Resources

What Happened in the Instagram Breach? In early January 2026, a threat actor known as “Solonik” posted a dataset titled “INSTAGRAM.COM 17M GLOBAL USERS — 2024 API LEAK” on a dark-web marketplace. The data reportedly covered about 17.5 million Instagram accounts and included usernames, names, email addresses, phone numbers, and some partial physical addresses.Shortly after…

What Happened? Vida Y Salud Health Systems Inc., a nonprofit Federally Qualified Health Center in Crystal City, Texas, detected suspicious network activity on October 8, 2025. An investigation with external cybersecurity specialists confirmed unauthorized access between October 7 and October 8, 2025, during which files containing sensitive patient data were copied.The organization secured its systems,…

Cyber incidents in Australia ranged from massive ransomware attacks to opportunistic database exposures throughout 2025. This report, produced with the aid of machine‑learning tools, reviews known data breaches that became public between January 2025 and January 2026.The article is modelled on Bright Defense’s month‑by‑month breach round‑up and is intended for general awareness. It combines open…

What HappenedIn early January 2026, hardware wallet maker Ledger warned that unauthorized access to the Global-e platform, its e-commerce and payment provider, exposed the personal details of some Ledger customers who purchased products through Ledger’s online shop.Ledger said the incident involved unauthorized access to order data stored in Global-e systems and stressed that Ledger’s own…

What HappenedManage My Health, a widely used New Zealand patient portal, said an unauthorized party accessed a portion of its platform and may have viewed health documents linked to roughly 6% to 7% of its registered user base. The company has put the potential impact at 108,000 to 126,000 people out of about 1.8 million…

What HappenedGoogle said in mid-December 2025 that it will shut down Dark Web Report, which alerted users when their personal data appeared in breach dumps and dark web markets. Launched in March 2023 and expanded to all Google accounts in July 2024, it scanned for emails, names, phone numbers, and SSNs and sent alerts recommending…

What HappenedIn late December 2025, a database with 2.3+ million records tied to WIRED subscribers surfaced on underground forums. A threat actor called Lovely posted it on Breach Stars on Dec 20, claiming they exploited weaknesses in Condé Nast’s account systems, then reposted it elsewhere. Researchers said the files appear to come from an internal…

What HappenedIn late December 2025, Spotify confirmed it was investigating unauthorized scraping of its music library after a pirate activist group, Anna’s Archive, claimed it had backed up a massive portion of Spotify’s catalog. The group said it released metadata for hundreds of millions of tracks and intended to distribute tens of millions of audio…

What Actually HappenedIn December 2025, Nissan Motor Co. Ltd. confirmed that personal data for about 21,000 customers tied to a former Fukuoka dealership in Japan was copied from a Red Hat Consulting server used to build a customer management system. Attackers accessed Red Hat’s self-managed GitLab earlier in autumn, and Red Hat notified Nissan on…

What Happened700Credit LLC, a Michigan based provider of credit reports and identity verification services for auto dealerships, disclosed in late 2025 that attackers accessed its dealership web application and copied sensitive consumer data tied to dealership customers. Public breach reporting and state level disclosures put the total impacted population at about 5.8 million people nationwide,…