The attack involved manipulating Meta’s AI support tool into resetting account credentials without properly verifying identity.

In some cases, attackers were able to take over accounts linked to the Obama-era White House Instagram page, beauty retailer Sephora, and a senior U.S. Space Force official.

The accounts were not breached through Meta’s core systems. Instead, hackers targeted the chatbot’s decision-making process, using what cybersecurity experts describe as prompt injection techniques, combined with VPN tools to mimic the location of the account holder.

Once inside the recovery flow, attackers reportedly asked the AI to link new email addresses to targeted accounts. The chatbot then sent verification codes to those emails. After that step, password resets followed.

A security researcher familiar with the incident described how quickly access could be lost and regained. Jane Manchun Wong, a former Meta employee whose account was affected, said in a post on X: “Quite concerning,”.

She also reported repeated password reset attempts and a brief lockout before regaining access.

Posts on social media showed users discussing similar takeovers. Some said they were locked out without warning, while others complained about the lack of human support during recovery.

Meta confirmed the issue had been addressed. Andy Stone, a spokesperson for the company, said: “This issue has been resolved and we are securing impacted accounts,”. In a separate response, he said claims that world leaders’ accounts were compromised were “totally false”.

One of the affected accounts linked to the Obama-era White House page briefly posted content before being recovered, according to reports by 404 Media. The page has been inactive since 2017.

Meta introduced the Instagram AI support chatbot in March 2026. It was designed to handle account recovery and reduce reliance on human support, an area where users have long complained about delays and limited access.

However, the incident has drawn attention to the risks of giving automated systems control over sensitive actions. Security specialists say the problem lies in how these tools are authorised.

Brian Westnedge, vice president for alliances and partnerships at cybersecurity firm Red Sift, said: “This is a foundational architecture failure. The model was given privileged actions without privileged access controls.”

He added that the situation reveals the pressure on Meta, which has cut staff while investing heavily in artificial intelligence systems.

Cybersecurity experts have also warned that the issue is not limited to one company. Prompt injection attacks have appeared in other systems since the rise of AI chatbots after 2022.

Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, said: “The concern isn’t necessarily AI itself, but whether adequate safeguards exist around what the AI is authorised to do.”

Engin Kirda, a professor at Northeastern University, said attackers are now targeting systems rather than individuals. He noted: “In the past, people were targeted by scams. Now, we are seeing agents being targeted by scams.”

Meta shares fell by more than 5% after reports of the breach, as investors are concerned about the company’s AI spending plans, which are expected to reach up to $145 billion.

The company says it has secured affected accounts and patched the vulnerability. It has not provided further technical details on how the exploit was carried out.

The Corporate Affairs Commission (CAC) confirmed that it is currently reviewing a data breach incident that affected limited aspects of its information systems, signalling yet another test of resilience for Nigeria’s growing digital governance infrastructure.

In a statement issued on Wednesday, the Commission disclosed that it detected the intrusion and swiftly activated its internal response protocols.

It is now working with the National Information Technology Development Agency (NITDA) and other relevant stakeholders to assess the scope, origin, and potential impact of the breach.

While CAC maintained that the breach was contained and affected only parts of its systems, it did not specify the exact data accessed or the number of users potentially impacted, leaving critical questions around exposure and risk unanswered.

Users Advised to Take Immediate Action

In response to the data breach incident, the Corporate Affairs Commission has urged users of its portal to adopt precautionary measures, including updating login credentials, monitoring company records for unauthorised changes, and remaining vigilant against suspicious communications.

The advisory reflects growing concerns that compromised data, if accessed, could be exploited for phishing, identity theft, or corporate impersonation schemes targeting registered businesses.

Cybersecurity analysts warn that even limited access to a database as sensitive as CAC’s could expose critical corporate information, including details of directors, shareholders, and registered entities, potentially undermining trust in Nigeria’s business verification systems.

A Broader Pattern of Digital Vulnerabilities

The incident adds to a rising wave of cybersecurity threats affecting both public and private sector platforms in Nigeria, as more government services migrate online without commensurate investment in security infrastructure.

Experts note that the digitisation of public services, while improving efficiency and accessibility—has expanded the attack surface for cybercriminals, making agencies like CAC increasingly attractive targets.

The involvement of NITDA in the ongoing investigation underscores the national significance of the breach, particularly given CAC’s role as the central repository for millions of business records across the country.

Balancing Digital Growth with Cyber Resilience

Despite assurances that its services remain operational and additional safeguards have been deployed, the breach highlights a critical challenge facing Nigeria’s digital economy: how to scale innovation without compromising data integrity.

