A dark‑web post by the BellaSwanLeak group alleges possession of about 2.46 billion TikTok user records, prompting TikTok's swift denial, a detailed analysis of possible scraping or third‑party sources, risk implications for overseas businesses, and practical self‑protection steps.
A threat actor named MrLucxy is selling a purported "OpenAI dataset" on the dark web, claiming a compressed size of about 14.6 GB and over 62 GB uncompressed, containing chat logs, Slack exports, internal tickets, infrastructure SQL dumps, contractor PII, API key files, and monitoring data, but a veteran security analyst doubts its authenticity, noting the unusually large 8 MB API‑key file and suggesting it may be repackaged old leaks or fabricated data, as reported by Undercode News.
In early 2026 a rival hacker group released 918 previously paid breach databases for free on Telegram, exposing internal disputes within ShinyHunters and aiming to cripple their attempt to revive BreachForums by making the data openly available.
Microsoft inadvertently exposed 38 TB of private data, including employee passwords, private keys, and over 30,000 internal Teams messages, due to a misconfigured Azure SAS token in a public GitHub repository, prompting security researchers to alert the company and prompting Microsoft to revoke the token and tighten SAS best practices.
A recent OpenAI investigation revealed that a bug in the redis-py client caused ChatGPT to leak conversation histories and personal details of about 1.2% of Plus users, prompting a temporary service shutdown and a rapid patch deployment.
A recent bug in the open‑source redis‑py library caused ChatGPT to leak personal data of about 1.2 % of Plus users, allowing some users to see others' names, emails, and partial credit‑card details; OpenAI issued an apology, published a post‑mortem, and deployed a patch to fix the Redis Cluster async client issue.
Last Monday, a Redis client bug caused ChatGPT to leak user conversation histories and personal details of about 1.2% of Plus subscribers, prompting OpenAI to temporarily shut down the service, investigate, and release a patch fixing the underlying Redis‑py issue.
A misconfigured Azure Blob storage bucket exposed 2.4 TB of sensitive data from over 65,000 entities in 111 countries, prompting Microsoft to acknowledge the breach, dispute its scale, and outline best practices while highlighting cloud storage misconfigurations as a leading attack vector.
Twitter’s tech team patched a major security flaw that exposed email addresses and phone numbers of over 5.4 million accounts, prompting a $30,000 data sale on Breached Forums and a $5,040 bug‑bounty reward for the researcher who reported it.
The Supreme Court ruled APIs uncopyrightable, letting Google use Java code in Android, while LG exits the smartphone market, a massive Facebook data leak surfaces, UK developer jobs surge amid skill shortages, and Python 3.9.4 patches critical security flaws.
