On Saturday, a user turned to a low-level hacking forum to leak the personal information of hundreds of millions of Facebook users, free of cost. The sensitive credentials that have been exploited included personal data of over 533 million Facebook users from 106 countries – around 32 million users from the US, 11 million from the UK, and around 6 million from India. Leaked data includes users’ full names, their date of birth, address location, phone numbers, Facebook IDs, bios, and in certain instances email addresses also. 

Alon Gal, a CTO of cybercrime intelligence firm Hudson Rock, analyzed the breach on Saturday and informed about this event on Twitter. Alon Gal is also known for his last research finding that was appeared as the same leaked database previously became accessible via a Telegram bot in January. 

While back then, the situation was different. The hacker who was behind the Telegram bot leaked database was selling the hacked credentials to those clients who were ready to pay for the information, but this time the difference is that that all this leaked data of more than 533 million people is available for everyone for free in a low-level hacking forum. 

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Alon Gal stated. 

The incident is not foreign to Facebook, which is indeed a popular platform in the arena of cyberattacks. Before this cyberattack, the platform had already experienced data breaches multiple times, notably so. 

The vulnerability that had been spotted in 2019 exposed sensitive information of millions of Facebook users including their phone numbers to be scraped from Facebook's servers in contravention of its terms of service. Back then, Facebook officially stated that the vulnerability was patched in August 2019. Additionally, Facebook vowed to eliminate mass data-scraping after Cambridge Analytica scraped over 80 million users’ data in violation of Facebook's terms of service to target voters with political ads in the 2016 election.

In a recent cybersecurity incident, an attacker hacked down a vaccine marketplace that was running on the dark web. The attacker then placed fake orders, cancelled them after making a refund in Bitcoins worth $752,000, a report released on Thursday says.  As per a blog on the market's forum, the attacker managed to find a way to make fake orders, which he cancelled immediately using the seller account of the trader, and immediately made the refunds in the wild, which was withdrawn in an instant. 

Checkpoint research says the method allowed a hacker to make 13 Bitcoins (BTC), an amount equal to $752,000. Currently, the vaccine marketplace on the dark web which was selling these products is down because of the hack.  But, the attack hasn't put a stop to the sale of Covid-19 relief products on the dark internet. Following the marketplace shutdown, another hacking forum was framed using the same address, offering various ads along with Covid-19 vaccines (documents included) and that too on heavy discounts for promotional purposes.  

Cybersecurity experts recently found out that fake Covid-19 vaccine certificates and duplicate Covid-19 test results were being sold on dark internet and hacking platforms for amount as low as Rs 1800 ($25) and up to Rs 18,000 ($250) for people that are looking to book flights, travel across borders, finding a new job or attending a function.  If an interested user wants to get these 'fake certificates,' he can simply obtain them by sending their details and money to the seller on the dark web, the seller will then e-mails back the forged documents for $250. 

Research from Checkpoint revealed that fake negative Covid-19 test results are available on the dark web for a mere amount of $25.  Covid-19 vaccine ads on the darknet have had a 3 fold increase since the last three months. The selling forums on the dark internet are based from European countries like Spain, Russia, France, and Germany. According to experts, "The vaccines advertised include Oxford-AstraZeneca (at $500), Johnson & Johnson ($600), the Russian Sputnik vaccine ($600) and the Chinese SINOPHARM vaccine." Checkpoint research says, "as a result, the marketplace is down completely since, and at this point of time is yet to be restored online."

Insider trading can be done more effectively now than ever before, due to a great extent to the continuing proliferation of encrypted and anonymous messaging services, and the presence of dark web and underground networks that permit threat actors to discover co-conspirators and speak with them. Verifiably, few dark web forums catered to the trafficking of non-public corporate data; presently, updated technology takes into account these endeavors to be conducted with a lot more prominent operational security. 

Monetarily inspired threat actors or displeased employees would now be able to trade data away from the prying eyes of law enforcement and security researchers, permitting only vetted individuals to access sensitive information being given by insiders. 

Moreover, the clearnet is host to many market trading enthusiast groups, on places like Reddit and Discord. These groups range in size from thousands to millions of clients. Insikt Group found "stock signals" services, giving paid clients tips on which trades to make dependent on the proposal of “analysts”. Given that the root of the data is muddled, the unregulated nature of these services and the utilization of unknown messaging services is concerning. 

