[gull] 💾 The Worst Data Breaches of 2025—And What You Can Do

Fri Jan 16 12:53:44 CET 2026

Bonjour Daniel,

bonne année 2026 à toi, ton épouse, votre compagnon à pattes, et bonne année à vous tous en Suisse qui lisez la liste du Gull. Et merci à Felix de l'administrer. Et merci à Marc pour ses réponses hyper pointues. Et merci à tous ceux dont il est plaisant et instructif de lire les réponses.

>  une publication émanant de la EFF, qui résume les pires "fuites" de données pour l'année 2025.

Merci pour ce lien, lui-même riche en autres liens, pour en savoir plus sur certaines de ces fuites.

Les consommateurs négligent les fuites de données, tant qu'elles sont indolores à court terme. Ils commencent à se plaindre lorsqu'elles permettent aux scripts kiddies de leur voler leurs comptes de joueurs sur Playstation par exemple. On trouvait ces jours-ci le post-mortem distrayant et instructif d'un Youtuber expliquant comment la communication publique, par une photo d'écran négligente, d'un numéro de facture Sony, avait permis au pirate d'obtenir du service client la réinitialisation du compte du premier en faveur du second, et donc le vol des jeux dématérialisés achetés par le légitime propriétaire.

Le propos n'est pas de taper sur Sony, en critiquant sans doute à juste titre leur procédure de réinitialisation de compte client probablement déficiente. Ce que je veux dire, c'est qu'il y a quelque chose de naturellement indolent chez nous tous, qui fait que tant que ça fonctionne, on se souci peu de sécurité. À l'exception des cercles très techno comme ici, où les questions de sécurité intéressent pour ce qu'elles sont, pour l'ingéniosité des compromissions, pour les bonnes pratiques générales qu'on peut en tirer, pour le reste, on ne voit les questions de sécurité jaillir que quand les mecs ont perdu des cryptos, des jeux vidéo, ou que l'hôpital se fait rançonner. Rapide digression, pour les cryptos, l'appât du gain rend les choses physiquement dangereuses, loin du hack informatique, mais avec des vrais enlèvements pour extorquer les clés.

L'indolence vis-à-vis de la sécurité est la cousine de l'indolence face au marketing numérique. C'est grâce à notre acceptation tacite que fonctionne la vente des apps et jeux dématérialisés. On n'en possède plus une copie, seulement un droit-à-utiliser, plus ou moins privateur de liberté, le plus souvent impossible à céder. Ces structures commerciales d'extraction de richesse mises en place par des "détenteurs de droits", relativement indolores, ne seraient pas possibles sans le consentement des consommateurs. J'en faisais l'expérience à Noël, pour mon fils qui voulait Minecraft sur PC, dont on ne peut acheter qu'une licence d'usage, non une copie du jeu lui-même, licence liée à un compte Microsoft, ultérieurement incessible. Quand il ne voudra plus y jouer, impossible de céder le jeu à un autre. Je sais que cette offre commerciale m'est défavorable. Je prends ou ne prend pas ? C'est le choix laissé au consommateur. Ça s'éloigne de ton sujet, Daniel, les fuites de données, mais il reste un trait d'union: notre indolence vis-à-vis des fuites de données, notre manque de parcimonie dans leur partage (combien de fois on remplit tous les champs d'un formulaire sans discuter ?) est un écho de notre indolence en tant que consommateurs.

