Top stories.
- Spotify shutters accounts behind major scraping operation.
- Aflac says June 2025 data breach affected 22.6 million individuals.
- US Justice Department distrupts bank phishing operation.
Spotify shutters accounts behind major scraping operation.
A group of hacktivists behind the file-sharing site Anna's Archive have published 86 million tracks scraped from Spotify, the Record reports. Spotify says the incident was not a hack, and that the songs were scraped via recording by user accounts over a period of months. A Spotify spokesperson told the Record that the company "has identified and disabled the nefarious user accounts that engaged in unlawful scraping," adding, "We’ve implemented new safeguards for these types of anti-copyright attacks and are actively monitoring for suspicious behavior."
Anna's Archive maintains that it's focused on preservation of media, but the site is banned in multiple countries for copyright infringement. The service emerged in 2022, days after the US Justice Department arrested and charged two Russian nationals for running the similar service Z-Library.
Aflac says June 2025 data breach affected 22.6 million individuals.
Insurance giant Aflac has published an update on a data breach the company sustained in June 2025, noting that the incident affected 22.6 million individuals. The company stated, "Following detection of the security incident, Aflac promptly secured accounts identified as potentially impacted and took additional steps, including resetting passwords and further monitoring for signs of suspicious activity. To date, Aflac is not aware of any fraudulent use of personal information and — along with third-party partners — will continue to monitor any fraudulent activity. Aflac has now completed a detailed review of the potentially impacted files, has begun the process of notifying individuals identified as impacted, and is detailing the resources we have made available."
TechCrunch notes that the breach affected "customer names, dates of birth, home addresses, government-issued ID numbers (such as passports and state ID cards) and driver’s license numbers, and Social Security numbers, as well as medical and health insurance information."
US Justice Department disrupts bank phishing operation.
The US Justice Department has seized a website that held a password database used in phishing attacks against US bank customers, SecurityWeek reports. The account takeover scheme resulted in "attempted losses of approximately $28 million dollars and actual losses of approximately $14.6 million dollars."
Justice stated, "The seized domain hosted a server that contained the stolen login credentials of thousands of victims, including the credentials of the victims mentioned above. Based on the FBI’s investigation, the seized domain continued to host a backend server used in furtherance of the bank account takeover fraud as recently as November 2025."
