Latest news with #dataLeak
Telegraph
12 hours ago
- Politics
- Telegraph
This is Watergate-level stuff, but Westminster won't call it so
Well, this isn't good. John Healey told a stunned Commons that, in 2022, a 'defence official' inadvertently emailed out the names of 18,714 Afghan asylum seekers, potentially sharing their 'contact details' with people who'd like to kill them. Britain might not be good at policing its borders but the Taliban sure are. We all make mistakes. Rob Jenrick keeps accidentally posting photos of himself in a state of undress, the latest being a Mr Darcy-style dip in the River Teme, glistening in trunks and a white towel. I texted him as soon as I saw it to say 'Rob, you're half-naked on Instagram'. He replied 'butterfingers!', wink, kiss and a flexing arm emoji. I fear we are only days from a leaked sex tape. Jenrick's party was in power when refugee data was apparently leaking like a Thames Water sewer. They plugged any gossip with a super-injunction. 'No government wishes to withhold information from parliamentarians, the public or the press,' lied Healey – that's the state's chief job! – so he was happy to un-injunct us and lay the facts bare. Thousands of Afghans affected by the leak have been offered refuge, we learnt; he put the cost at around £400 million. MPs asked if the official had at least been sacked, but Healey wouldn't say. He, she or they probably received counselling and a promotion, plus extra cash on Pips if they could pin it on anxiety. The mood in the House was odd. The Tories might have demanded greater clarity but held off. Labour could've wallowed in another inherited blunder, yet declined to gloat. Instead, the frontbenchers praised one another for their statesmanlike tone, leaving it to backbenchers Tan Dhesi and Emily Thornberry to express outrage. The Government endangered people's lives. It covered it up. It then paid millions to resettle the victims. This is Watergate-level stuff, but Westminster won't call it so because it's an indictment of a system and a philosophy – of open borders and never-ending wars – that almost all the parties endorse. Afghans worked with our Armed Forces, argued Catherine Atkinson, so we owe them a 'debt'. A rather high one, I'd say: tens of thousands have sought refuge here overall. How did we ever lose that war? It seems half the local population was on our side, working as translators for British soldiers who got sick of pointing and repeating in a louder voice. Afghanistan, far from being a fundamentalist backwater, must have the best education system in the world, given how many of the citizens are fluent in English. This scandal, argued Edward Leigh, is 'part of the Original Sin of us intervening militarily and then scuttling out' – and many voters would agree that we should never have been in the country in the first place. Anyone who knew about the history of Russia in Afghanistan knew it was unconquerable. Anyone who'd seen The Living Daylights could tell you it was a dump. Sir Edward hoped that Britain had 'got over the liberal imperial itch' and won't be meddling in any 'ungovernable countries' again. He didn't say if this includes meddling in Britain.
The Guardian
17 hours ago
- Politics
- The Guardian
Afghan nationals: have you arrived in the UK under the Afghan Response Route?
Thousands of Afghans have been relocated to the UK under a secret government scheme following a data leak. Personal information about more than 33,000 Afghans seeking relocation to the UK after the Taliban takeover was released in error by a defence official. Fears that the individuals named would be at risk from reprisals from the Taliban led the last government to set up a secret relocation scheme, the Afghan Response Route (ARR), involving 20,000 people. The secret scheme, which can only now be reported after a High Court judge lifted a superinjunction on Tuesday, was first obtained by the MoD in August 2023. The scheme is closing down but the government has said it will honour any outstanding offers. Have you arrived in the UK under the ARR? We would like to hear from any Afghans who have arrived in the UK under the ARR scheme or are due to come. You can share anonymously if you prefer Please include as much detail as possible. Please note, the maximum file size is 5.7 MB. Your contact details are helpful so we can contact you for more information. They will only be seen by the Guardian. Your contact details are helpful so we can contact you for more information. They will only be seen by the Guardian. If you include other people's names please ask them first. Contact us on Signal at +447766780300. For true anonymity please use our SecureDrop service instead. If you're having trouble using the form click here. Read terms of service here and privacy policy here.