--
Frédéric Dumas
f.dumas at ellis.siteparc.fr

> Le 16 janv. 2026 à 11:55, Daniel Cordey via gull <gull at forum.linux-gull.ch> a écrit :
> 
> Hola,
> Je me permets de vous faire suivre une publication émanant de la EFF, qui résume les pires "fuites" de données pour l'année 2025.
> 
> 
> -------- Forwarded Message -------- Subject: 💾 The Worst Data Breaches of 2025—And What You Can Do Date: Wed, 14 Jan 2026 14:36:19 +0000 From: Electronic Frontier Foundation <editor at eff.org> Reply-To: editor at eff.org To: dc at pxcluster.com 
> 
> | ____|| ____|| ____|___ __ | |_ ___ _ _
> | ____|| ____|| ____|/ -_)/ _|| _|/ _ | '_|
> |______||_| |_| ___| __| __| ___/|_|
> 
> EFFector Vol. 38, No. 1 Wednesday, Jan 14, 2025 editor at eff.org
> 
> A Publication of the Electronic Frontier Foundation
> ISSN 1062-9424
> 
> effector: n, Computer Sci. A device for producing a desired change.
> 
> : . : . : . : . : . : . : . : . : . : . : . : . : . : . :
> 
> 💾 The Worst Data Breaches of 2025—And What You Can Do
> 
> Welcome to an all-new EFFector, your regular digest on everything digital rights from the Electronic Frontier Foundation. 
> In our 836th issue: A deep dive into ICE's spy tech shopping spree, how to follow the money on Homeland Security spending, and the most noteworthy data breaches of 2025.
> 
> When you lose your rights online, you lose them in real life. Become an EFF member today!
> 
> https://supporters.eff.org/donate/effector--8ha
> 
> : . : . : . : . : . : . : . : . : . : . : . : . : . : . :
> 
> Featured Story: The Worst, Weirdest, Most Impactful Data Breaches of 2025
> 
> Another year has come and gone, and, with it, thousands of data breaches affecting millions of people. These days, the question generally isn't *if* your information was compromised in a breach this year, it's *how many* different breaches compromised your private data.
> 
> Some data breaches, however, are more noteworthy than others. While one might affect a small number of people and include little useful information, another might include specific location information or even a potential medical diagnosis. To bring attention to these breaches we created the Breachies, a series of tongue-in-cheek awards highlighting each year's most egregious data breaches.
> 
> This year's honors include the I Didn’t Even Know You Had My Information Award (bestowed upon location data broker Gravy Analytics for a hack that exposed tens of millions of mobile phone coordinates), the Hacker's Hall Pass Award (given to PowerSchool for a breach that compromised personal information of over 60 million students and teachers), and the Annual Microsoft Screwed Up Again Award (awarded to, duh, Microsoft). [1] [2] [3]
> 
> Of particular note is Discord's prize, the We Still Told You So Award. EFF has repeatedly warned that age verification laws create serious security risks (on top of being harmful censorship and surveillance regimes). [4] These mandates require users to hand over some of their most sensitive information (like government IDs and faces) before accessing content online—sensitive information that can then be compromised by hackers. And, sure enough, much of Discord’s age verification data was breached in 2025, including users’ real names, selfies, ID documents, and email and physical addresses. [5] 
> While the seemingly endless number of data breaches can make it feel like there's nothing you can do to protect your information, it's actually a good reason to take action. On our blog, we name a number of steps you can take right now to protect yourself from the next data breach. Some simple ones include using unique passwords on all your accounts, using two-factor authentication when it's offered, and deleting old accounts.
> 
> Of course, individual self-protection only addresses the symptoms of a world where companies gobble up as much data as they can, store it for as long as possible, and don't do enough to protect it. Companies need to do a better job of only collecting the information they need to operate, and properly securing what they do store. And, as we've said before and will say again and again, lawmakers need to pass comprehensive privacy protections. [6]