For stakeholders, the incident reinforces the need for stronger cybersecurity hygiene—from robust password management to continuous monitoring of digital assets.

For policymakers, it raises deeper questions about regulatory enforcement, institutional preparedness, and the urgency of building resilient digital systems capable of withstanding increasingly sophisticated cyber threats.

As investigations continue, the CAC has pledged to provide further updates—while reiterating its commitment to safeguarding the integrity of Nigeria’s corporate registry.

The attackers, believed to be linked to the ransomware gang known as Cl0p, have launched a large-scale email campaign directed at organisations running Oracle E-Business Suite. The system underpins critical functions such as finance, supply chain, and customer management, making it an attractive target for cybercriminals.

According to Google, the extortion emails have been arriving in high volumes and are being sent from hundreds of hijacked accounts. Some of these accounts were previously connected to FIN11, a financially motivated group associated with Cl0p. The messages threaten exposure of allegedly stolen data, with some demands reported to be as high as $50 million.

Cybersecurity firm Halcyon confirmed that certain emails contained screenshots and file directories as supposed evidence of the breach. Experts, however, caution that these materials may be fabricated or recycled from past attacks. “Google does not currently have sufficient evidence to definitively assess the veracity of these claims,” the company stated.

However, neither Google nor its security subsidiary, Mandiant, has found proof that Oracle’s software was compromised or that data theft actually occurred. No zero-day vulnerabilities have been confirmed. Oracle has yet to issue a public statement.

Experts note that even unverified claims can destabilise businesses, trigger panic, and tarnish reputations. Recent campaigns by ransomware groups show a change in tactics, using threats and psychological pressure instead of traditional file encryption.

Security experts advise organisations to closely monitor Oracle environments for unusual logins or credential misuse, strengthen phishing defences, and review their incident response strategies. Multi-factor authentication, they warn, is no longer optional but essential.

In a statement published on Monday, the company made it clear that the panic resulted from misinformation. “Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue,” Google wrote. “This is entirely false.”

The confusion arose after multiple outlets reported that users had been advised to reset their passwords due to a large-scale compromise.

Many Gmail account holders were surprised, having never received any such notification. The figure of 2.5 billion suggested the warning should have reached everyone, yet it did not.

Behind the rumours lies a smaller incident that occurred in June. Hackers linked to groups such as ShinyHunters and Scattered Spider breached a Salesforce database Google uses to manage advertiser contacts.

The attackers gained entry through social engineering, posing as IT staff before deploying malware.

The data they accessed included business names, contact details, and CRM notes, but no Gmail passwords, emails, or private content. Those affected were notified directly by early August.

While the Salesforce breach did not expose Gmail itself, it triggered a surge in phishing and impersonation attacks. Fraudsters have been exploiting the stolen information to send fake support emails and even make phone calls, a tactic known as “vishing.”

According to Google’s Threat Intelligence Group, phishing and vishing now account for 37% of successful account takeovers across its platforms.

The company stressed that its defences are robust, blocking the vast majority of threats. “While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users,” Google explained in its blog post.

Google also used the opportunity to encourage stronger digital habits. It recommends adopting passkeys, biometric-based alternatives to traditional passwords, and staying alert for suspicious emails or calls.

Although last week’s reports led some users to reset their Gmail credentials in fear of a breach, cybersecurity experts point out that regularly updating passwords is still good practice. The bigger lesson is the importance of clarity, panic spread quickly because a blog about phishing trends was mistaken for a global warning about Gmail itself.

Currently, Gmail users are not under the sweeping threat that headlines suggested. The risk is phishing, not a collapsed wall of Google’s email security.

A detailed review by cybersecurity firm Surfshark reveals that five major social media platforms, Meta’s Facebook and Instagram, TikTok, LinkedIn, and X (formerly Twitter), have together gotten fines amounting to €3.9 billion. Meta alone is responsible for nearly 70% of that figure.

The most eye-opening fine came in 2022, when Instagram was ordered to pay €405 million. The offence? Automatically setting business accounts created by children to public, exposing sensitive information without consent. 

Then came another blow in late 2024, Facebook was fined €251 million following a data breach that compromised the personal data of minors. These incidents make Meta the most penalised company under the GDPR framework.

TikTok hasn’t escaped this either. Its failure to properly handle children’s data has led to three separate fines, with the most recent one issued this year. 

