Data breaches are like uninvited guests at a party – they show up unexpectedly, take what they want, and leave a big mess behind. This April, the party crashers were particularly busy, leaving a trail of exposed information in their wake. We at WeSecureApp are here to break down the data downpour of April 2024 and help you stay safe from the storm. Let’s dive in.

1. OWASP Acknowledges Data Leak from Old Wiki

The Open Web Application Security Project (OWASP) acknowledged the exposure of member resumes due to a misconfiguration on an old wiki server. Resumes likely contained names, emails, and phone numbers from members between 2006 and 2014.  OWASP emphasizes this was not a breach but a leak, and is taking steps to strengthen security and remove exposed information.

2. PandaBuy Breach Exposes 1.3 Million Users’ Data

A data security breach on PandaBuy, a platform for international shoppers, compromised the personal information of over 1.3 million users. Hackers exploited vulnerabilities to access user details including names, emails, phone numbers, and order history. The company has yet to officially comment, but reports suggest they may have attempted to downplay the incident.

3. Prudential Confirms Data Breach Affecting 36,000 Customers

Prudential Insurance revealed a data breach in February 2024 where hackers accessed the personal information of over 36,000 individuals. The exact nature of the exposed data remains unclear but includes names, addresses, and driver’s license numbers. This incident underscores the critical need for robust cybersecurity measures in the financial sector.

4. Fortinet Flaw Targeted in New Cyber Attack Campaign

Malicious actors are leveraging a critical vulnerability (CVE-2023-48788) in Fortinet’s FortiClient EMS devices to compromise systems. This flaw allows them to remotely install tools like ScreenConnect for remote desktop access and Metasploit for further attacks within the network. Organizations with unpatched Fortinet devices are at risk.

5. Hackers Target WordPress Sites with Crypto-Stealing Malware

Thousands of WordPress sites are infected with “crypto drainers,” malicious code that steals cryptocurrency from unsuspecting visitors. Hackers initially used malvertising to spread the infection. Now, compromised sites display fake NFT and discount pop-ups to trick users into linking their wallets, allowing automatic theft. Regularly update WordPress and plugins to minimize risk. 

6. Millions of Discord Users’ Messages Sold on Spy.pet

Millions of Discord users’ messages are reportedly for sale on a website called Spy.pet. This data breach compromises public messages from hundreds of millions of users, potentially including personal details. While the legality is murky, Discord is investigating and users should be cautious about what they share on the platform.

Final Words

Don’t let your company become a statistic! April’s breaches exposed millions, and the threat is real. Take control with WeSecureApp’s expert penetration testing. Our ethical hackers mimic real attacks, finding weaknesses before criminals do. WeSecureApp: Empower your cybersecurity and prevent tomorrow’s headline. Contact us today!

Recommended Reading

Beyond Breach: The Aftermath of a Cyberattack

How to Prepare for a Data Breach before it Happens

Why WeSecureApp Rocks at Busting Payment Tampering Vulnerabilities

The post Data Breaches in April 2024 – Infographic appeared first on WeSecureApp :: Simplifying Enterprise Security.

*** This is a Security Bloggers Network syndicated blog from WeSecureApp :: Simplifying Enterprise Security authored by Shubham Jha. Read the original post at: https://wesecureapp.com/blog/data-breaches-in-april-2024-infographic/