Nine months slipped by before Japanese authorities acknowledged that the national cybersecurity center had suffered a breach. The Financial Times, citing unnamed sources, reported that the attack originated from China. In August, Japan’s National Center for Incident Readiness and Cybersecurity Strategy, better known as NISC, confirmed a compromise involving the postal system. NISC first detected the intrusion in June, but according to the same sources, Chinese hacking groups had bypassed the center’s defenses as early as October 2022.
The incident led to the exposure of personal data for individuals who used the center via email, with sensitive information appearing on the network during the breach window. This development comes amid growing scrutiny of how government-linked cyber intrusions are detected and disclosed, and it underscores the multi-layered risks that public sector systems face when facing sophisticated threats. (Attribution: Financial Times)
Earlier reporting from Bleeping Computer noted a separate data leak affecting 2.6 million users of DuoLingo, a popular language-learning platform. According to those disclosures, DuoLingo user details surfaced on the dark web in January 2023. The compendium of data was reportedly sold for about $1,500 and included real names, usernames, and email addresses, highlighting how consumer credentials can become valuable on illicit markets. (Attribution: Bleeping Computer)
Another layer of concern emerged from revelations that a password-related vulnerability affected many Russians, with assertions that certain passwords could be cracked in minutes. While such claims emphasize the ease with which weak credentials can be exploited, they also serve as a reminder of the ongoing need for robust password hygiene, multi-factor authentication, and continuous security monitoring across both public and private sectors. (Attribution: News reports)