One of the verifiably significant sites had been The Stock Insiders, a Tor-based site, active from April 2016 until August 2018. As the name proposes, the site was made with the goal of having a community of clients with insider access at publicly traded companies who would impart it to different clients to advise the stock trades of the larger group. The site has for quite some time been inactive, the administrator isn't responsive to private messages, and there have not been any updates to the main page since early 2018. The explanation that operations stopped has not been clarified however it doesn't seem, by all accounts, to be the consequence of a law enforcement takedown since the website is still technically up. 

While the site is no longer active, it actually gives an instructive perspective on how its operations were done. The Stock Insiders has a couple of visible posts instructing clients about how to enlist an account and listing out the requirements for full membership.

Smishing is a cyber assault that utilizes SMS text messages to delude its victims into giving sensitive data to a cybercriminal. Sensitive data incorporates your account name and password, name, banking account, or credit card numbers. The cybercriminal may likewise implant a short URL link into the text message, inviting the client to tap on the link which in most cases is a redirect to a pernicious site. Smishing is identified with two other 'smishing' cyber assaults, phishing and vishing. 

Cybercriminals today are essentially inspired by monetary benefit. They create code intended to obfuscate your sensitive data for benefit. At the point when they acquire this information, they may hope to sell your compromised credit card or credentials on the dark web. They may likewise utilize sensitive information to open an account in your name or hold your information ransom in exchange for a large pay-out. 

Back in May 2018, Fifth Third Bank clients were the targets of a smishing assault. The assailants claimed to represent Fifth Third Bank. They contrived a plan to caution clients that their accounts were locked. Within the body of the text message, they gave a link to the clients to open their accounts. The link took the clueless client to a phony webpage that seemed to be like Fifth Third's genuine site. The phishing site prompted the visitors to enter their user name and password, one-time code, and PIN codes to open their account. The cybercriminals then utilized the stolen account data to expunge almost $68,000 from 17 ATMs across three states. 

Some of the ways to prevent smishing attacks are: 

• Try not to react to text messages that demand private or monetary data from you. 

• On the off chance that you get a message that has all the earmarks of being from your bank, financial institution, or other entity that you work with, contact that business directly to decide whether they sent you a genuine solicitation. Review this entity’s policy on sending text messages to clients. 

• On the off chance that a text message is encouraging you to act or react rapidly, pause and consider the big picture. Recall that crooks utilize this as a strategy to get you to do what they need. 

• Never reply to a dubious text message without doing your research and checking the source.

WeLeakInfo.com was an information breach notification service that was permitting its clients to check if their credentials have been compromised in information breaches. The service was guaranteeing a database of more than 12 billion records from over 10,000 data breaches. In mid-2020, a joint operation directed by the FBI in coordination with the UK NCA, the Netherlands National uPolice Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland resulted in the seizure of the WeLeakInfo.com domain. 

The U.S. Department of Justice in January declared that it seized weleakinfo.com, which existed since 2017. The site sold different subscription levels, making it workable for scammers to access and look through the database. Two 22-year old men,, one in the Netherlands and the other in Northern Ireland, were arrested in connection with running the site, as per the Dutch media source Nu.nl. 

The site additionally vowed to alert members if their own data was stolen and uploaded to the database, with a feature called “Asset Monitoring.” “Get notified when your information is detected in a data breach,” the sales pitch said, according to an archived version of the homepage. “Stay one step ahead of hackers.” 

Weleakinfo, and other sites like it, basically work as a noxious variant of HaveIBeenPwned, a database where guests can check if their data has been compromised. HaveIBeenPwned permits clients to decide whether an email address has been included for different information breaches. 

Security specialists from Cyble saw that a member from a hacking forum professed to have registered in one of the domains of WeLeakInfo,, wli.design, which was enlisted again on March 11 2021. At that point, the actor made an email address for the domain and utilized it to get to the account of the cybercrime group registered on the payment service Stripe. The admittance to the Stripe account permitted the actor to get to clients' details, including email, address, partial card details, and purchase history. 

