This week's news features Instagram's massive user data breach, a malicious Chrome extension that leaked 900,000 users’ browser history, the arrest of 34 cybercrime suspects in Spain, and more.

Let's take a look at these stories in detail. 

17.5 Million Instagram Users Exposed as Hackers Begin Exploiting Data

A major data leak has exposed the personal information of around 17.5 million Instagram users, raising fresh concerns over account security and online fraud.

Despite Meta’s denial of a direct infrastructure breach, cybersecurity experts warn that the incident has moved beyond passive exposure into active exploitation. Since the leak surfaced, users across multiple regions have reported a surge in suspicious password reset emails, a common tactic used in account takeover attempts.

The breach was first uncovered by researchers at Malwarebytes, who identified large volumes of Instagram-related data circulating online. Further analysis confirmed that the data is now being traded openly on dark web forums, making large-scale targeting easier for cybercriminals.

While Instagram has yet to release detailed findings, security analysts caution that the availability of this data will increase the risk of phishing, account hijacking, and identity abuse.

Users are advised to change their passwords, enable two-factor authentication, and treat unexpected login or reset messages with caution. Experts note that once stolen data reaches criminal marketplaces, exploitation can happen quickly, often before victims realise they are at risk.

Meta has since denied that a direct breach occurred, stating that they fixed a technical issue which allowed an external party to trigger the password reset emails, and reassured users that accounts remain secure.

Jaguar Land Rover Reports Major Sales Drop Following Cyberattack

Jaguar Land Rover (JLR) reported a sharp decline in its third-quarter sales as the company recovered from a previous cyberattack. Wholesale units fell 43% to 59,200, while retail sales dropped 25% to 79,600 compared with the previous year. 

Analysts described this as one of the largest disruptions the company has faced in recent times. The automaker acknowledged that the September cyberattack forced production halts at its UK and other facilities for over a month. Operations were restored slowly by mid-November after a detailed review to ensure systems were secure. The interruption is estimated to have cost the UK economy around $2.5 billion.

JLR also confirmed that rising US tariffs and the phase-out of older Jaguar models added pressure on sales. 

Management emphasized that restoring production and introducing new models remain top priorities while keeping security and operational stability in focus. This quarter shows how vulnerable even large, established companies can be to unexpected disruptions.

Zestix Breach Shows Risks of Ignoring Multi-Factor Authentication

A hacker group known as “Zestix” (also referred to as “Sentap”) successfully accessed about 50 major global companies, including organizations in aviation, defense, and healthcare. 

Investigators revealed that the breaches were not caused by sophisticated exploits but by missing Multi-Factor Authentication (MFA) on cloud file-sharing portals.

The attackers used previously stolen passwords and login cookies from older malware infections to gain access. According to experts, they copied terabytes of sensitive data, including flight safety documents and legal strategies.

Affected companies are now enforcing MFA policies and reviewing how employee credentials are handled. 

Firms are reminded that simple protections like MFA, combined with regular monitoring of cloud accounts, can prevent major breaches.

Illinois Residents’ Personal Data Left Public for 4 Years

The Illinois Department of Human Services (IDHS) disclosed that approximately 700,000 residents’ personal information had been publicly accessible online due to a configuration error. This exposure, which began in 2021 and lasted until late 2025, involved Medicaid, Medicare, and disability services records.

Officials found out that staff unintentionally used a public mapping tool for internal planning, leaving addresses, case numbers, and demographic details open to anyone with the link. While names were largely excluded, exposed data could easily be exploited for identity theft or targeted phishing attacks.

IDHS has now implemented a “Secure Map Policy” to prevent future exposures. Officials admitted that although the mistake caused serious privacy concerns, the department is taking active steps to ensure no similar incidents occur. 

Simple oversights can have long-lasting consequences, affecting the security and trust of hundreds of thousands of individuals.

Zenith Bank Zecathon 5.0 Highlights Africa’s Emerging Tech Talent

The 2025 Zenith Tech Fair concluded with Zecathon 5.0, Zenith Bank’s innovation challenge that brings together Africa’s brightest startups. Lagos State Governor Babajide Sanwo-Olu attended as developers and founders presented their solutions and prototypes tackling real-world problems.