> 
> READ MORE: https://www.eff.org/deeplinks/2025/12/breachies-2025-worst-weirdest-most-impactful-data-breaches-year?utm_source=effector
> 
> [1] https://www.wired.com/story/gravy-location-data-app-leak-rtb/
> [2] https://techcrunch.com/2025/01/09/powerschool-says-hackers-stole-students-sensitive-data-including-social-security-numbers-in-data-breach/
> [3] https://techcrunch.com/2025/07/23/hundreds-of-organizations-breached-by-sharepoint-mass-hacks/
> [4] https://www.eff.org/pages/whos-harmed-age-verification-mandates
> [5] https://www.bleepingcomputer.com/news/security/discord-discloses-data-breach-after-hackers-steal-support-tickets/
> [6] https://www.eff.org/wp/privacy-first-better-way-address-online-harms
> : . : . : . : . : . : . : . : . : . : . : . : . : . : . :
> 
> ‌EFF Updates 
> 🧊 ICE SPY TECH: With billions more dollars at their disposal, the U.S. Immigration and Customs Enforcement (ICE) has been going on a surveillance tech shopping spree. In recent months, ICE has inked contracts for location, social media, phone, and face surveillance tools. On our blog, we dig into each of these—and what EFF and others are doing to stop the spying.
> 
> https://www.eff.org/deeplinks/2026/01/ice-going-surveillance-shopping-spree?utm_source=effector
> 
> 💰FOLLOW THE MONEY: Hundreds of companies are looking to cash in on increased spending by the U.S. government on immigration enforcement and border surveillance. Recently, we updated our database of vendors selling their tech to the U.S. Department of Homeland Security (DHS). Now, we're also sharing our research methods so that you, too, can follow the DHS spending trail.
> 
> https://www.eff.org/deeplinks/2025/12/homeland-security-spending-trail-how-follow-money-through-us-government-databases?utm_source=effector
> 
> 🤓 HACKERS AGAINST ICE: It can be hard to imagine how to defend oneself against such an overwhelming force like ICE, which is spending hundreds of millions of dollars to spy on anyone—and potentially everyone—in the United States. But a few enterprising hackers have started projects to do counter-surveillance against ICE, and hopefully protect their communities through the clever use of technology.
> 
> https://www.eff.org/deeplinks/2026/01/how-hackers-are-fighting-back-against-ice?utm_source=effector
> 
> 🪪 AGE VERIFICATION: Age verification mandates are spreading fast, and they’re ushering in a new age of online surveillance, censorship, and exclusion for everyone—not just young people. Join our free livestream on Thursday, January 15, at 12pm PT: "EFFecting Change: The Human Cost of Online Age Verification." Speakers from EFF, Gen-Z for Change, and the Collaborative Research Center for Resilience will discuss what we stand to lose as more and more governments push to age-gate the web. 
> https://www.eff.org/deeplinks/2026/01/effecting-change-human-cost-online-age-verification?utm_source=effector
> 
> : . : . : . : . : . : . : . : . : . : . : . : . : . : . :
> 
> Don’t Let Tyrants Co-opt Tech
> 
> Technology is supercharging the attack on democracy by making it easier to spy on people, block free speech, and control what we do. The Electronic Frontier Foundation’s activists, lawyers, and technologists are fighting back.
> 
> Join the movement to Take Back CTRL. For a limited time, join EFF for as little as $20. As our thanks, you’ll get a Take Back CTRL Camera Cover Set with any member gift.
> 
> https://supporters.eff.org/donate/effector--8fa
> 
> : . : . : . : . : . : . : . : . : . : . : . : . : . : . :
> 
> "The biggest thing is data minimization. It's collecting less. It is asking less from us and storing it less."
> 
> EFF's Thorin Klosowski in this week's EFFector audio companion on what companies need to be doing to protect us from the threat constant data breaches pose. Hear our discussion with Thorin here:
> 
> https://youtu.be/d_homjXbdYg
> 
