PowerSchool hacker claims they stole data of 62 million students
- The recent cyberattack on PowerSchool, a major provider of educational software, has led to the alleged theft of personal data from 62.4 million students and 9.5 million teachers.
- The breach was disclosed on January 7, 2025, after hackers accessed the company’s customer support portal using stolen credentials, allowing them to download sensitive information from various school districts’ databases.
- The hacker’s extortion demand indicated that data from 6,505 school districts across the U.S., Canada, and other countries was compromised.
- Notable affected districts include the Toronto District School Board, which had over 1.4 million students impacted, and the Dallas Independent School District, with approximately 787,000 students affected.
- PowerSchool has stated that while they cannot confirm exact numbers due to ongoing investigations, they believe that less than a quarter of the impacted students had their Social Security Numbers exposed.
- In response to the breach, PowerSchool will offer two years of complimentary identity protection and credit monitoring services to those affected and will notify relevant authorities and stakeholders.
UnitedHealth confirms 190 million Americans affected by Change Healthcare data breach
- UnitedHealth Group has confirmed that a significant data breach at Change Healthcare has affected approximately 190 million Americans.
- The breach, which was disclosed on January 24, 2025, involved unauthorized access to sensitive personal information, including names, addresses, dates of birth, and Social Security numbers.
- The company stated that they are actively investigating the incident and have implemented measures to enhance security and prevent future breaches.
- UnitedHealth emphasized their commitment to protecting customer data and will provide updates as more information becomes available.
- This breach marks one of the largest healthcare-related data compromises in recent history, raising concerns about the security of personal health information across the industry.
Cloudflare CDN flaw leaks user location data, even through secure chat apps
- A recently discovered flaw in Cloudflare’s content delivery network (CDN) poses a risk of exposing users’ general location data through secure messaging platforms like Signal and Discord.
- This vulnerability allows attackers to infer a user’s geographic region by sending them an image, which can trigger a deanonymization attack without user interaction, classifying it as a zero-click attack.
- The researcher, Daniel, found that by leveraging a bug in Cloudflare Workers, he could manipulate requests to route through specific data centers.
- This method enables the attacker to identify the nearest airport code based on the CDN’s response, providing location accuracy within 50 to 300 miles.
- The flaw is particularly concerning for privacy-sensitive individuals such as journalists and activists, while it could assist law enforcement in tracking suspects.
Account Credentials for Security Vendors Found on Dark Web
- A recent report by Cyble reveals that account credentials from major cybersecurity vendors are being sold on dark web marketplaces, with prices starting as low as $10.
- The leaked credentials primarily belong to customers but also include alarming numbers from the vendors themselves, exposing sensitive internal accounts related to enterprise and security systems.
- The report highlights that the credentials were likely harvested through infostealer malware infecting customer devices.
- Cyble examined leaks from 14 cybersecurity vendors, including CrowdStrike, Palo Alto Networks, and McAfee, noting that all had both customer and internal credentials compromised this year.
- Notably, McAfee reported over 600 leaks, while CrowdStrike had more than 300.
- These leaks could potentially allow hackers to conduct reconnaissance on targeted organizations by revealing system information and vulnerabilities.
HPE Investigates After Alleged Data Breach
- Hewlett Packard Enterprise (HPE) is currently investigating an alleged data breach that reportedly exposed sensitive customer information.
- The company has not confirmed the specifics of the breach or the extent of the data compromised.
- HPE stated that they are working diligently to assess the situation and are collaborating with cybersecurity experts to understand the incident better.
- The investigation follows claims made by a hacking group that they have obtained HPE data, which they are threatening to release unless a ransom is paid.
- HPE has reassured its customers that it takes such incidents seriously and is committed to maintaining data security and integrity.
- As of now, there are no indications of any operational disruptions within HPE’s services, and the company is focused on ensuring that any vulnerabilities are addressed promptly.
- Further updates will be provided as the investigation unfolds.