Dame Dr. Adaora Umeoji, Zenith Bank’s Group Managing Director, assured that the bank remains committed to supporting innovators with resources, guidance, and exposure to help their ideas scale across Africa.

The hackathon featured hundreds of participants competing over three days. Five finalists stood out. TrustLoop, focused on digital KYC and liveness verification, won N30 million, while four other teams received N10 million each. 

In the Startup Pitch Competition, Cubbes, an education technology venture, won N30 million, and runners-up Venille, Sowota, Invopay, and Flow each received N10 million. 

All winners will enter a six-week accelerator program for mentorship, technical support, and investor visibility. Experts noted that this edition of Zecathon shows the growing capability of African innovators to deliver solutions with real impact.

Ireland Recalls Over 12,000 Passports Due to Printing Issues

Ireland’s Department of Foreign Affairs has recalled  nearly 13,000 passports after identifying a printing error caused by a recent software update.

The issue affects passports issued between December 23 and January 6. In total, 12,904 documents were found to be missing the mandatory “IRL” country code required for international travel compliance.

Officials warn the defect could cause failures at airport eGates and automated border control systems. The error was detected during routine checks and traced back to changes in the passport printing process.

Once confirmed, the government notified the International Civil Aviation Organization and acted quickly to limit disruption for travellers.

Affected passport holders are being asked to return their documents for a free replacement. Authorities confirmed new passports will be issued within about ten working days, with no need for a new application.

Ransomware Breach Hits Texas Gas Station Operator, 377,082 Affected

Gulshan Management Services has disclosed a data breach linked to a ransomware attack that exposed the personal information of more than 377,082 individuals.

The breach was revealed in a filing with the Maine Attorney General’s Office. Gulshan detected unauthorized access to its IT systems in late September.

An investigation later confirmed the attacker remained inside the network for around 10 days after gaining access through a phishing attack.

During that time, sensitive data, including names, contact details, Social Security numbers, and driver’s licence information, was accessed. Ransomware was later deployed, encrypting files across the company’s systems.

No ransomware group has publicly claimed responsibility. Gulshan stated it restored its systems using secure backups, suggesting the company opted for internal recovery rather than paying a ransom.

Spain Arrests 34 in Black Axe Cybercrime Crackdown

Spanish authorities have arrested 34 suspects linked to the cybercrime network known as Black Axe.

Investigators revealed the network was led by individuals of Nigerian origin and operated across several European countries. The arrests followed a coordinated operation supported by Europol and German law enforcement.

Police conducted raids in Madrid, Barcelona, Seville, and Malaga. Officers seized cash, electronic devices, vehicles, and froze more than €119,000 in linked bank accounts.

The group specialised in business email compromise scams, where attackers infiltrate legitimate company communications and alter payment details to redirect funds.

Authorities estimate the network caused losses exceeding six million dollars over 15 years. Four suspects remain in pretrial detention, and police confirmed the investigation is ongoing, with further arrests expected.

Malicious Chrome Extensions Expose Chat Histories of Nearly 900,000 Users

Security researchers discovered that two Chrome extensions, Chat GPT for Chrome with GPT-5 and AI Sidebar, secretly collected ChatGPT and DeepSeek conversations from almost 900,000 users. Both tools appeared legitimate, and one even earned a “Featured” badge on Google before it was removed.

Once installed, the extensions recorded every prompt and response. Users’ work-related ideas, proprietary source code, and personal queries were all captured without consent. Security experts warn that this highlights a big problem: while people trust AI platforms, third-party tools can quietly access highly sensitive information.

Authorities urged anyone who installed these extensions to immediately check their browsers and remove suspicious tools.

…

Most of today’s risks don’t come with warning bells but arrive disguised as routine, trusted, or familiar.

If you want these stories plus security tips delivered straight to your inbox, join our newsletter. 

And for a detailed look at how AI is transforming threats and defences, download our 2025 Threat Intelligence Report.