“The WeLeakInfo operators allegedly used the domain’s email address for payments via Stripe, the actor claimed. The actor claimed to have registered the domain and then created an email address on the registered domain used in their Stripe account gaining access to WeLeakInfo customers details.” reads the post published by Cyble.

Brave is an open-source web browser built on a Chromium web browser created by Brave Software, Inc. It restricts advertisements and website trackers and supplies users with a way to submit cryptocurrency donations to websites and developers of content in the form of simple tokens. 

Introduced in June 2018, Brave's Tor mode has enabled Brave users to gain anonymity when browsing the internet, encouraging them to have access to the .onion versions of legal websites such as Facebook, Wikipedia, and key news portals over the years. However, an unnamed security researcher reported in the research article, that Brave's Tor mode had sent queries to DNS resolvers rather than Tor nodes on the open Network. DNS requests are non-encrypted so that attempts to access .onion sites in Brave can be monitored using the Tor functionality, which is directly contradictory to the goal of this platform at first. 

The aforementioned DNS leak poses great dangers when all leaks build footprints on the Tor traffic of Brave users in DNS server logs. The risk is important. While in some Western states with stable democracy it might not be troublesome, it may be a concern for certain browser users to browse Brave's Tor websites from the authoritarian regimes. 

This problem seems to be the product of the browser's CNAME ad-block feature, which blocks third-party monitoring scripts using CNAME DNS for first-party scripts and prevents traffic blocker detection. This allows a website to cloak third-party scripts using primary domain's- sub-domains that are then immediately routed into a monitoring domain. 

Over the last three years, the organization has worked to develop today, second only to Tor Browser, one of the most privacy-driven Web browser solutions available. 

A Brave developer has stated after the release that the browser provided a hotfix on the problem. The problem is already solved on the night of the development of the browser. 

“Since it’s now public we’re uplifting the fix to a stable hotfix. Root cause is regression from CNAME- based adblocking which used a separate DNS query.” He further added. 

Oxfam Australia is a secular association which is focused on development and assistance, it is an autonomous organization that operates within the broader framework of Oxfam Umbrella to eradicate poverty across Australia, Asia, Africa, and the Middle East.

However, in the case of Valid CC, experts believe that the store attacked and hacked hundreds of e-commerce merchants. The hackers seeded websites with hidden card skimming codes that stole personal information and payment credentials when a customer went through the checkout stage.   Group-IB, a Russian based cybersecurity firm, had published a report last year where it briefed about the operations of Valid CC, highlighting that Valid CC was responsible for hacking around 700 e-commerce stores. Besides this, Group IB identified another group "UltraRank" responsible for attacking additional 13 third-party suppliers that offered software components to these online stores spread across Europe, America, and Asia.  

Experts believe that UltraRank orchestrated a series of cyberattacks, which were earlier attributed to three different cybercrime groups by cybersecurity firms. "Over five years….UltraRank changed its infrastructure and malicious code on numerous occasions, as a result of which cybersecurity experts would wrongly attribute its attacks to other threat actors,” said Group-IB. It adds, “UltraRank combined attacks on single targets with supply chain attacks.” Valid CC's muscle man on various platforms- a hacker who goes by the handle of SPR, notified customers that the shop would be shut down from 28 January, following a law enforcement operation that sealed Valid CC's operations. 

According to SPR, Valid CC lost access to more than 600,000 unsold payment card accounts, a very heavy blow to the store's inventory.  As a result, Valid CC lost its proxy and destination servers, and now it can't open and decrypt the back-end, says SPR.  Group-IB reports, "the store’s official representative on underground forums is a user with the nickname SPR. In many posts, SPR claims that the card data sold in the ValidCC store was obtained using JS sniffers. Most of SPR’s posts are written in English, however, SPR often switches to Russian, while communicating with customers. This might indicate that ValidCC is probably managed by a Russian speaker."  

The company informed its patrons by sending them a notice concerning a data breach that the company has become a victim of. AnyVan later disclosed that they discovered this incident on the 31st of December 2020 and they also mentioned the reason as to, “why they're being informed so late?” 

AnyVan in regards to the aforementioned incident stated that “This leaking of data came to our attention on the 31st December, but we understand the incident itself occurred at the end of September. As soon as the incident came to our attention, our specialist IT team investigated it and have since taken the following remedial action: all passwords have been changed."

