Here’s your weekly #databreach news roundup:

Tesla, Luxair, LinkedIn, Discord.io, and Medicaid clients in Indiana.


Tesla had a data breach in May where private info of about 75,735 people was leaked. Two former workers took this data wrongly and Tesla has sued them. The company got back the electronic devices with the data from these workers and made sure they can’t misuse the data anymore. A German newspaper got this data, but promised not to misuse or publish it. While no personal data has been misused yet, Tesla is offering free credit monitoring services to those affected.


On 18 August 2023, Luxair revealed a data breach involving an external service provider that assists with flight disruptions. This provider, storing data in a cloud, did not secure Luxair customer data properly, making it available online. Affected were those who had flight disruptions from November 2020 to 4 July 2023 and received meal vouchers, hotel bookings, or SMS warnings. Not all the data might have been accessed, but the breach is fixed now. The airline has paused the provider’s services and advises customers to be cautious of phishing attempts using Luxair’s brand. They’ve given tips to recognize and avoid such scams and have created a dedicated email for further inquiries about the incident.


Hackers have targeted LinkedIn users, locking many out of their accounts. Some affected users were asked to pay a ransom to regain access and were threatened with account deletion. Others received warnings from LinkedIn about their accounts being locked due to suspicious activities like attempted password breaches or issues with two-factor authentication. Many victims voiced their frustrations on social media about inadequate support from LinkedIn. Interestingly, these hacking incidents were first revealed by independent researchers, not LinkedIn. As of now, LinkedIn hasn’t issued a public response.


Discord.io, a third-party service for Discord, faced a data breach affecting over 760,000 users. On August 14, a database with users’ information appeared for sale on the dark web. A hacker named ‘Akhirah’ took responsibility and provided proof of the data. Discord.io confirmed its legitimacy, stopped its services, and began an investigation. The breach occurred due to a flaw in Discord.io’s code, allowing the hacker to access and sell the data on a hacking site. The leaked information ranged from non-sensitive details, like user IDs and avatar info, to sensitive data like usernames, email addresses, and older hashed passwords. Discord.io has since shut down its site for investigations and plans to enhance its security. Discord itself clarified that they aren’t linked to Discord.io and took measures to protect their users. They also advised users to activate two-factor authentication for safety.

Medicaid clients in Indiana

Over 700,000 Medicaid beneficiaries in Indiana had their personal details exposed in a late May data breach. The Family and Social Services Administration (FSSA) revealed that a software, MOVEit, used by a third-party contractor named Maximus Health Services, was where the breach occurred. Information exposed includes names, addresses, case numbers, and Medicaid numbers. Additionally, four beneficiaries had their Social Security numbers revealed. Maximus, which has been working with Indiana Medicaid since 2007, is reaching out to the affected members and offering credit monitoring solutions.