South China Morning Post
07-07-2025
- South China Morning Post
‘Scripting error' in Hong Kong's HK Express led to access to private information
HK Express, the budget carrier of Hong Kong's Cathay Pacific Airways, mistakenly directed a member to log into another customer's account due to a 'scripting error', enabling him to access the other's personal information including their birth date, according to the privacy watchdog's latest investigations. Advertisement The other seven data leak cases revealed on Monday by the Office of the Privacy Commissioner for Personal Data included one involving CJ Plus Insurance, which sent documents printed on recycled paper that contained resumes and copies of Hong Kong IDs. 'In the digital age, organisations have generally strengthened their awareness and capability in protecting personal data,' Privacy Commissioner Ada Chung Lai-ling said. 'While most [of the eight] cases affected relatively few individuals, these incidents serve as a reminder to the public that information security risks can arise from any work process.' According to Chung, all eight incidents – including one concerning the government's Transport Department – involved negligence in following established procedures to prevent data leaks. Advertisement They were found to have contravened the requirements under the Personal Data (Privacy) Ordinance, such as by using personal data for a new purpose and not taking sufficient practical steps to prevent a data leak, according to the office.
The Sun
23-06-2025
- The Sun
Why your pics, texts and money are in danger after major ‘data leak' even if your info wasn't exposed
DON'T fall foul of a common scam after reports of a major online leak – even if you haven't had any private info exposed. Just last week, security experts said they'd uncovered as many as 16 billion leaked nuggets of personal info linked to popular apps and websites. 3 These reportedly included leaked logins – private usernames and passwords belonging to unsuspecting users. Security experts have debated over how "new" the info in the databases is – but one thing is certain: there's plenty of personal data circulating online. Chances are, at least some of your info will have been exposed over the years through a combination of breaches and leaks. But even if your data hasn't been exposed, this latest "database leak" still spells trouble for your online security, experts have told The Sun. That's because when there's news of a big "leak" like this, cybercriminals often target web users with related scams. Rik Ferguson, the VP of security intelligence at Forescout, told The Sun that this "opens the floodgates for scammers". "Honestly, it doesn't even matter that the data itself is mostly old, recycled, or even completely made up," Rik told The Sun. "The headline grabs attention, it spreads fast, and that's all the cybercriminals really need. "What we'll see now, almost guaranteed, is a wave of social engineering, things like fake tech support calls, emails claiming your accounts are compromised, texts that urge you to click a link "right now" to secure or update something." He added: "Cybercriminals don't need fresh data; they just need fresh worry. This kind of news gives them a credible excuse to contact people out of the blue, sounding plausible and urgent. Deepfakes more 'sophisticated' and dangerous than ever as AI expert warns of six upgrades that let them trick your eyes "So, the best advice is to slow down, take a breath. Treat unsolicited contact (or scare stories from well-meaning friends on Facebook) with a solid dose of cynicism. "Your first response might be to react quickly, especially if the message is laced with urgency or fear. But that urgency is the oldest trick in the book. Scammers rely on pressure. "They want you anxious, flustered, or off balance. They want you to be doing, not thinking. If someone's telling you to act immediately, that's your cue to pause." For instance, you might see tech support scams or "infected computer" warnings. Criminals will be hoping that you're worried enough about the news of a leak that you might act without thinking – clicking on a dodgy link or calling a number because you're worried about your cybersecurity. For instance, after the Marks & Spencer cybersecurity incident, experts warned of the danger of crooks taking advantage of the confusion around the attack. "Stay vigilant for phishing messages pretending to be from M&S or other companies you've dealt with," said NCC Group threat intelligence head Matt Hull. A similar warning came from Check Point's Charlotte Wilson, who said: "We often see a spike in phishing emails, fake delivery texts and scam calls after breaches like this, particularly when order history or usernames are involved." 