data breach4 articles
Dutch Police Nab Suspect Who Repeatedly Hacked Ajax Amsterdam's IT Systems
Dutch police arrested a 35-year-old man from Buren on suspicion of repeatedly hacking into Ajax Amsterdam's computer systems in early 2026. The attacker exploited vulnerabilities in the club's IT infrastructure to access data on hundreds of individuals, modify stadium bans, and potentially manipulate over 42,000 season tickets and 300,000 fan accounts. Ajax has since patched the vulnerabilities and notified the Dutch Data Protection Authority and police.
Myspace93 Breach: 46,000 Plaintext Passwords Finally Surface, Five Years Late
In January 2021, Myspace93 — a parody site mimicking the old social network — suffered a breach in which trusted members of a Discord community exploited beta app access to steal server files, including an unencrypted store containing the plaintext usernames, passwords, email addresses, and IP addresses of over 46,000 users. The site's co-creator, known as jankenpopp, blamed the betrayal on individuals he considered close collaborators, who concealed the theft and shared stolen data and download tools among themselves. The breach has only recently been highlighted after HaveIBeenPwned ingested the data more than five years later, and affected users are advised to change any reused passwords and enable two-factor authentication.
Shadow AI Is the Insider Threat Nobody's Watching
Verizon's 2026 Data Breach Investigations Report reveals a fourfold increase in "shadow AI" use, with 67% of employees who regularly use AI at work doing so through unauthorized personal accounts, potentially exposing sensitive corporate data such as source code, documents, and proprietary research to unvetted third-party platforms. The report also highlights worsening vulnerability management, with remediation rates for critical flaws dropping from 38% to 26% and resolution times rising from 32 to 43 days, while ransomware featured in nearly half of all breaches. On a positive note, ransom payments continued to decline, with 69% of victims refusing to pay and the median payment falling slightly to just under $140,000.
Grafana Labs Got Its GitHub Raided. It's Not Paying Up.
Grafana Labs has disclosed that an unauthorized attacker obtained a token to access its GitHub environment and stole its codebase, subsequently threatening to release the code unless a ransom was paid. The company refused to pay, citing FBI guidance and the fact that no customer data or operational systems were affected. The incident's impact may be limited, as much of Grafana's code is already open source, though it remains unclear exactly what proprietary code was taken.