According to the notice and statements given by the company, patrons' names, email and a cryptographic hash of their passwords have been accessed and probably displayed on the dark web by the actors. Seemingly, no other sensitive information was compromised. Further, they added that an investigation of the incident continues. however, all this came only after the actors had ample time to exploit user’s data and information. The estimate reflects that around 4.1 million users are being affected due to this data breach. AnyVan never even reached out to the ICO (Information Commissioner’s Office), which was an important step as its users' confidential data was compromised.

As a precautionary measure, the company advised its patrons to update their password and other personal details for the accounts, they use on AnyVan. They alarmed them not to share unwittingly any other piece of information or personal detail to anyone. Moreover, the company apologized for this data breach of the personal information suffered by its users and said that they are very sorry for the inconvenience caused.

The Central Criminal Investigation Department in the German city of Oldenburg arrested an Australian resident who is the alleged operator of DarkMarket, close to the German-Danish border over the weekend. The investigation, which was driven by the cybercrime unit of the Koblenz Public Prosecutor's Office, permitted officials to find and close the marketplace, switch off the servers and hold onto the criminal framework – over 20 servers in Moldova and Ukraine upheld by the German Federal Criminal Police Office (BKA). The stored information will give investigators new prompts to further investigate moderators, sellers, and buyers.

Before its closure, DarkMarket facilitated near 500,000 clients and had encouraged more than 320,000 transactions, as indicated by Europol. The dark web marketplace exchanged everything from drugs and counterfeit cash to stolen Mastercard details and malware. As per Europol's estimate, the site exchanged what might be compared to €140 million in today’s money, in a blend of bitcoin and monero. European authorities intend to utilize held onto DarkMarket servers from Ukraine and Moldova to investigate the buyers and dealers who utilized the site for criminal transactions.

DarkMarket's bust was not the first for German authorities, which have discovered illegal platform operators on German soil lately. In 2019, Koblenz prosecutors declared the disclosure of darknet servers facilitated from a previous NATO bunker in a lethargic German town. Authorities state the probe that revealed DarkMarket included a months-in length international law enforcement operation. US agencies like the FBI, DEA narcotics law enforcement division, and IRS tax authority all added to the investigation, alongside police from Australia, Britain, Denmark, Switzerland, Ukraine, and Moldova, with Europol playing a "coordinating role." 

DarkMarket is the most recent dark web marketplace taken down since the Silk Road bust back in 2015 — in recent years, international law enforcement operations had additionally brought down AlphaBay and Wall Street Market, which were likewise used to sell drugs and other illegal products.

The hacker behind the sale has stolen a whopping total of 368.8 million user records majorly from companies that previously reported 'Data Breach', however, seven new companies that joined the list were – Sitepoint.com, Anyvan.com, MyON.com, Teespring.com, Eventials.com, ClickIndia.com, and Wahoofitness.com.

Dark Web and Hacking Forums keep making headlines for their notorious relationship with data brokers and hackers who extensively use these platforms to leak or sell databases containing user information/credentials/records acquired during data breaches of various companies worldwide who later confirm the breaches. However, in the aforementioned case, only MyON and Chqbook have confirmed the data breaches, the other six companies have not given any statement confirming that they have experienced a data breach.

In a conversation with BleepingComputer, while confirming that their networks were compromised, MyON.com said, "In July 2020 we were made aware of a bad actor trying to sell portions of our data on the dark web. We immediately began investigating to shut down any continued threats to our data or the data of our customers. We were then able to confirm that according to federal and state privacy laws, no confidential student or customer data was compromised, and this incident did not rise to the level of an actual breach of student private data."  

Whereas, while denying the claims of a data breach, Chqbook.com emailed BleepingComputer, saying, "There has been no data breach and no information belonging to our customers has been compromised. Data security is a key priority area for us and we conduct periodic security audits to ensure the safety of our customers’ information,"  

The companies that fell prey to the data breach are as follows: MyON.com (13 million), Singlesnet.com (16 million), Teespring.com (8.2 million), ModaOperandi.com (1.2 million), Chqbook.com (1 million), Pizap.com (60 million), Anyvan.com (4.1 million), Fotolog.com (33 million), Eventials.com (1.4 million), Wahoofitness.com (1.7 million), Reverbnation.com (7.8 million), Sitepoint.com (1 million), Netlog.com (53 million), Clickindia.com (8 million), Cermati.com (2.9 million), Juspay.in (100 million), Everything5pounds.com (2.9 million), Knockcrm.com (6 million), Accuradio.com (2.2 million), Mindful.org (1.7 million), Geekie.com.br (8.1 million), Bigbasket.com (20 million), Wognai.com (4.3 million), Reddoorz.com (5.8 million), Wedmegood.com (1.3 million), Hybris.com (4 million). 