Together, these penalties total €890 million. The platform allowed underage accounts to default to public failed to provide privacy policies in local languages like Dutch, and permitted adults to falsely register as legal guardians, without verifying their authority to do so.

LinkedIn and X have each received single fines, €310 million and €450,000 respectively. Platforms like YouTube, Snapchat, Pinterest, Reddit, and Threads have so far avoided penalties, but experts caution that this is not necessarily evidence of full compliance.

“The current enforcement efforts by data protection authorities are rather reactive, sometimes they are non-existent at all,” said Felix Mikolasch, a data protection lawyer at NOYB, a European privacy advocacy group. 

Over one-third of all GDPR fines issued to social platforms relate specifically to mishandling children’s data.

We see that the European Union is stepping up its enforcement of GDPR rules, particularly as digital platforms increasingly target younger audiences and collect vast amounts of personal information. 

Since Surfshark’s last report in October 2023, there has been a 30% jump in the total value of fines, driven by four new cases, two linked to Meta, one to LinkedIn, and another to TikTok.

Meanwhile, here in Nigeria, social media companies including Meta and TikTok operate freely, despite evidence of similar data practices. No major fines have been announced. The Nigeria Data Protection Commission (NDPC) has opted for a softer, compliance-first approach.

“Usually, when we investigate and find a breach, if they are ready to comply with the law, what is the point of making noise?” said the NDPC’s National Commissioner, Dr. Vincent Olatunji. “It’s only when an organisation is unwilling to comply with the law that we are forced to impose sanctions.”

Dr. Olatunji added that the Commission also considers the economic impact. Penalising foreign tech companies could send the wrong signals to investors. 

That rationale might explain why, despite operating under Nigeria’s Data Protection Act, which mirrors many of GDPR’s core principles, no social media platform has yet been held publicly accountable for breaches.

This raises a fundamental question which says can a model based on dialogue and remediation work where enforcement by example has already proven effective elsewhere?

Europe’s approach is that any company that breaks the rules pays the price. Nigeria’s model, however, leans heavily on trust, hoping compliance will come without punishment. 

Malicious apps, designed to look like everyday tools, have been quietly spying on activists, minority groups, and critics of the Chinese government.

This isn’t the typical data breach story we are used to. It’s deeper. Covert. Targeted. And deliberate.

In a joint advisory issued on Tuesday, the UK’s National Cyber Security Centre (NCSC), backed by GCHQ, revealed that two spyware software—BadBazaar and Moonshine—have been embedded inside Android apps that appear safe. 

These apps were carefully built to mirror popular tools like Telegram, WhatsApp, Adobe Acrobat, and even religious apps designed for Muslims and Buddhists.

These digital decoys were more than just annoying malware. They turned phones into portable surveillance devices—recording conversations, tracking movements, stealing photos, and reading private messages. And all of it happening without the user’s knowledge.

The spyware wasn’t scattered randomly across app stores. It had a purpose and targets.

The reports say the apps were used to zero in on Uyghur Muslims, Tibetans, Taiwanese independence activists, and supporters of Hong Kong’s pro-democracy movement and the Falun Gong spiritual group. Most of the targets live outside China, but their work or beliefs are seen by Beijing as threats to national stability.

Let’s not sugar-coat it—this is state-level digital stalking.

“These apps specifically target individuals internationally who are connected to topics that are considered by the Chinese state to pose a threat to its stability, with some designed to appeal directly to victims or imitate popular apps,” the NCSC stated.

The two spyware families seen on android apps have been previously dissected by cybersecurity outfits like Trend Micro, Lookout, and Volexity, as well as Citizen Lab, a nonprofit watchdog that has long tracked Chinese cyber activity.

BadBazaar, for instance, is known to have disguised itself as encrypted messengers and file-sharing apps. Moonshine, on the other hand, reportedly posed as a custom-built suite of tools tailored for certain targets, including Tibetans.

In total, over 100 Android apps were identified. The decoys included everything from prayer apps and language learning tools to document readers and chat platforms. One iOS app, TibetOne, even made its way to Apple’s App Store back in 2021.

Google and Apple have yet to comment publicly on whether the listed apps have been removed or how many users might have been affected.

The advisory reiterates that the tools we trust to communicate and organise can be twisted into weapons of surveillance.

The breach, which occurred between September 20 and 22, 2024, caused a week-long outage that disrupted the company’s website and app services. The breach was discovered on September 27, 2024.

The stolen data includes customers’ names, phone numbers, email addresses, dates of birth, and in some cases, Social Security numbers and government identification documents.

