BREACH & RANSOMWARE

The Atlas Menu cheat platform for GTA V and CS2 suffered a data breach, leaking emails, IP addresses, support tickets, and hashed passwords of roughly 64,000 users. This exposure highlights third‑party risk for organizations that integrate or rely on low‑security gaming services.

DentaQuest disclosed a cyber‑attack that resulted in the public exposure of health information for approximately 2.6 million accounts. The breach, uncovered via an online breach‑listing, highlights significant PHI leakage and creates downstream risk for partners that rely on DentaQuest data.

Dashlane reported that a threat actor brute‑forced its device‑registration API, stole encrypted password vaults from fewer than 20 personal‑plan customers, and downloaded them before the breach was contained. The vaults remain encrypted but can be cracked offline, posing a credential‑exposure risk for any organization that relies on Dashlane.

In May 2026, BCD Travel fell victim to the ShinyHunters pay‑or‑leak campaign, resulting in the public release of 396k records containing personal and corporate identifiers. Third‑party risk managers should reassess BCD Travel’s security posture and mitigate downstream phishing threats.

A malicious, unsigned executable was inserted into the Windows distribution of Hola Browser, turning infected machines into Monero miners. The breach affects a small fraction of users but highlights the risk of third‑party software supply‑chain attacks for organizations that whitelist such tools.

ShinyHunters leaked 234 GB of data from DentaQuest, revealing personal and health‑insurance information for 2.6 million accounts. The breach highlights third‑party risk for insurers, employers, and Medicaid/Medicare programs that rely on the dental‑benefits platform.

iFood, Brazil’s largest food‑delivery platform, confirmed that personal information for approximately 1.2 million customers was accessed by unauthorized actors. The breach raises third‑party risk for brands that integrate iFood services, especially under Brazil’s LGPD privacy regime.

The UN World Food Programme disclosed that its self‑registration platform for Gaza beneficiaries was breached, leaking personal data for roughly 600,000 households. The incident underscores third‑party risk for organizations that rely on humanitarian data services and raises immediate phishing and fraud concerns.

Attackers used Meta’s AI support assistant to add a malicious email address to victims’ Instagram profiles, captured the verification code, and forced a password reset, resulting in account takeover. The incident underscores the risk that LLM‑driven support bots can be abused for credential compromise, affecting both users and enterprises that depend on the platform.

A sophisticated threat actor compromised the Outlook mailbox of a senior executive at a major stock exchange, siphoning email data for five months through Dropbox and OneDrive. The breach highlights the risk of credential compromise and cloud‑based exfiltration for high‑value financial institutions.

Hackers convinced an AI support bot to hand over Instagram accounts by changing recovery email addresses.

In May 2026, ShinyHunters published over 2 million dental‑benefit records after extorting DentaQuest. The leak includes PHI such as Medicaid IDs, dates of birth and contact details, creating a significant third‑party risk for insurers and health‑tech platforms that rely on DentaQuest data.

Alcasec, known as the “Robin Hood of Spanish Hackers,” was sentenced to 31 months after admitting to stealing and selling banking credentials of Spanish citizens. The breach underscores credential‑theft risks for financial‑service third parties and the need for robust authentication controls.

Attackers leveraged Meta’s AI‑powered support chatbot to reset Instagram passwords and add attacker‑controlled email addresses, hijacking accounts—including the Obama White House and a U.S. Space Force profile—without needing victim email access. The breach underscores AI‑driven support as a new attack surface for third‑party risk.

Red Hat removed 32 tainted packages after attackers used a compromised GitHub account to inject a credential‑stealing worm into its distribution pipeline. The packages were downloaded over 117 k times weekly, exposing downstream customers to potential malware infection. TPRM teams should verify package integrity and reassess vendor supply‑chain controls.

A full‑system compromise of the Atlas Menu cheat platform for GTA V and CS2 resulted in the public release of 64 000 user records, including emails, usernames, IPs, support tickets, and bcrypt‑hashed passwords. The breach highlights credential‑reuse risks for both gamers and any organizations where those credentials overlap.

A 2023 credential‑stuffing attack on 23andMe’s login portal led to the compromise of ~14 k accounts. Attackers then exploited a coding flaw in the DNA Relatives feature to harvest genetic data of nearly 7 million customers, prompting a California lawsuit and highlighting severe third‑party risk for health‑tech ecosystems.

Attackers hijacked a Red Hat employee’s GitHub account to publish malicious npm packages containing the Mini Shai‑Hulud payload. The malware steals cloud and CI/CD credentials and attempts to self‑propagate via npm’s bypass_2fa feature, posing a credential‑theft risk to downstream customers.

Dashlane reported that an external actor performed a brute‑force attack against personal‑plan accounts, bypassing two‑factor authentication and downloading encrypted vaults for fewer than 20 users. The breach highlights weaknesses in 2FA implementation and underscores the need for robust credential‑management controls in third‑party risk programs.

Spanish authorities have arrested a doxer responsible for publishing personal data of employees from key state bodies, including the National Cybersecurity Institute and the National Police. The leak, sourced from older breaches and OSINT tools, poses national‑security risks and underscores the need for vigilant third‑party data controls.

In January 2026 the ShinyHunters group reported a breach of Edmunds, leaking 177,860 accounts with email, passwords, phone numbers and vehicle data. The exposure creates credential‑reuse and phishing risks for automotive OEMs, dealers and any partner that integrates Edmunds services, making it a high‑priority TPRM concern.