Plume claimed to be subjected to data breach

Hackread reports that U.S. smart Wi-Fi service provider Plume was claimed to have had more than 20GB of files from its Wi-Fi database stolen by threat actors introducing themselves as MonkeyInject. Nearly 8.5 million users of Plume had their information, including names, email and IP addresses, device information, and user IDs, compromised in the data breach, which was enabled by a former employee who continued to have access rights to the database, said MonkeyInject in a post on X, formerly Twitter. Attackers have also leaked a pair of CSV files, the first of which allegedly includes data from 26,000 Plume customers and the second having information from 3,086 employees, while warning that more data could be exposed should Plume refuse to comply with their demands within a 48-hour period. "Although we don't have many details on this particular breach right now, even the loss of a username or email address can open an attack vector on any site where you have also used those same details," said Specops Software Senior Product Manager Darren James.