At a glance.
- Data breach prompts Discord.io to shut down for a security reset.
- Data exposed by UK constabularies.
- MOVEit-related incident affects Massachusetts residents.
Data breach prompts Discord.io to shut down for a security reset.
Discord.io has temporarily shut down after a cyberattack stole personal data belonging to some 760,000 members of the platform (who use it principally to send Discord invites). Dark Reading reports that the data lost include "usernames, Discord IDs, email addresses, billing addresses, and passwords as well as coin balances, API keys, registration dates, internal user IDs, and more." No paycard information was stored on the site. Discord.io is still investigating the breach, but it believes the root cause of the incident is a vulnerability in the site's code, which the platform is working to correct. Discord.io's website explains, "We will continue to investigate the possible causes of the breach, and we will take steps to ensure that this does not happen again. This will include a complete rewrite of our website's code, as well as a complete overhaul of our security practices."
Data exposed by UK constabularies.
The UK's Norfolk and Suffolk police constabularies have disclosed accidental exposure of personal data belonging to more than 1000 individuals. The constabularies explained, in a press notice, "A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FOI requests in question. The data was hidden from anyone opening the files, but it should not have been included." The exposure occurred between April 2021 and March 2022, in the course of responding to Freedom of Information (FOI) requests for crime statistics. The Register wearily observes that the incident follows recent data breaches at the Police Service in Northern Ireland (PSNI), which were larger and more consequential. Still, the incident in Norfolk and Suffolk is troubling, including as it did information pertaining to crime victims and witnesses. The BBC reports, "The data included personal identifiable information on victims, witnesses and suspects relating to a range of offences including sexual offences, domestic incidents, assaults, hate crime and thefts." Officials apologized for the breach, and have said that an investigation is in progress.
MOVEit-related incident affects Massachusetts residents.
134,000 Massachusetts residents have been affected by a data breach enabled by exploitation of the vulnerability in MOVEit software that's figured in other supply chain compromises. UMass Chan Medical School began informing affected individuals of the incident on Monday. Boston 25 News quotes Massachusetts state officials: “This incident was part of a worldwide data security incident involving a file-transfer software program called MOVEit, which has impacted state and federal government agencies, financial services firms, pension funds, and many other types of companies and not-for-profit organizations,” Axios reports that the data involved in the breach include "dates of birth, mailing addresses, Social Security numbers, medical details, and financial account information."