Security Issues Reported in EU Age-Verification App and Multiple Data Breaches

EU App Vulnerabilities Exposed A security consultant reported finding security issues in the EU's new age-verification app, enabling access in less than two minutes, according to Politico.

The issues involve the storage of a user-created PIN, which could allow an attacker to take over a user's profile. A whitehat hacker confirmed the vulnerability to Politico. The consultant concluded, “This product will be the catalyst for an enormous breach at some point. It's just a matter of time.”

Data

Breaches at Gym Chain and Hotel Company Europe's largest gym chain, Basic-Fit, confirmed a data breach on Monday, affecting bank details of approximately one million customers.

The breach impacted around 200,000 members in the Netherlands, along with customers in Belgium, France, Germany, Luxembourg, and Spain. Stolen data included names, home and email addresses, phone numbers, and dates of birth, but no passwords were compromised as the company does not store them.

com confirmed suspicious activity that may have led to the extraction of customer data, including names, email addresses, phone numbers, and booking details.

The company stated it took action to contain the issue and noted that no financial information was lost. Company notices posted by purported customers on Reddit appear to disclose a breach touching on “anything” the users “may have shared with the accommodation.”

DDoS Attack on Social Media Platform Social media platform Bluesky experienced intermittent failures on Thursday due to a distributed denial-of-service attack, as confirmed by the company.

The attack began around 8:40 pm ET on April 15 and affected feeds, notifications, and search. No evidence of unauthorized access to user data was reported. The outages impacted Bluesky's infrastructure but not independent communities running on the same protocol.

A community reported a significant spike in migration requests following the incident. Bluesky's status page indicated full operational status by Friday afternoon.

Cryptocurrency

Exchange Hack Russian cryptocurrency exchange Grinex announced on Thursday that it would suspend operations after a breach resulting in the theft of more than a billion rubles, equivalent to over $13 million in user funds.

The exchange attributed the attack to special services of a foreign country, citing digital traces and the nature of the attack. Grinex, which was sanctioned by U.S. financial authorities, succeeded another sanctioned exchange and was reported to aid sanctions evasion.

A crypto-tracing firm indicated it was likely created by the same owners and inherited funds and customers. No public evidence was provided to support the claim of state-sponsored involvement.