✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Consumer Services
Breach intelligence, attack campaigns, and threat reports targeting the Consumer Services sector.
Explore Other Sectors
Consumer Services Threat Reports
Yarbo Mobile App Vulnerabilities Expose Robot Fleet to Remote Control
In June 2026, critical vulnerabilities were identified in Yarbo's Android and iOS mobile applications and cloud infrastructure. These flaws included hard-coded MQTT broker credentials and inadequate authorization controls, allowing unauthorized access to telemetry data and remote command execution on Yarbo's robotic devices. Exploitation of these vulnerabilities could lead to unauthorized control over the robot fleet and exposure of sensitive user information. Yarbo has since released updates to address these issues, urging users to update their applications to version 3.17.4 or later. This incident underscores the persistent risks associated with hard-coded credentials and misconfigured cloud services in IoT devices. As the adoption of connected devices continues to rise, ensuring robust security measures and regular updates is crucial to prevent unauthorized access and potential exploitation.
1 week ago
Kill Chain
Carnival Cruise Data Breach 2026: A Wake-Up Call for Cybersecurity
In April 2026, Carnival Corporation, the world's largest cruise line operator, experienced a significant data breach affecting nearly 6 million individuals. The breach was initiated through a social engineering attack, where an unauthorized actor deceived an employee to gain access to a limited portion of the company's IT system. The attackers, identified as the ShinyHunters extortion gang, claimed responsibility for the breach, stating they stole documents containing over 8.7 million records with personally identifiable information and terabytes of internal corporate data. The compromised data includes names, dates of birth, email addresses, genders, geographic locations, and loyalty program details. Carnival promptly blocked the unauthorized activity and began working with third-party security experts to strengthen their security measures and conduct a thorough investigation. This incident underscores the persistent threat posed by sophisticated cybercriminal groups like ShinyHunters, who employ advanced social engineering tactics to infiltrate organizations. The breach highlights the critical need for robust cybersecurity protocols, employee training to recognize and resist social engineering attempts, and comprehensive incident response strategies to mitigate the impact of such attacks.
4 weeks ago
Kill Chain
Critical Vulnerability in Funnel Builder Plugin Leads to WooCommerce Checkout Skimming
In May 2026, a critical vulnerability in the Funnel Builder plugin for WordPress was actively exploited to inject malicious JavaScript into WooCommerce checkout pages, aiming to steal customer payment information. The flaw, affecting versions prior to 3.15.0.3, allowed unauthenticated attackers to modify global settings via an unprotected checkout endpoint, leading to the execution of malicious code on every checkout page. FunnelKit, the plugin's developer, released a patch in version 3.15.0.3 to address this issue. This incident underscores the persistent threat of supply chain attacks targeting widely-used plugins to compromise e-commerce platforms. The exploitation of such vulnerabilities highlights the importance of timely software updates and vigilant monitoring of third-party components to safeguard sensitive customer data.
1 month ago
Kill Chain
CallPhantom Scam: Deceptive Android Apps Exploit User Curiosity
In November 2025, ESET researchers identified a series of fraudulent Android applications, collectively named 'CallPhantom,' on the Google Play Store. These 28 apps falsely claimed to provide access to call logs, SMS records, and WhatsApp call histories for any phone number. Users were prompted to pay for these services but received only randomly generated, fabricated data. The apps amassed over 7.3 million downloads before being reported to Google and subsequently removed from the store. This incident underscores the persistent threat of deceptive applications exploiting user curiosity and trust. The CallPhantom scam highlights the need for continuous vigilance against fraudulent apps, especially as cybercriminals increasingly target mobile platforms. Users should be cautious of apps requesting payments for services that seem too good to be true and verify the legitimacy of applications before installation.
1 month ago
Kill Chain
ADT Data Breach 2026: Lessons in Cloud Security and Social Engineering
In April 2026, home security giant ADT experienced a significant data breach orchestrated by the cyber extortion group ShinyHunters. The attackers gained unauthorized access to ADT's cloud-based environments by compromising an employee's Okta single sign-on (SSO) account through a voice phishing (vishing) attack. This breach led to the exfiltration of personal information belonging to approximately 5.5 million individuals, including names, phone numbers, physical addresses, dates of birth, and partial Social Security numbers or Tax IDs. Notably, no payment information or customer security systems were compromised. This incident underscores the escalating threat posed by sophisticated social engineering tactics targeting SSO credentials. Organizations must bolster their defenses against such attacks, as the reliance on cloud-based services and centralized authentication systems continues to grow, making them attractive targets for cybercriminals.
1 month ago
Kill Chain
Basic-Fit Data Breach 2026: A Wake-Up Call for Cybersecurity in the Fitness Industry
In April 2026, Basic-Fit, Europe's largest fitness chain, experienced a data breach affecting approximately one million members across six countries, including the Netherlands, Belgium, Luxembourg, France, Spain, and Germany. Unauthorized access to the system that records members' visits allowed attackers to exfiltrate personal information such as full names, physical addresses, email addresses, phone numbers, dates of birth, bank account details, and membership information. The breach was detected and halted within minutes by Basic-Fit's monitoring systems, and affected members were promptly informed. Notably, no identification documents or account passwords were compromised. This incident underscores the critical importance of robust cybersecurity measures in protecting sensitive customer data. With the increasing frequency of cyberattacks targeting personal and financial information, organizations must prioritize the implementation of comprehensive security protocols and continuous monitoring to mitigate potential threats and safeguard their customers' trust.
