle Owners’ Information was made public appeared first on TechGoing.

The company’s hacks were in August last year, December last year and February this year.

In August last year, a LastPass employee’s account was hacked, which led to the release of some internal software and technical information, eventually leading to the disclosure of “user’s company name,” “email address,” “IP information,” and “credit card information, “IP information”, “home address”, “passwords”, and “vault” were illegally copied;

In December of last year, hackers compromised LastPass’ third-party storage servers and obtained some of its customers’ critical information;

In February of this year, hackers stole valid credentials from a senior DevOps engineer to gain access to the repository again and accessed users’ cloud storage environments through shared data.

▲ Image source LastPass

LastPass was hit with a class action lawsuit in both January and April of this year, when an anonymous user who goes by the name “John Doe” filed a class action lawsuit against LastPass in Massachusetts, claiming that “LastPass LastPass data breach resulted in the theft of $53,000 worth of bitcoin assets.

In January of this year, a number of LastPass users filed a lawsuit in California court, claiming that “LastPass’ lax and unreliable security policies have made sensitive user data accessible to unauthorized persons since August 2022. Only months after the password breach did LastPass release a statement about the breach of critical user information and “attempt to shift the blame to the user.”

▲ Picture source Wladimir Palant’s personal blog

Security expert Wladimir Palant analyzed the LastPass data breach and said “several password breaches at LastPass may have allowed hackers to use the data to build a complete password archive”; another security expert, Jeremi M Gosney, said, “LastPass’ repository (Vault) only sounds secure by name and recommends that users switch to another reliable password management tool.”

▲ Image Source Jeremi M Gosney

The post LastPass Password Management Software Faces User Class Action Lawsuit appeared first on TechGoing.

Toyota said in a statement that the cause of the customer data breach was a setup error in the cloud environment. The content that was leaked included vehicle numbers and location information. Toyota responded that the information was for internal management and would not be traced to individual customers.

The data breach covered approximately 2.15 million subscribers to Toyota’s T-Connect, G-Link, G-Link Lite and G-BOOK telematics services from January 2, 2012 to April 17, 2023, It is learned from a Toyota Connect briefing document. Also affected are recordings of car recorders uploaded to the cloud using the enterprise services provided by Toyota Connect between November 14, 2016 and April 4, 2023, which can also be publicly accessed on the Internet.

The company also said that the system error has now been fixed and that there is no confirmed wrongful use of the data.

The post Toyota mistakenly published 2.15 million customer information on the Internet appeared first on TechGoing.

Western Digital issued an official announcement on May 5, acknowledging that a “third party” had accessed a database containing information about Western Digital’s online store, and the announcement as follows:

On March 26, 2023, we discovered a cybersecurity incident in which an unauthorized third party gained access to multiple company systems.

On April 2, 2023, we implemented incident response efforts following the discovery of this incident and initiated an investigation with the assistance of security industry experts. This investigation is ongoing and includes analysis to understand the nature and extent of the data obtained by unauthorized parties.

As a precautionary measure to protect our business operations, the company proactively disconnected its systems and services from the public Internet. We are gradually completing the recovery process, and most of the affected systems and services are now operational. Our facilities have been operating throughout the incident and are shipping products to meet customer demand. Although initially impacted by our proactive measures, My Cloud services have been restored as of April 13, 2023. Account access to the Western Digital Online Store was also impacted and is expected to be restored the week of May 15, 2023.

We have worked with outside forensic experts to confirm that an unauthorized party obtained a copy of the database used for our online store, which contains some personal information of online store customers. This information included customer names, billing and shipping addresses, email addresses, and phone numbers. In addition, the database contains hashed and obfuscated passwords in encrypted format and some credit card numbers. We will communicate directly with affected customers.

Regarding reports of possible fraudulent use of digital signature technology allegedly belonging to Western Digital in consumer products, we have control over the digital certificate infrastructure. We can revoke certificates as needed if precautions need to be taken to protect customers.

The post Western Digital admits to user data theft, including names, emails, phone numbers and more appeared first on TechGoing.

The motivation for snooping is also very telling. The report data shows that 59% are regular curiosity and 56% suspect that the voyeur has misbehavior.

Most people claim that they snooped because they wanted to see chat messages, including text messages, emails, social media messages, and so on. Respondents said that they would be curious about what their partners, friends, and family members said to other people, and wanted to know their thoughts.

53% of snooping results in finding something bad, such as partner infidelity, digital flirting, or evidence of cheating.

More than a third reported feeling no regret or remorse after the snooping, suggesting they may have felt rational in their actions or endorsed the snooping.

The post 82% of Americans have snooped on someone else’s phone or computer, study says appeared first on TechGoing.