Users who happen to be a part of any of the abovementioned websites are strongly advised to update their passwords, preferably something unusual and strong enough to thwart a brute-force attack.

Global police agencies have confiscated over $6.5m both in cash and virtual currencies, 64 firearms, and 1,100 pounds of drugs - arresting 179 vendors across 6 countries including the U.S and Europe in one of the biggest raid on dark web marketplaces. The international sting operation saw considerable co-operation from Law enforcement agencies all over the world including the US, UK, Germany, Europe, Canada, Europe, Sweden, Austria, and the Netherlands.

The 500kg of drugs recovered by investigators during the operation included fentanyl, methamphetamine, oxycodone, ecstasy, cocaine, hydrocodone, MDMA, and several other medicines containing addictive substances, as per the findings.

The authorities dubbed the global sting operation as 'DisrupTor' and while announcing it, they claimed in a press release that the "golden age of the dark web marketplace is over." The roots of the operation go back to May 3, 2019; the day German authorities seized the dark web drug market, "Wallstreet market" and arrested its operators.

"Operations such as these highlight the capability of law enforcement to counter encryption and anonymity of dark web market places. Police no longer only take down such illegal marketplaces – they also chase down the criminals buying and selling illegal goods through such sites." The press release further read.

According to the Justice Department, it was the largest international law enforcement operation that targeted opioid traffickers on the dark web. The investigation witnessed an extensive range of investigators ranging from the FBI, ICE, DEA, Customs and Border Protection (CBP), to the Defense Department.

Commenting on the success of the operation, the head of Europol’s European Cybercrime Centre (EC3), Edvardas Šileris said, “Law enforcement is most effective when working together, and today’s announcement sends a strong message to criminals selling or buying illicit goods on the dark web: the hidden internet is no longer hidden, and your anonymous activity is not anonymous. Law enforcement is committed to tracking down criminals, no matter where they operate – be it on the streets or behind a computer screen.”

“With the spike in opioid-related overdose deaths during the Covid-19 pandemic, we recognize that today’s announcement is important and timely,” said Christopher Wray, FBI director. “The FBI wants to assure the American public, and the world, that we are committed to identifying dark net drug dealers and bringing them to justice.” He further added.

On June 22, a message appeared on the Darknet about the sale of a database of clients of the largest Russian banks. The seller did not specify how many records he has on hand but assured that he is ready to upload 5 thousand lines of information per week.

One of the Russian Newspapers had a screenshot of a test fragment of the Alfa-Bank database, which contains 64 lines. Each of them has the full name, city of residence, mobile phone number of the citizen, as well as the account balance and document renewal date.

A newspaper managed to reach up to six clients using these numbers. Two of them confirmed that they have an account with Alfa-Bank and confirmed the relevance of the balance.

Alfa-Bank confirmed that they know about the data leak of several dozen clients.
The seller of Alfa-Bank's database said that he also has confidential information of clients of other credit organizations.

"I can sell a database of VTB clients with a balance of 500 thousand rubles or more with an update from July 17 for 100 rubles per entry," claimed the seller. However, the Russian newspaper was not able to get test fragments of these databases.

The newspaper also contacted two other sellers who offered information about users of Gazprombank, VTB, Pochta Bank, Promsvyazbank, and Home Credit Bank.
Information about the account balance is classified as a Bank secret. Knowing such confidential details makes it easier for attackers to steal money using social engineering techniques.

"There are two ways to get bases on the black market. One of them is the leak of data by an insider from a Bank or company. The second option is through remote banking vulnerabilities," said Ashot Hovhannisyan, founder of the DLBI leak intelligence service.
According to him, the reason for the ongoing leaks is inefficient investments in security. Companies often protect their systems from hacking from outside, but not from insiders.