SecureFact – Cyber Security News – Week of May 19, 2025

In May 2025, claims surfaced that 89 million Steam account details, including phone numbers and expired 15-minute two-factor authentication (2FA) codes, were leaked and offered for sale on a dark web forum for $5,000 by a threat actor named “Machine1337.”
However, Valve confirmed that Steam’s core systems were not breached and that the leaked data did not include passwords, payment information, or direct account credentials.
The exposed information appears to have originated from a supply chain compromise involving unencrypted SMS messages passing through an intermediary service, not Steam itself. Twilio, initially suspected due to its role in SMS 2FA, denied any breach, and Valve stated it does not use Twilio.
Despite Valve’s assurances that accounts remain secure, users are advised to enable Steam Guard (Steam’s Mobile Authenticator) for stronger protection, change passwords if concerned, and remain vigilant against phishing attempts that may exploit leaked phone numbers.
The incident highlights risks in SMS-based 2FA and the broader telecom supply chain rather than a direct Steam platform compromise.

Coinbase experienced a serious insider-led data breach in 2025, where cybercriminals bribed overseas customer support agents to steal sensitive information of approximately 1% of its monthly active users-around 97,000 customers.
The compromised data includes names, addresses, phone numbers, emails, masked Social Security numbers, masked bank account details, government-issued ID images, account balance snapshots, and transaction history.
Importantly, no passwords, private keys, or customer funds were accessed. On May 11, Coinbase received a $20 million ransom demand from the attackers, which it refused to pay.
Instead, Coinbase established a $20 million reward fund to aid in the arrest and prosecution of those responsible. The company has terminated the involved employees, is cooperating with law enforcement, and committed to reimbursing customers who fall victim to related scams.
The breach is expected to cost Coinbase between $180 million and $400 million in remediation and customer reimbursements, marking one of the most significant security incidents in the crypto exchange sector.

House of Dior, the French luxury fashion brand, disclosed a cyberattack discovered on May 7, 2025, which exposed customer data primarily affecting its Fashion and Accessories customers in South Korea and China.
The compromised information includes full names, gender, phone numbers, email and postal addresses, purchase history, and customer preferences. Dior confirmed that no payment card details, bank account information, or passwords were accessed, as these were stored separately.
The company promptly contained the breach and engaged cybersecurity experts to investigate, while notifying relevant regulators and affected customers. Dior has advised customers to remain vigilant against phishing and impersonation attempts.
The incident has drawn scrutiny in South Korea for delayed notification to certain authorities, potentially resulting in fines. This breach adds Dior to a recent wave of cyberattacks targeting luxury retailers

Marks & Spencer has confirmed that personal customer data, including names, addresses, phone numbers, dates of birth, email addresses, online order history, and masked payment card details, was stolen during a recent cyberattack linked to the DragonForce ransomware group.
However, the company emphasized there is no evidence that payment or card details in usable form, nor account passwords, were compromised.
M&S has reset customer passwords as a precaution and notified all affected users. Despite the breach, M&S states customers do not need to take immediate action but should remain vigilant against phishing scams that may exploit the stolen personal information.
The retailer continues to face operational disruptions, including suspended online orders, while working with cybersecurity experts and authorities to manage the incident.

The Australian Human Rights Commission (AHRC) experienced a data exposure incident where 670 sensitive documents were inadvertently leaked online and indexed by major search engines between April 3 and May 5, 2025.
The leaked documents contained private information such as names, contact details, health data, schooling, religion, employment info, and photographs, impacting submissions from various projects and complaint periods dating back to 2021. The breach was caused by a misconfiguration rather than a malicious attack.
AHRC has since disabled all web forms, requested immediate removal of the documents from search engines, and launched an investigation with the Office of the Australian Information Commissioner (OAIC).
Affected individuals will be notified and provided with support, including mental health resources, while being advised to remain vigilant against scams.

Nucor Corporation, the largest steel producer in the U.S., is facing operational disruptions following a cybersecurity incident that led to unauthorized access to its IT systems.
In response, Nucor took affected systems offline and activated its incident response plan, temporarily suspending production at multiple locations. The company has engaged external cybersecurity experts and notified law enforcement to investigate the breach.
While the exact nature and date of the attack remain undisclosed, no ransomware group has claimed responsibility. Nucor is gradually restoring operations as it continues remediation efforts to contain and recover from the incident.