Try it
See a demo
Try it
See a Demo
sf-1 4
February 2, 2026
Alex Ramaiah

SecureFact – Cyber Security News – Week of February 02, 2026

Marquis blames ransomware breach on SonicWall cloud backup hack

  • Marquis Software Solutions, a Texas-based financial services provider serving over 700 banks and credit unions, suffered a ransomware attack in August 2025 that impacted dozens of U.S. financial institutions.
  • The company now attributes the breach to attackers who used configuration data stolen from SonicWall’s MySonicWall cloud backup service breach in September.
  • The ransomware operators circumvented Marquis’s firewall by leveraging stolen configuration data rather than exploiting unpatched vulnerabilities.
  • The attack affected the company’s data analytics, compliance reporting, CRM tools, and digital marketing services used by financial institutions across the United States.
  • Marquis has engaged third-party investigators to assess the full scope of the incident and is evaluating legal options against SonicWall for potential cost recovery.
  • The company provides services to more than 700 banks, credit unions, and mortgage lenders nationwide.
  • SonicWall’s September breach affected all customers using its cloud backup service, with threat actors able to extract access credentials and tokens.
  • The incident highlights the cascading impact of supply chain security breaches on downstream customers in the financial services sector.

*Source

 

Panera Bread breach impacts 5.1 million accounts, not 14 million customers

  • The ShinyHunters extortion gang breached Panera Bread’s systems in January 2026, stealing data from 5.1 million unique user accounts, not the initially reported 14 million customers.
  • The attackers gained access through a Microsoft Entra single sign-on (SSO) code as part of a voice phishing campaign targeting SSO accounts.
  • The stolen data includes email addresses, names, phone numbers, and physical addresses of customers, along with over 26,000 unique panerabread.com employee email addresses.
  • ShinyHunters leaked nearly 760 MB of documents on their dark web site after Panera refused to pay the ransom demand.
  • The breach was part of a broader campaign targeting over 100 high-profile organizations through vishing attacks on Okta, Microsoft, and Google SSO systems.
  • Panera operates nearly 2,300 bakery-cafes across 48 U.S. states and Ontario, Canada.
  • The company confirmed the breach to authorities and stated that the compromised data consisted of contact information.
  • Have I Been Pwned service confirmed the breach affected 5.1 million unique email addresses along with associated account information.
  • This represents the second major security incident for Panera following a March 2024 ransomware attack that caused a nationwide IT outage.

*Source

 

NationStates confirms data breach, shuts down game site

  • NationStates, a multiplayer browser-based government simulation game, confirmed a data breach after an unauthorized user gained access to its production server and copied user data.
  • The incident occurred on January 27, 2026, when a vulnerability researcher exceeded authorized boundaries while testing a critical bug in the “Dispatch Search” feature introduced in September 2025.
  • The attacker chained insufficient input sanitization with a double-parsing bug to achieve remote code execution on the main production server.
  • The exposed data includes email addresses (including historical addresses), MD5 password hashes, IP addresses used for login, and browser UserAgent strings.
  • The breach also potentially exposed some telegram (private messaging) data after the attacker attempted to access the telegrams server.
  • NationStates took the website offline and is completely rebuilding the production server on new hardware while conducting security audits and upgrading password security from the obsolete MD5 hashing protocol.
  • The company reported the incident to government authorities and expects the site to be restored within two to five days.
  • Users will be able to reset passwords and check their stored data once the platform is restored.
  • The breach represents the first critical security incident in the site’s history, affecting an undisclosed number of user accounts.

*Source

 

Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match

  • Match Group, owner of popular dating services including Tinder, Match.com, Hinge, Meetic, and OkCupid, confirmed a cybersecurity incident that compromised user data from multiple platforms.
  • The ShinyHunters threat group leaked 1.7 GB of compressed files allegedly containing 10 million records of user information from Hinge, Match, and OkCupid, along with internal documents.
  • The attackers gained access by compromising an Okta SSO account through voice phishing, which provided access to the company’s AppsFlyer marketing analytics instance and cloud storage accounts.
  • Match Group disputed claims that Google Drive and Dropbox files were accessed during the investigation.
  • The company stated that hackers stole a “limited amount of user data” consisting primarily of personally identifiable information and tracking data, but no login credentials, financial information, or private communications were accessed.
  • Match Group generates $3.5 billion in annual revenue and serves over 80 million active users across all its dating applications.
  • The attack was part of ShinyHunters’ broader vishing campaign using the phishing domain ‘matchinternal.com’ to target SSO accounts.
  • The company acted quickly to terminate unauthorized access and is notifying affected individuals as appropriate.
  • External security experts are assisting with the ongoing investigation into the full scope of the breach.

*Source

 

Nike investigates data breach after extortion gang leaks files

  • Nike is investigating a “potential cyber security incident” after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant.
  • The extortion group claimed to have stolen nearly 190,000 files containing corporate data about Nike’s business operations before adding the company to their dark web leak site.
  • World Leaks later removed Nike’s entry from their leak site, suggesting potential negotiations or ransom payment, though Nike has not confirmed the authenticity of the stolen data.
  • The attack was carried out by World Leaks, believed to be a rebrand of the Hunters International ransomware group, which shifted from file encryption to data theft and extortion-only attacks in January 2025.
  • BleepingComputer could not independently verify whether the leaked files contained legitimate Nike data at the time of reporting. Nike stated they “always take consumer privacy and data security very seriously” and are “actively assessing the situation” with their incident response procedures.
  • The company has not disclosed what type of data may have been compromised or the number of individuals potentially affected. World Leaks has previously targeted major organizations including the U.S. Marshals Service, Tata Technologies, and Navy contractor Austal USA.
  • The group has published data from dozens of organizations worldwide on its data leak site since emerging as a rebrand.

*Source

Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts

  • SoundCloud confirmed a data breach affecting 29.8 million user accounts (approximately 20% of all users) after the ShinyHunters extortion gang breached the audio streaming platform’s systems in December 2025.
  • The stolen data includes email addresses, geographic locations, names, usernames, profile statistics, avatars, follower and following counts, and in some cases, users’ countries.
  • SoundCloud detected unauthorized activity involving an ancillary service dashboard and activated incident response procedures immediately.
  • The company confirmed that no sensitive data such as financial information or passwords was accessed, with the breach limited to email addresses and publicly visible profile information.
  • ShinyHunters attempted to extort SoundCloud and deployed email flooding tactics to harass users, employees, and partners when ransom demands were not met.
  • The breach initially caused widespread 403 “Forbidden” errors for users connecting via VPN services. SoundCloud, founded in 2007, provides access to over 400 million tracks from more than 40 million artists worldwide.
  • Have I Been Pwned confirmed the breach affected 30 million unique email addresses along with associated profile data.
  • The attackers later publicly released the stolen data after failed extortion attempts.
  • SoundCloud published a security notice confirming the incident details and has implemented additional security measures to prevent similar breaches.

*Source

By Alex Ramaiah