On January 20, Cybernews researchers discovered a publicly accessible AWS Storage bucket belonging to FreshBooks. While it mainly stored images and metadata of FreshBooks’ blog, among the leaked data, were backups of the website's source code and related database. One of the databases contained information about the site, its configurations, and data of 121 WordPress users. Names, usernames, email addresses, and hashed passwords of the site’s administrators, writers, and editors were exposed. The leaked passwords were hashed using the easily crackable WordPress MD5/phpass hashing framework leaving users’ accounts vulnerable to hijacking.
The Post Millennial hack leaked data impacting 26 million people
ESET repports that OilRig’s persistent attacks using cloud service-powered downloaders
Freepik and Flaticon suffer data breach; 8.3 million users affected