3 And the same advice is true for this latest news: it's a prime chance for crooks to trick concerned users into making a mistake. "Discoveries like this breach are a pertinent reminder of just how easy it is for sensitive data to be unintentionally exposed online," said Keeper Security chief Darren Guccione. He added: "When login data is left unprotected, it can provide fuel for phishing attacks, account takeovers and identity fraud." But some experts suggested there wasn't any major reason to panic. Brian Higgins, of Comparitech, told The Sun: 'The data referenced in the media is an amalgamation of several previously reported incidents. 'So it's reasonable to expect that any users affected should have been aware of the problem and taken action when the individual threats were first identified "The knee-jerk headlines may well fuel a slight uptick in activity from unscrupulous vendors or cyber criminal organisations. 'There's a possibility some may exploit the fact that the data has been collected in a single repository, for example. Still, since it's not a new breach and the facts are slowly becoming clearer, it's doubtful any major impact will ensue." HOW TO SPOT THE SIGNS OF A TECH SUPPORT SCAM Tech support scams can work in several different ways. But they all have the same end goal: to scoop up your info, put dangerous "malware" on your devices, or steal your money. You might receive a message over text or email – or even a phone call – saying that your device has been compromised. DON'T PANIC – BUT ACT FAST Here's advice from The Sun's tech editor Sean Keach... This is a massive breach of privacy – it's not the first, and it won't be the last. There's no surefire way for you to avoid being caught up in an attack like this, and you can't take back the info now it's out there. But what you can do is safeguard yourself against sinister crooks using this info against you. Step 1 The main fear here is that criminals have bagged a load of passwords. That's why you need to switch on two-factor authentication on every account that you have. Normally that's a login code that is sent to you via SMS text. They prevent crooks from logging into your account even if they know your password. Step 2 Even better, don't bother with SMS and use a proper authenticator – like the Google Authenticator, a free app that you can download right now. This generates the same kind of log-in code, but it's safer than SMS, which is an old and more easily-hacked system. Step 3 Also, make absolutely sure that you're not re-using passwords anywhere. If crooks have one password and you've re-used it, they now have access to several of your accounts. Use a password manager like your iPhone's iCloud Keychain or the Google Password Manager. They will generate strong and unique passwords for all of your accounts – and then remember them so you don't have to. Picture Credit: Sean Keach And you'll be asked to hand over a log in, install some kind of security software, or making a tech support payment. Depending on what you hand over, you could find your online accounts broken into, your bank balance wiped out, or your computer spied on. Once a crook breaks into your accounts or device, they can potentially spy on your texts or photos, make purchases, and so much more – so not falling for scams is extremely important. Never hand over any info or money to someone who has contacted you out of the blue. If they're claiming that they're from a reputable organisation – like Microsoft or Apple – then you'll want to contact the company directly using the number on their official website. Don't use any contact info that you've been sent by a stranger, as it's easily faked. "Whether it's an email that looks like it's from your bank, a text pretending to be your delivery service, or a call claiming to be tech support, the smart move is always the same, don't respond directly, go to the source," Rik told The Sun. "Log in via the official website, not a link you received out of the blue. Call the company back on a number you already know or can find on their website. "Or just check in with someone you trust, a quick gut-check with a colleague or friend can save you a whole world of pain." If someone is rushing you into making a decision, especially when private info or money is involved, then that's a major red flag that something is amiss. Reputable cybersecurity and tech companies won't just text you out of the blue to tell you that you've been hacked and need to pay a fee. And if they're asking you to click a link to install an app on your machine, that's a clear warning sign that they're trying to compromise your device. If you ever install any cybersecurity software, do so by going to the official website of a reputable company. Don't install anything sent to you by a stranger – it's dangerous. If you're worried that you've been caught up in a breach, there's an easy way to check. Go to the website HaveIBeenPwned here. This website tracks lists of leaks and breaches over the years. 