Added to this, postal addresses, bank account numbers, and MoneyGram Plus Rewards numbers were compromised. Transaction details, including dates and amounts, were also affected.

MoneyGram, which operates in over 200 countries and serves more than 50 million people annually, is still in the early stages of its investigation.

The company is working to identify the full scope of affected customers but has not disclosed the exact number impacted. A spokesperson for MoneyGram, Sydney Schoolfield, declined to provide further details beyond the company’s official statement.

In response to the breach, MoneyGram took steps to contain and remediate the issue, including taking certain systems offline, which temporarily impacted their services. They have launched an investigation with the help of external cybersecurity experts and are coordinating with law enforcement.

MoneyGram has already notified U.K. data protection regulators as required by law, noting the possible international implications of the breach. The company has advised affected customers to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring their credit reports.

The company has not yet revealed how the breach occurred but is continuing its investigation into the nature of the cyberattack.

The breach, which took place in February 2024, compromised sensitive data, including customers’ names, addresses, dates of birth, Social Security numbers, and account information.

This incident comes from a cyberattack on FBCS, a Pennsylvania-based debt collection agency that previously worked with Comcast but ceased operations for the telecom giant in 2020. 

Initially, FBCS assured Comcast that no customer data had been affected by the breach. However, a few months later, in July, the debt collection agency revised the notice, confirming that customer data had indeed been compromised.

The attack itself occurred between 14 and 26 February 2024, during which time cybercriminals gained access to FBCS’s systems. The attackers reportedly extracted large amounts of data and encrypted some systems in a ransomware effort. 

Comcast’s affected customers had registered around 2021, and the breach is tied to FBCS’s data retention practices, which goes beyond its working relationship with the telecom company.

While Comcast has confirmed the scope of the breach, the incident impacted more than just its subscribers. FBCS disclosed in an earlier filing that the attack had exposed the personal information of over 4.25 million individuals, affecting customers of various organisations. 

Among them are Truist Bank and CF Medical, both of which reported some breaches. CF Medical, for instance, saw the health information of more than 620,000 people stolen as part of the ransomware attack.

In light of the breach, Comcast has offered credit monitoring and identity protection services for a year to the affected customers. The company clarified that the security incident occurred entirely within FBCS’s systems and did not compromise its own platforms or those of its Xfinity services. 

However, FBCS has informed Comcast that due to its financial difficulties, it will be unable to provide additional support or protection services to individuals impacted by the attack.

Authorities are still investigating the full scope of the ransomware incident, but no major ransomware group has claimed responsibility for the attack so far. While Comcast continues to respond to the aftermath of the breach, the situation reiterates the risks companies face when relying on third-party providers for services, especially in data handling and security.

The percentage rises to one in three (34%) for companies surveyed in North America, with only 14% of firms globally reporting that no data breaches have occurred during the period.

Despite cyber attacks continuing to cost businesses millions of dollars, fewer than 40% of executives surveyed say they have fully mitigated cybersecurity risk exposure in a number of critical areas. This includes, enabling remote and hybrid work (38% say the cyber risk is fully mitigated); accelerated cloud adoption (35%); increased use of internet of things (34%); increased digitisation of supply chain (32%) and back office operations (31%).

For operations-focused executives surveyed, cybersecurity of the supply chain is a major concern.  Nine in ten expressed concern about their organization’s ability to withstand a cyber attack that disrupts their supply chain, with 56% extremely or very concerned.

Mandatory disclosure of cyber incidents is favored

Four in five organisations (79%) surveyed state that a comparable and consistent format for mandatory disclosure of cyber incidents is necessary to gain stakeholder confidence and trust. Three-quarters (76%) agree that increased reporting to investors will be a net benefit to the organisation and entire ecosystem. Further, the same percentage agree that governments should be expected to use the knowledge base from mandatory cyber attack disclosures to develop cyber defence techniques for the private sector. 

While there is a clear preference for mandatory disclosure of cyber incidents, fewer than half (42%) of executives surveyed are fully confident their organization can provide required information about a material/significant incident within the specified reporting period.  There is also a hesitance to share too much information – 70% said greater public information sharing and transparency poses a risk and could lead to a loss of competitive advantage.

Femi Osinubi, Risk Assurance Services Leader, PwC Nigeria said: “Data breaches are a pervasive threat in today’s digital world. As cyber threats continue to increase in frequency and sophistication, a holistic approach to cybersecurity has become a top priority for C-suites and boards. Companies are strengthening their cyber defenses and regulators are applying pressure to improve cyber resilience and build public trust. It’s clear from our survey that a higher level of public-private collaboration is needed to address the increasingly complex cyber threat landscape  – companies are calling for increased information sharing and transparency as well as a consistent format for mandatory disclosure of cyber incidents.”