2 months ago
Kill Chain
Rockstar Games' 2026 Data Breach: A Wake-Up Call for Third-Party Security
In April 2026, Rockstar Games experienced a data breach orchestrated by the hacker group ShinyHunters. The attackers exploited a vulnerability in Anodot, a third-party analytics platform integrated with Rockstar's Snowflake cloud infrastructure, to steal authentication tokens. This allowed unauthorized access to Rockstar's internal data, leading to a ransom demand with a deadline of April 14, 2026. Rockstar confirmed that only a limited amount of non-material company information was accessed, emphasizing no impact on their operations or players. ([tomshardware.com](https://www.tomshardware.com/tech-industry/cyber-security/rockstar-games-confirms-it-was-hacked-by-malicious-group-shinyhunters-takes-credit-gives-until-april-14-to-pay-ransom-or-risk-leaking-confidential-data-shinyhunters?utm_source=openai)) This incident underscores the growing trend of cyberattacks targeting third-party service integrations, highlighting the critical need for organizations to assess and secure their entire supply chain. The breach also serves as a reminder of the persistent threats posed by groups like ShinyHunters, known for exploiting indirect access points to infiltrate major corporations. ([techspot.com](https://www.techspot.com/news/112038-rockstar-games-hit-ransom-demand-after-third-party.html?utm_source=openai))
2 months ago
Kill Chain
Hims & Hers Data Breach: Lessons in Securing Third-Party Platforms
In early February 2026, telehealth company Hims & Hers experienced a data breach when unauthorized individuals accessed their third-party customer service platform, Zendesk. The attackers infiltrated the system between February 4 and February 7, compromising support tickets that contained customer names, contact information, and other personal data. Notably, medical records and doctor communications remained unaffected. The breach was attributed to the ShinyHunters extortion group, which exploited compromised Okta SSO accounts to gain access to Zendesk and exfiltrate millions of support tickets. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/hims-and-hers-warns-of-data-breach-after-zendesk-support-ticket-breach/?utm_source=openai)) This incident underscores the escalating threat posed by cybercriminal groups targeting third-party service platforms through sophisticated social engineering and credential compromise techniques. Organizations must enhance their security measures, particularly around SSO systems and third-party integrations, to mitigate such risks.
2 months ago
Kill Chain
PayPal's 2025 Data Breach: A Cautionary Tale in Financial Data Security
In 2025, PayPal experienced a significant data breach due to a code change in its Working Capital application, which inadvertently exposed sensitive customer information, including Social Security numbers and dates of birth, for nearly six months. The breach was discovered on December 12, 2025, but had been active since July 1, 2025. Approximately 100 customers were affected by this incident. ([cybernews.com](https://cybernews.com/security/paypal-six-month-breach-ssn-working-capital-app/?utm_source=openai)) This incident underscores the critical importance of rigorous code review processes and robust access controls in financial applications. The prolonged exposure period highlights the necessity for continuous monitoring and rapid response mechanisms to detect and mitigate unauthorized access to sensitive data.
4 months ago
Kill Chain
Grubhub 2024 Data Breach: Hackers Steal Sensitive Customer Information
In June 2024, Grubhub, a major food delivery platform, experienced a significant data breach after hackers gained unauthorized access to its internal systems. According to official statements and media reports, the attackers stole sensitive customer data, including contact details and potentially account credentials. The incident led to extortion demands from the threat actors, prompting Grubhub to initiate incident response protocols and notify affected users. The breach highlighted the attackers’ ability to navigate network defenses, exfiltrate data, and potentially disrupt business operations with ransom threats. This incident is particularly relevant amid a surge in data breaches targeting large consumer platforms and the continued evolution of extortion-based attacks. With regulatory scrutiny increasing and attackers using sophisticated lateral movement tactics, organizations must reassess data protection, segmentation, and threat detection strategies.
5 months ago
Kill Chain
Browser-in-Browser Phishing Surge: Facebook Credential Thefts Expose New Risks in 2024
In early 2024, cybercriminals dramatically escalated the use of the 'browser-in-browser' (BitB) attack technique to steal Facebook login credentials. This method mimics a legitimate browser popup within the user's real window, tricking individuals into entering their login details on phishing sites that look identical to authentic Facebook authentication dialogs. Attackers lure victims through targeted ads, social engineering, and cleverly crafted phishing emails. The impact includes widespread account compromise, enabling follow-on fraud, spam campaigns, and potential data exfiltration from the compromised users' profiles. Facebook, along with the wider cybersecurity community, is warning users and rolling out alerts in response, but overall threat exposure remains high. The BitB phishing approach reflects a concerning trend of attackers using more advanced visual deceptions to bypass user awareness and established security controls. Its prevalence highlights a widening capability gap in traditional anti-phishing technologies, reinforcing the need for robust anomaly response and continuous education amid shifting adversary tactics.
5 months ago
Kill Chain
ShinyHunters Extort PornHub: 2024 Analytics Breach Exposes Premium Member Data
In June 2024, adult content platform PornHub became the target of a significant data breach when the ShinyHunters extortion group claimed to have stolen search and viewing history data linked to the site’s Premium members. Attackers reportedly exploited Mixpanel analytics integrations to exfiltrate sensitive user data, including logs of user activity, then threatened public release unless a ransom was paid. PornHub’s operations and brand reputation face heightened scrutiny, especially given the highly sensitive nature of the data involved, with many users fearing exposure and potential blackmail. This incident underscores the ongoing threats facing organizations that handle sensitive personal data, especially as extortion groups increasingly target user activity logs for leverage. Regulatory and reputational risks are amplified by attackers’ focus on analytics platforms, and similar tactics are expected to proliferate across other high-traffic digital properties in 2024.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports