Cybercrime

Massive leak exposes data of millions in China

Cybersecurity researchers have uncovered a brief but significant leak of over 600 gigabytes of data, exposing information on millions of Chinese citizens.

The haul, containing WeChat, Alipay, banking, and residential records, is part of a centralised system, possibly aimed at large-scale surveillance instead of a random data breach.

According to research from Cybernews and cybersecurity consultant Bob Diachenko, the data was likely used to build individuals’ detailed behavioural, social and economic profiles.

They warned the information could be exploited for phishing, fraud, blackmail or even disinformation campaigns instead of remaining dormant. Although only 16 datasets were reviewed before the database vanished, they indicated a highly organised and purposeful collection effort.

The source of the leak remains unknown, but the scale and nature of the data suggest it may involve government-linked or state-backed entities rather than lone hackers.

The exposed information could allow malicious actors to track residence locations, financial activity and personal identifiers, placing millions at risk instead of keeping their lives private and secure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NHS launches urgent blood donor appeal

The NHS is appealing for one million new blood donors during National Blood Week, following a significant cyberattack on London hospitals that severely impacted blood stocks.

This urgent plea comes after an analysis by NHS Blood and Transplant revealed a shortfall of 200,000 donors, with only two percent of the population currently sustaining the nation’s blood supply.

The ongoing shortage stems from a July 2024 cyberattack, linked to the Russian-based Qilin ransomware group, which crippled the networks of Synnovis, a major NHS lab partner.

This disruption affected crucial pathology services at hospitals including King’s College Hospital and Guy’s and St Thomas’ NHS Foundation Trust, leading to postponed operations and procedures. The incident prompted an Amber alert for severe blood shortages, declared a ‘critical incident’ by the NHS.

With blood stocks remaining low, exacerbated by recent bank holidays, the NHS is now facing a pressing need to prevent a ‘Red Alert,’ which would signify demand far exceeding capacity and threaten public safety.

A particular emphasis is being placed on finding more O-negative and Ro donors, urging the public to come forward and help replenish vital supplies.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S resumes online orders after cyberattack

Marks & Spencer has resumed online clothing orders following a 46-day pause triggered by a cyberattack. The retailer restarted standard home delivery across England, Scotland and Wales, focusing initially on best-selling and new items instead of the full range.

A spokesperson stated that additional products will be added daily, enabling customers to gradually access a wider selection. Services such as click and collect, next-day delivery, and international orders are expected to be reintroduced in the coming weeks, while deliveries to Northern Ireland will resume soon.

The disruption began on 25 April when M&S halted clothing and home orders after issues with contactless payments and app services during the Easter weekend. The company revealed that the breach was caused by hackers who deceived staff at a third-party contractor, bypassing security defences.

M&S had warned that the incident could reduce its 2025/26 operating profit by around £300 million, though it aims to limit losses through insurance and internal cost measures. Shares rose 3 per cent as the online service came back online.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cybersecurity alarm after 184 million credentials exposed

A vast unprotected database containing over 184 million credentials from major platforms and sectors has highlighted severe weaknesses in data security worldwide.

The leaked credentials, harvested by infostealer malware and stored in plain text, pose significant risks to consumers and businesses, underscoring an urgent need for stronger cybersecurity and better data governance.

Cybersecurity researcher Jeremiah Fowler discovered the 47 GB database exposing emails, passwords, and authorisation URLs from tech giants like Google, Microsoft, Apple, Facebook, and Snapchat, as well as banking, healthcare, and government accounts.

The data was left accessible without any encryption or authentication, making it vulnerable to anyone with the link.

The credentials were reportedly collected by infostealer malware such as Lumma Stealer, which silently steals sensitive information from infected devices. The stolen data fuels a thriving underground economy involving identity theft, fraud, and ransomware.

The breach’s scope extends beyond tech, affecting critical infrastructure like healthcare and government services, raising concerns over personal privacy and national security. With recurring data breaches becoming the norm, industries must urgently reinforce security measures.

Chief Data Officers and IT risk leaders face mounting pressure as regulatory scrutiny intensifies. The leak highlights the need for proactive data stewardship through encryption, access controls, and real-time threat detection.

Many organisations struggle with legacy systems, decentralised data, and cloud adoption, complicating governance efforts.

Enterprise leaders must treat data as a strategic asset and liability, embedding cybersecurity into business processes and supply chains. Beyond technology, cultivating a culture of accountability and vigilance is essential to prevent costly breaches and protect brand trust.

The massive leak signals a new era in data governance where transparency and relentless improvement are critical. The message is clear: there is no room for complacency in safeguarding the digital world’s most valuable assets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI warns BADBOX 2.0 malware is infecting millions

The FBI has issued a warning about the resurgence of BADBOX 2.0, a dangerous form of malware infecting millions of consumer electronics globally.

Often preloaded onto low-cost smart TVs, streaming boxes, and IoT devices, primarily from China, the malware grants cyber criminals backdoor access, enabling theft, surveillance, and fraud while remaining essentially undetectable.

BADBOX 2.0 forms part of a massive botnet and can also infect devices through malicious apps and drive-by downloads, especially from unofficial Android stores.

Once activated, the malware enables a range of attacks, including click fraud, fake account creation, DDoS attacks, and the theft of one-time passwords and personal data.

Removing the malware is extremely difficult, as it typically requires flashing new firmware, an option unavailable for most of the affected devices.

