Analyst Insight
This week in cyber, a significant breach hit a women-only dating safety platform, leaking thousands of users’ personally identifiable information. Some of this data is already being misused, raising serious safety concerns for victims. A major life insurance provider also suffered a breach, with 1.4 million users’ sensitive data exposed by the ShinyHunters extortion group. In another case, Orange Telecom revealed a system breach, though the infected machine was isolated by Orange Cyberdefense. Lastly, the FBI seized $2.4 million in Bitcoin from a Chaos ransomware operator. Read more in this week in cyber.
Hackers Expose Tea App Database with Private Messages and Drivers’ Licences
Women-only dating safety platform “Tea” experienced a data breach after exposed a unsecured Firebase storage bucket with users’ private messages, drivers’ licences and selfies, used to verify the user is a woman. An anonymous 4chan user posted the exposed Firebase storage bucket, leading to a total of 59GB of data exposed in the leak. Tea confirmed that the breach only affected users who signed up before February 2024 stating a “legacy storage system was compromised, resulting in unauthorized access to a dataset.” The data includes approximately 72,000 images, including 13,000 selfies and photo identification submitted by users during account verification and approximately 59,000 images publicly viewable in the app from posts, comments and direct messages.
Allianz Life Insurance Data Breach, Majority of its 1.4 Million Users Exposed
A threat actor gained access to a third party, cloud-based CRM system used by life insurance company Allianz Life. The threat actor was able to obtain sensitive data that could be used to identify customers. Allianz Life attributed the attack to a group called the Shiny Hunters extortion group. Shiny Hunters is a group of threat actors linked to multiple high profile data breaches such as attacks against PowerSchool and SnowFlake impacting Santander, TicketMaster and AT&T.
Shiny Hunters attack techniques include:
- Impersonating IT support, requesting the targeted employee accept a connection to Salesforce data loader, a client application that allows users to import, export, update, or delete within Salesforce environments.
- Once the connection is accepted, the threat actors use the data loader to exfiltrate data from Salesforce, which is then used to extort the company.
Orange Telecom Faces Cyberattack Disclosed by the Company
Orange Group revealed on July 25, 2025, that its systems were breached and an infected system was isolated by Orange Cyberdefense. The disruption affected some business and consumer services in France, though they expect service recovery by July 30th. So far, investigations have found no evidence of data exfiltration. While the threat actor responsible remains unknown, similarities have been drawn to prior global telecom breaches linked to China’s Salt Typhoon espionage group. This follows a separate February breach targeting Orange Romania, where a hacker linked to HellCat leaked about 12,000 files (>6.5 GB) containing employee details, email addresses, source code, contracts, and partial payment card data though deemed non‑critical and with no service interruption.
FBI Seizes $2.4M in Bitcoin from Chaos Ransomware Operator
Last week, the FBI’s Dallas office seized 20.2891382 BTC (now valued at over $2.4 million) from a wallet linked to a Chaos ransomware affiliate known as “Hors,” allegedly responsible for multiple extortion attacks across Texas. Chaos is a rebrand of the BlackSuit/Royal ransomware operation, which itself emerged from the remnants of Conti. The funds were confiscated on April 15th, 2025, and on July 24th, 2025, the U.S. Department of Justice filed a civil forfeiture complaint to claim the assets as proceeds of criminal activity.
Go Back
