home.social
Sign in Create account

#vendor-security — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #vendor-security, aggregated by home.social.

fetched live
  1. TechNadu @[email protected] ·

    Third-party breach, 38M impacted, European e-commerce sector.
    ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
    Authorities notified: CNIL, ANSSI.
    Passwords not reportedly accessed.
    Subcontractor access revoked.

    Key risk vectors:
    – SaaS support platforms
    – Vendor access governance
    – Over-retention of ticketing data
    – Centralized customer communication logs
    – Supply chain attack surface expansion

    This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

    How mature is your third-party risk telemetry?
    Engage below.

    Source: bleepingcomputer.com/news/secu

    Follow @technadu for high-signal infosec reporting.

    Repost to amplify awareness across the security community.

    #Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

    #infosec #thirdpartyrisk #vendorsecurity #supplychainsecurity #databreach #gdprcompliance
  2. TechNadu @[email protected] ·

    OpenAI has reported that a breach at Mixpanel exposed limited API-user metadata, including names, emails, coarse location, OS/browser details and IDs.

    This was not an OpenAI breach, and no chat content, credentials, API keys or payment data were exposed.

    The incident resulted from a smishing compromise of Mixpanel’s environment.

    OpenAI has fully removed Mixpanel and is conducting wider vendor audits.
    How concerned should teams be about metadata exposure at third-party analytics providers?

    Full Article: technadu.com/mixpanel-breach-e

    Follow us for more security coverage.
    #infosec #OpenAI #Mixpanel #databreach #smishing #securityincident #MFA #vendorsecurity #securitynews

    #infosec #openai #mixpanel #databreach #smishing #securityincident
  3. TechNadu @[email protected] ·

    OpenAI confirmed that limited API-user data was exposed through a breach at its previous analytics provider, Mixpanel. The dataset included names, emails, coarse location, user/organization IDs, and technical metadata — but no chats, passwords, API keys, or payment data.

    Researchers noted that sending identifiable data to analytics tools isn’t aligned with typical security best practices.

    What’s your view on data minimization in analytics pipelines?

    Source: cybernews.com/security/openai-

    Share your thoughts - and follow us for more updates.

    #InfoSec #CyberSecurity #DataPrivacy #OpenAI #Mixpanel #APISecurity #DataBreach #VendorSecurity #ThreatIntel #SecurityEngineering #TechNews

    #infosec #cybersecurity #dataprivacy #openai #mixpanel #apisecurity
  4. LMG Security @[email protected] ·

    Third-Party Risk is a Top Threat in 2025—Are You Ready? From breaches to AI-driven vendor risks, third-party risk is evolving fast. Learn how to secure your vendor ecosystem & reduce risk. Watch now! youtu.be/HV-Ysn6-ZxQ

    #Cybersecurity #TPRM #VendorSecurity #AI #RiskManagement #CISO

    #cybersecurity #tprm #vendorsecurity #ai #riskmanagement #ciso
  5. Dissent Doe :cupofcoffee: @[email protected] ·

    @JayeLTee Take a look at this -- Khalil Center really responded quickly to responsible disclosure:

    databreaches.net/2025/01/03/kh

    #dataleak #ransom #incidentresponse #HIPAA #disclsoure #businessassociate #vendorsecurity

    #dataleak #ransom #incidentresponse #hipaa #disclsoure #businessassociate