A security researcher discovered that IPv6's massive address space combined with a botguard bypass could expose any Google user's phone number. The vulnerability allowed attackers to potentially leak phone numbers through systematic enumeration of IPv6 addresses.
DDoSecrets has released 410 GB of heap dump data obtained from a hack of TeleMessage's archive server. The data includes information from the company's customers, which reportedly include law enforcement agencies and financial institutions.
TeleMessage's customer list includes DC Police, Andreessen Horowitz, JP Morgan, and hundreds of other organizations, according to analysis of 410 GB of Java heap dumps from the company's archive server.
A security researcher discovered that BrowserStack is leaking users' email addresses. The researcher uses unique email addresses for each service and identified BrowserStack as the source of email leaks. This allows tracking which services are responsible for data exposure.
Micah Lee has created an open source research tool called TeleMessage Explorer to analyze data from a massive hack of TeleMessage, the company behind a modified Signal app used by Trump's former national security advisor Mike Waltz.
Apollo.io claims to have obtained the author's phone number from Parsely, Inc (wpvip.com), which participates in Apollo's customer contributor network by sharing data. The author questions whether WordPress VIP leaked their personal information.