Flickr Confirms Data Breach Impacting 35M Users

Flickr Confirms Data Breach Impacting 35M Users

Flickr has disclosed a data breach involving a third-party email service provider that potentially exposed the personal information of its 35 million monthly users. Discovered on February 5, 2026, the vulnerability allowed unauthorized access to names, email addresses, usernames, IP addresses, and activity logs. While passwords and financial data remained secure, the company has urged users to be vigilant against phishing and to update any reused credentials.

Source: Bleeping Computer

Penta Security Obtained PCI DSS as Service Provider

Penta Security has obtained PCI DSS (Payment Card Industry Data Security Standard) v4.0.1 certification as a web application security Service Provider, reinforcing its leadership in cybersecurity and payment data protection. This verifies that Penta Security’s web security services (WAPPLES, Cloudbric) fully protect cardholder data environments (CDE) based on network segmentation technology and strict access control policies. Penta Security customers can now expect enhanced protection and greater convenience when preparing for their own PCI DSS certification.

Source: EIN Presswire

Bridgepay Confirms Ransomware Attack

Payments platform BridgePay has confirmed that a multi-day service outage was caused by a ransomware attack on its systems. The incident disrupted the company’s ability to process transactions, impacting numerous merchants and partners who rely on its gateway services. While BridgePay has restored some operations and is working with cybersecurity experts to investigate the extent of the data exposure, the attack underscores the growing vulnerability of financial infrastructure to ransomware groups.

Source: SC Media, Infosecurity Magazine

Moltbook Platform Exposes API Keys Through Database Misconfiguration

Moltbook, a viral social network for AI agents, exposed 1.5 million API authentication tokens, 35,000 user emails, and thousands of private messages due to a database misconfiguration. The platform’s creator admitted the site was built entirely with AI-generated code, which failed to implement critical Row Level Security (RLS) policies in its Supabase backend. This oversight allowed unauthenticated users to read and write to the production database, potentially exposing third-party credentials shared by users.

Source: The Cyber Express

Coinbase Confirms Insider Breach

Coinbase recently confirmed that a single contractor improperly accessed customer information, impacting approximately 30 users. The breach came to light after a hacking group known as Scattered LAPSUS$ Hunters posted and then deleted screenshots of a customer support tool on Telegram. These images displayed sensitive user data, including cryptocurrency balances, email addresses, and phone numbers. Coinbase has since terminated the contractor and notified the affected individuals to mitigate potential risks. This incident follows a much larger breach from the previous year where hundreds of third-party support agents were bribed to exfiltrate data.

Source: Bleeping Computer

Click here to subscribe our Newsletter