3 And you can enter your email address to see if it's been caught up in any. You'll be able to see the exact leak that your email was exposed in, as well as any linked data – like an address, phone number, or password. The website will also send you alerts when your email address is found in another leak or breach. That way, you can quickly react and change your password, add two-factor authentication (like a text code) for logging in, and locking down your accounts. EXPERT VIEW – THE SECURITY ADVICE Here's what Rik Ferguson, VP of security intelligence at Forescout, told The Sun... "For what it's worth, anyone is a potential victim, even me after 30 years in the business, so don't beat yourself up," Rik said. "Last year I fell for a coincidentally well-timed SMS phishing message and gave away my Netflix password before I stopped to think. "What saved me? I use a password manager, so every website has a different, unique password. "That slip didn't snowball into something worse." He gave The Sun the following advice: Don't reuse passwords. Use a unique one for every website. Built-in or third-party password managers can help. Writing them down at home is also fine, just keep the list secure. Stronger beats newer. A long, randomly generated password is better than changing a weak one regularly. Don't click unknown links. If you weren't expecting it, ignore it. Go directly to the official website or make a call instead. Turn on two-factor authentication wherever possible, it's simple and effective. Warn others. Talk to friends and family. Scams spread faster when people don't know what to look for. Picture Credit: Forescout
Yahoo
21-06-2025
- Yahoo
A massive trove of 16 billion stolen passwords was discovered — here's what to do
Researchers say they uncovered a massive data leak exposing 16 billion login credentials. The leak involves logins for platforms like Apple, Gmail, and Facebook, posing security risks. Companies advise using two-step authentication and passkeys to protect your accounts. Researchers say they've uncovered one of the largest data leaks in history that involves many popular platforms. The leak includes nearly 16 billion login credentials that could give cybercriminals access to social media and business platforms such as Apple, Gmail, Telegram, Facebook, GitHub, and more, researchers at Cybernews said this week. Bad actors now have "unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing," the researchers said. The number of exposed people or accounts is unknown. The researchers said the data likely comes from malicious software known as infostealers. "What's especially concerning is the structure and recency of these datasets — these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale," the researchers said. Cybernews said researchers uncovered the leak when the datasets were exposed for a short period of time. It follows the May discovery of a database containing more than 184 million credentials, including Apple, Facebook, and Google logins, Wired earlier reported. If you're nervous that your logins are at risk, there are steps you can take to make your account safer. You can't unring the bell of an information leak. However, you can take steps to identify if your credentials have been involved in any data breaches and protect yourself in the future. You can check sites like Have I Been Pwned to see if your email has appeared in a data breach. Turning on two-step authentication for your accounts can also help protect them from unauthorized access. Platforms also offer resources to help users secure their accounts. Google encourages users to use protections that don't require a password, like a passkey. It's one of the tech giants, along with Apple, Amazon, and Microsoft, that have been working to move users away from passwords to help secure their accounts. For those who prefer to stick with passwords, Google's password manager can store login credentials and notify users if they appear in a breach, a spokesperson told Business Insider. There's also Google's dark web report, a free tool that tracks whether personal information is floating around in online databases. GitHub, an online coding platform, offers developers a guide on how to implement safety measures in their organizations. The site recommends creating a security policy, having strict password guidelines, and requiring two-factor authorization. The data leak included logs — "often with tokens, cookies, and metadata," which makes it "particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices," the Cybernews team said. Meta offers a Privacy Checkup tool for users to review their privacy and security account settings. There, you can turn on two-factor authentication and ensure Meta alerts you of unusual logins. Meanwhile, Telegram said its primary login method sends a one-time password to users over SMS. "As a result, this is far less relevant for Telegram users compared to other platforms where the password is always the same," a Telegram spokesperson told BI about the data leak. Apple, GitHub, and Meta did immediately respond to a request for comment on the data leak. Google said it was directing users to some of the security resources above. Read the original article on Business Insider