Users are urged to check their hardware against a published list of compromised models and to avoid sideloading apps or purchasing unverified connected tech.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Kraken warns crypto users to stay alert

Kraken has raised concerns over the lack of basic security awareness among crypto users attending industry events. Kraken’s security team observed unlocked devices, unattended phones, and careless talk of personal wealth at conferences, exposing attendees to potential exploitation.

Head of Security Nick Percoco warned that these behaviours compromise individual assets and the safety of entire projects.

Percoco highlighted how scammers easily blend in by posing as legitimate attendees. Tactics include juice jacking, compromised Wi-Fi networks, and malicious QR codes.

He advised using burner wallets with minimal funds during conferences, locking all devices, and avoiding unsecured public connections.

There has also been a rise in offline threats targeting crypto holders. Kraken observed attendees casually discussing trades while wearing conference badges with full names and company details.

With reports of kidnappings and in-person crypto thefts increasing globally, experts say discretion and strong operational security are more crucial than ever.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

M&S CEO targeted by hackers in abusive ransom email

Marks & Spencer has been directly targeted by a ransomware group calling itself DragonForce, which sent a vulgar and abusive ransom email to CEO Stuart Machin using a compromised employee email address.

The message, laced with offensive language and racist terms, demanded that Machin engage via a darknet portal to negotiate payment. It also claimed that the hackers had encrypted the company’s servers and stolen customer data, a claim M&S eventually acknowledged weeks later.

The email, dated 23 April, appears to have been sent from the account of an Indian IT worker employed by Tata Consultancy Services (TCS), a long-standing M&S tech partner.

TCS has denied involvement and stated that its systems were not the source of the breach. M&S has remained silent publicly, neither confirming the full scope of the attack nor disclosing whether a ransom was paid.

The cyber attack has caused major disruption, costing M&S an estimated £300 million and halting online orders for over six weeks.

DragonForce has also claimed responsibility for a simultaneous attack on the Co-op, which left some shelves empty for days. While nothing has yet appeared on DragonForce’s leak site, the group claims it will publish stolen information soon.

Investigators believe DragonForce operates as a ransomware-as-a-service collective, offering tools and platforms to cybercriminals in exchange for a 20% share of any ransom.

Some experts suspect the real perpetrators may be young hackers from the West, linked to a loosely organised online community called Scattered Spider. The UK’s National Crime Agency has confirmed it is focusing on the group as part of its inquiry into the recent retail hacks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google warns users to switch to passkeys after new phishing attacks

Google is once again urging users to upgrade their account security by moving away from password-only access, as cyber scams grow increasingly sophisticated.

The warning follows an attempted phishing attack on Instagram boss Adam Mosseri, who revealed he had been targeted by a convincing scam involving a fake Google phone call and a seemingly legitimate email prompting him to change his password.

Though Google quickly traced and suspended the accounts involved, the incident highlights the evolving nature of online threats. The company has reiterated that it never contacts users by phone or email about password changes or account issues. Any such message should be considered a scam.

In response, Google is encouraging users to adopt stronger security methods, such as Passkeys—a login system that replaces passwords with biometric authentication via a trusted device like a smartphone. This can include fingerprint recognition, facial scan, or the phone’s screen lock.

The tech giant also recommends using two-factor authentication (2FA), but advises against relying on SMS codes or email-based verification, which can be intercepted. Instead, users should opt for an authentication app or use Passkeys for greater protection.

With scams becoming more difficult to detect, Google’s message is clear: take proactive steps to secure your account. Users who receive suspicious communication claiming to be from Google are advised to avoid engaging and verify concerns through Google’s official support channels.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Europe gets new cybersecurity support from Microsoft

Microsoft has launched a free cybersecurity initiative for European governments aimed at countering increasingly sophisticated cyber threats powered by AI. Company President Brad Smith said Europe would benefit from tools already developed and deployed in the US.

The programme is designed to identify and disrupt AI-driven threats, including deepfakes and disinformation campaigns, which have previously been used to target elections and undermine public trust.

Smith acknowledged that AI is a double-edged sword, with malicious actors exploiting it for attacks, while defenders increasingly use it to stay ahead. Microsoft continues to monitor how its AI products are used, blocking known cybercriminals and working to ensure AI serves as a stronger shield than weapon.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

China accuses Taiwan of cyber attacks and offers a bounty

Authorities in Guangzhou have placed a secret bounty on more than 20 individuals suspected of launching cyber attacks on Chinese targets, according to state news agency Xinhua.

One named suspect, Ning Enwei, is reportedly linked to Taiwan’s government. While the size of the reward remains undisclosed, officials claim the accused hackers targeted sectors including defence, aerospace, energy, and science—alongside agencies in Hong Kong and Macau.

Xinhua stated that Taiwan’s ‘information, communication and digital army’ has coordinated with US forces to carry out cyber and cognitive warfare against China.

These accusations form part of a broader Chinese narrative suggesting Taiwan is seeking independence through foreign alliances, particularly with US intelligence agencies. State media also claimed the US has trained Taiwanese personnel and helped orchestrate cyber attacks on the mainland.

In response, a senior Taiwanese security official, speaking anonymously, dismissed the claims as fabricated. The official argued that Beijing is attempting to deflect criticism following allegations of Chinese cyber activities in Europe, especially in the Czech Republic.

‘It is typical of the Chinese Communist Party’s efforts to change the narrative,’ the official said, branding Beijing an international cyber threat instead of a victim.

Taiwan’s government has yet to issue an official statement.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!