Most organizations are increasing cyber budgets

The majority of executives surveyed said their organizations are continuing to increase their cyber budgets – 69% said the budget increased in 2022 and 65% plan to spend more on cyber in 2023.  Increasing budgets reflect the fact that cybersecurity tops the agenda for resilience planning.  According to the survey, a catastrophic cyber attack ranks higher than global recession or another health crisis for organizations’ resilience planning.

Concern with cyber extends to the top of organizations.  Most CEOs surveyed are planning to ramp up action to address cybersecurity in the coming year – 52% said they will drive major initiatives to improve their organisation’s cyber posture.  Many CFOs surveyed are also planning to increase  their cyber focus, including cyber technology solutions (39%), focus on strategy and coordination with engineering/operations (37%) and upskilling and hiring of cyber talent (36%)

It’s not hard to see why cyber continues to move up the corporate agenda. The cost of cyber breaches goes much further than direct financial costs, according to marketing-oriented execs surveyed. The range of harm organizations have experienced due to a cyber breach or data privacy incident over the past 3 years include loss of customers (cited by 27%), loss of customer data (25%) and reputational or brand damage (23%)  

Femi Osinubi concluded: “Despite all the progress that organizations have made in improving their cybersecurity programs, our survey shows there is a lot more to do. There are three things that need to be put in place to keep pace with digital transformation and help build public trust: a strategic risk management program, continuity and contingency planning, and clear, consistent external reporting.”

The Kaspersky Employee Wellbeing 2021 report on employee information leakage shows that 36% of respondents from the META region alluded to this.  At the same time, staff may lack basic cybersecurity knowledge to protect themselves as only 38% of businesses offer IT security training.

A successful corporate cyber-defense is impossible without employees at all levels joining forces. Technology is important to prevent cyberattacks but human factors still play a crucial role, being tied to 85% of incidents.

Kaspersky’s global survey of IT business decision-makers provides insights into how well organisations and workers collaborate and protect themselves, their clients and each other.

Despite high-profile cases of data breaches being mainly associated with stealing customer information, personal employee data is very popular with cybercriminals as well.

In 2021, more than a third (33%) of organisations weren’t able to provide complete security of their workers’ data and faced incidents involving this type of information.

The fact that 36% of affected organisations haven’t disclosed a breach of personal employee data publicly is a sign that the problem is bigger than it seems.

As for the rest, 57% have shared information about an incident proactively and 8% did so after it has been leaked to the media. This shows that this type of leak is the least frequently disclosed, compared to corporate or customer data breaches.

“When an organisation faces a cyber-incident, correct crisis communications are no less important than response and recovery actions. There are ever-present risks of data breaches, and businesses should acknowledge that proactive disclosure is preferable to an exposé in the press,” comments Evgeniya Naumova, executive vice president, Corporate Business, at Kaspersky. “Appropriate, accurate, and timely communications however, not only minimise the potential reputational damage but can also greatly mitigate direct financial losses.

“To avoid panic or confusion, a company needs to consider developing a clear crisis plan and train employees in advance.

“Corporate communications professionals and IT security teams should collaborate to exchange information on cybersecurity insights and determine guides, tools, channels, and language that might be helpful to accurately handle both internal and external communications in case of an emergency,” she continues.

Lack of external knowledge about potential cybersecurity incidents is not usually mitigated by internal efforts.

According to the research, only 38% of organisations have already implemented security education and training to ensure that employees are provided with crucial information.

In addition, more than seven in ten (76%) of those companies have experienced at least one issue relating to the quality of these services.

This includes dissatisfaction with the high complexity of courses and a lack of support or expertise on the part of the training provider.

Employees that had not been provided with basic knowledge about the importance of protective measures, can’t be expected to follow the rules.

In 2021, compliance of staff and dealing with insufficient end-user security culture is one of the top three biggest concerns for businesses when it comes to IT security – 38% of respondents cited it among the most alarming issues.

In practice, companies regularly face informational security infringements (50%), inappropriate IT resource use (53%), and improper sharing of data via mobile devices (50%).

Breach prevention requires concerted action by everyone who interacts with a corporate system and could be a potential target for attackers.

To better secure employees, companies should combine reliable protective measures with maintaining security awareness among their teams