We’ve seen some major data breaches in the month of August affecting even some of the largest organisations like Toyota, Netflix, Life 360 and others. Read on to learn about these breaches and if they may have impacted you.

Toyota

Toyota confirmed a limited data breach affecting its US branch, following the exposure of 240 GB of data by the threat actor, ZeroSevenGroup. The breach involved the exfiltration of sensitive information, including customer and employee data, financial records, and network infrastructure details. The files are dated December 2022 – suggesting it could be almost two years old or that the data was held on one of Toyota’s legacy servers. The incident has only added to Toyota’s recent cybersecurity challenges, including previous data leaks and ransomware attacks, further promoting the need for cybersecurity measures to protect customers data.

Netflix

Localisation company Iyuno, a production partner of Netflix, suffered a serious security breach that led to the leak of unreleased episodes of popular shows online. The breach, confirmed on August 9^th, involved unauthorised access to confidential content, including low-resolution footage with visible watermarks. Shows affected by the leak include Arcane, Heartstopper, and the highly anticipated Season 5 of Stranger Things. Iyuno is actively investigating the breach, which has sparked mixed reactions from fans, some eager to view the leaked content and others calling for a boycott.

Life 360

Life360 the location-sharing app, had over 442,000 user’s personal details exposed due to API vulnerabilities. Data like customer names, emails, and phone numbers have be leaked through exploiting weaknesses in the app’s API. Cyber criminals to put in customer emails and retrieve the victims full name, unverified phone number or partially verified number. Although Life360 has since fixed the issue, experts have warned about potential attacks and password reuse exploits. The breach has also affected the company’s Tile platform.

Adreno Diving

A hacker named “worry” claims to have breached Adreno, a major Australian dive store. The breach exposing data from over 500,000 customers including personal details such as names, emails, addresses, customer id’s, loyalty rewards, credit details and customers personal interests. The breach is suspected to have originated from a Shopify database linked to the stores website. Adreno is investigating the issue with authorities and has since reset all account passwords, revoked admin access to affected customers data and reset it’s API restrictions (the initial cause of the issue).

Western Sydney University

Western Sydney University has finally revealed the full story behind the nearly 600 terabytes of data stolen in a data breach that lasted from July 2023 to March 2024. The breach exposed sensitive personal details of students and staff, including student identification and full name, date of birth, graduating degree, prizes received, university and personal email addresses, mobile phone numbers, grades, citizenship status and financial information. The university detected the breach inside its Microsoft Office 365 and Isilon environments and has since taken steps to secure its systems, confirming no evidence of the stolen data being posted online through its ongoing monitoring.

Flight Aware

FlightAware, a popular flight tracking service, alerted users to a data security incident on August 17, 2024. The issue involved a configuration error that may have exposed personal information such as; user IDs, passwords, email addresses, names, addresses, and partial credit card numbers. FlightAware has since addressed the error and advised users to reset their passwords. However, there is no current evidence of malicious access or any indication that the exposed data has been used or posted online for sale.

What can I do if my data’s been breached?

You can check if your email address or phone number has been leaked with our free tool here. If your data has been breached, contact ID Care.