> : . : . : . : . : . : . : . : . : . : . : . : . : . : . :
> 
> MiniLinks 
> 🗣️ Free Speech
> 
> - "How to Make Sense of Trump’s TikTok Deal" (Tech Policy Press)
> 
> https://www.techpolicy.press/how-to-make-sense-of-trumps-tiktok-deal/
> 
> - "Why Are Grok and X Still Available in App Stores?" (Wired)
> 
> https://www.wired.com/story/x-grok-app-store-nudify-csam-apple-google-content-moderation/
> 
> 🔒 Privacy
> 
> - "'Worst in Show' CES products include AI refrigerators, AI companions and AI doorbells" (Associated Press)
> 
> https://apnews.com/article/ces-worst-show-ai-0ce7fbc5aff68e8ff6d7b8e6fb7b007d
> 
> 🔍 Transparency
> 
> - "Cops Forced to Explain Why AI Generated Police Report Claimed Officer Transformed Into Frog" (Futurism)
> 
> https://futurism.com/artificial-intelligence/ai-police-report-frog
> 
> 🌎 International
> 
> - "Iran’s internet shutdown is chillingly precise and may last some time" (The Guardian)
> 
> https://www.theguardian.com/world/2026/jan/10/irans-internet-shutdown-is-strikingly-sophisticated-and-may-last-some-time
> 
> 🗝️ Security
> 
> - "Founder of spyware maker pcTattletale pleads guilty to hacking and advertising surveillance software" (TechCrunch)
> 
> https://techcrunch.com/2026/01/06/founder-of-spyware-maker-pctattletale-pleads-guilty-to-hacking-and-advertising-surveillance-software/
> 
> : . : . : . : . : . : . : . : . : . : . : . : . : . : . :
> 
> Announcements
> 
> * Events
> 
> - EFFecting Change: "The Human Cost of Online Age Verification" 🪪 Livestream | Jan. 15
> 
> https://www.eff.org/event/effecting-change-human-cost-online-age-verification?utm_source=effector
> 
> - "Democracy: How AI Will Transform Our Politics, Government, and Citizenship" Book Discussion 📖 Livestream | Jan. 24
> 
> https://www.eff.org/event/rewiring-democracy?utm_source=effector
> 
> - EFF at CactusCon 🌵 in Mesa, AZ | Feb. 6-7
> 
> https://www.eff.org/event/eff-cactuscon-14?utm_source=effector
> 
> - EFF at BSides Seattle 💿 in Seattle, WA | Feb. 27-28
> 
> https://www.eff.org/event/eff-bsides-seattle?utm_source=effector
> 
> * EFF Opportunities
> 
> - Summer 2026 Legal Internship
> 
> https://www.eff.org/about/opportunities/interns
> 
> * Corporate Giving and Sponsorships
> 
> EFF thanks Binary Ninja, SerpApi, Wilson Sonsini Goodritch Rosati, Fenwick & West, AdeliaRisk, and Zellic for their generous support of our work fighting for your privacy online. Learn how your team can join the fight for digital rights at https://eff.org/thanks. 
> : . : . : . : . : . : . : . : . : . : . : . : . : . : . :
> 
> Fresh EFF Gear Is Here
> 
> Show off your support for EFF with hot digital rights merch from our online store. Just in: A "Let's Sue the Government" ringer tee to send the signal that our rights are not optional.
> 
> In addition to EFF shirts and hoodies, we have a wide variety of freedom-supporting swag in stock, including (extremely popular) liquid core gaming dice, HTTP playing cards, and a tactile Lady Justice braille sticker.
> 
> https://shop.eff.org/?utm_source=effector
> 
> : . : . : . : . : . : . : . : . : . : . : . : . : . : . :
> 
> Administrivia
> 
> Editor:
> editor at eff.org
> 
> Membership & donation queries:
> membership at eff.org
> 
> General EFF, legal, policy, or online resources queries:
> info at eff.org
> 
> Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF.
> 
> Back issues of EFFector are available via the Web at:
> https://www.eff.org/effector/
> 
> Unsubscribe from future mailings or change your email preferences: https://assets-usa.mkt.dynamics.com/94400758-7964-ef11-a66d-6045bd003934/digitalassets/standaloneforms/4a1a4f18-6a86-ef11-ac21-0022480ae97e
> 
> Opt out of all EFF email: https://public-usa.mkt.dynamics.com/api/v2.0/orgs/94400758-7964-ef11-a66d-6045bd003934/consent/preferences?contextId=4fcb7774-24d7-43dc-a12d-8aa785e60300
> 
> 815 Eddy Street, San Francisco, CA 94109 USA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4403 bytes
Desc: not available
URL: <http://forum.linux-gull.ch/pipermail/gull/attachments/20260116/f2a3e4e2/attachment.bin>