Search This Blog

Showing posts with label Data Breach. Show all posts

Wishbone Breach: Hacker Leaks Personal Data of 40 Million Users


Personal data of 40 million users registered on Wishbone has been published online by hackers, it included user details like usernames, contact numbers, email addresses, Facebook and Twitter access tokens, DOBs, location, gender, and MD5 hashed passwords. Researchers have confirmed the authenticity of the data that has found to be accurate – belonging to the users who have used the app. It could be used by attackers to carry out various malicious activities such as phishing campaigns, identify thefts, credential stuffing attacks, and account takeovers.

Wishbone is a mobile survey app that provides users a social platform to compare social content, the app hasn't disclosed its total user count in recent times, Wishbone has been enlisted as one of top 50 most popular social networking apps in iOS App Store for years now, also making it to the top 10 in its prime.

This breach came as the second-largest security incident in the last three years for the app, earlier in 2017, hackers breached around 2.2 million email addresses and 287,000 phone numbers. It mainly contained kids' personal details. However, the recent breach mainly consists of numbers belonging to young women.

According to the reports, the database was circulating secretly since March, it has been put up for sale on dark web forums for thousands of dollars. Later, 'ShinyHunters', a dark web trader who allegedly leaked the data, stated that they will be publishing the data for free after individuals began reselling it.

While commenting on the matter, senior vice president of data security specialists comforte AG, Mark Bower said, “It looks like security and privacy have been an afterthought, not a matter of culture and software development process. If the passwords are hashed with MD5, then the users affected should be immediately making sure their ID’s and passwords aren’t used elsewhere with the same password. MD5 is a goner as far as security is concerned but used by mistaken developers unfamiliar with its security risks or using older code libraries using MD5. Hashed MD5 passwords aren’t difficult to brute force. The bigger issue here is the personal data though – so now attackers have a bunch more data for social engineering.”

Security experts have recommended Wishbone users to update or change their passwords and stay wary of any suspicious activity in their account.

The database of Russian car owners is sold for bitcoins


According to the description of the database, it contains 129 million leads obtained from the traffic police register. This is information about vehicles registered in Russia: the place of registration, make and model of the car, date of initial and last registration.

An employee of the car-sharing company whose vehicle data is contained in the registry confirmed the authenticity of the data.
Moreover, cybersecurity experts have already verified the authenticity of the documents. They also noted that this database was most likely stolen from the traffic police or insurance companies.

"Most often leaks occur in the traffic police and insurance companies", said Ashot Hovhannisyan, founder and technical director of DeviceLock, said that the database of motorists is regularly sold on the Darknet.

According to him, now this database is unique, as it contains information about the initial registration of cars since the 1990s.
For an additional fee, sellers offer to provide personal data of car owners, including last name, first name and patronymic, address, date of birth, passport number, and contact information. They also sell the TIN of legal entities where the car is registered.

The full version of the database with all data costs 0.3 bitcoin (approximately $2.8 thousand). 1.5 bitcoins (about $14 thousand) will cost the transfer to exclusive use.

Mikhail Firsov, Technical Director of Information Security Systems, believes that companies that buy such databases can use them to conduct illegal financial transactions, execute transactions, and fake legal documents.

Earlier, E Hacking News reported about the sale of data of 9 million customers of the Express transportation service CDEK in the Darknet. This is the largest leak of personal data in Russian delivery services.

Data of 9 million customers of the Russian courier service CDEK leaked


Data belonging to nine million customers of the CDEC Express transportation service was put up for sale on the Web for 70 thousand rubles ($950). This is the largest leak of personal data in Russian delivery services

Telegram channel In4security noticed that the database contains information about the delivery and location of goods and information about buyers, including Tax Identification Numbers. The seller of the database sent the author of the Telegram channel screenshots dated May 8, 2020. This indicates that the databases are fresh.

The CDEC claims that there was no data leak from the company. As the representative of the service stressed, personal data is collected by many companies, including state aggregators, the leak could have occurred on any of these resources.

Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch Group of Companies, said that this is the largest leak of personal data from Russian delivery services. He notes that the information of CDEC users is not leaked for the first time: previously, customers of the delivery service complained that personal data of other people is visible on the company's website due to vulnerabilities.

Head of Security Department of SearchInform Alex Drozd warned that after leaks there are always calls from scammers. They call the victim and introduce themselves as company employees and try to find out information about billing information.

The interest of fraudsters in the data of courier services may be associated with an increase in demand for their services during the coronavirus pandemic and self-isolation.
The company also recalled that recently, cases of detection of fraudulent sites that act on behalf of CDEC have become more frequent.

It should be noted that in recent weeks, there has been an increase in phishing sites: online cinemas, online stores, training courses, legal advice, government portals.  Earlier, E Hacking News reported that Russia has bypassed the USA in hosting for phishing resources.

'ShinyHunters', a Hacker Group Selling Databases of 10 Organization on the Dark Web for $18,000


A group of hackers has put the user databases of 10 companies for sale on the dark web, a part of the internet world that requires specialized software to be accessed, it isn't normally visible to search engines. 

The group that is selling more than 73.2 million user records goes by the name of 'Shinyhunters' and was reportedly behind the breach of Indonesia's biggest online store, Tokopedia. Notably, it's the success of Tokopedia's breach that has encouraged the hackers to steal and sell data from various organizations including Zoosk (online dating app, 30 million records), Minted (online marketplace, 5 million records), Chatbooks (Printing service, 15 million records), Mindful (Health magazine, 2 million records), Bhinneka (Indonesia online store, 1.2 million records), Home Chef (Food delivery service, 8 million records) and others. The samples of the aforementioned stolen records have been shared by the hackers; security experts have verified the same to confirm the authenticity of most of the databases that are being sold separately by the hackers for almost $18,000. However, the legitimacy of some of the enlisted user records is yet to be proved. Despite the ambiguity and confusion, ShinyHunters seems to be a well-founded threat actor as per community sources. 

In the last week's breach targeting Tokopedia, initially, hackers published 15 million user records for free, however, later on, the organization's full database containing around 91 million records was put on sale for $5,000. 

Allegedly the hacker group has also been involved in the data breach of a very popular Facebook-funded education initiative, Unacademy, the breach affected a total of 22 million user records. 

Reports indicate that the data posted by hackers contain authentic databases that could lead to serious concerns for all the affected organizations, although there are limited insights available about ShinyHunters, the modus-operandi of the hacker group resembles that of Gnosticplayers, a computing hacking group that made headlines for selling stolen data of the dark web with its latest victim being Zynga Inc, a mobile social game company.

Canada Cybersecurity: Health Care Industry Battles Cyberattacks as Experts Call-in Federal Support


Canada's hospitals and clinics are suffering massive cyber threats as the cyberattacks targeting the Canadian healthcare industry saw a sudden rise in number.

Researchers reported that the health-care sector is the most targeted sector in Canada amounting to a total of 48% of all security breaches in the country. Digital security of hospitals in Canada is being exposed to heavy risk as the growing number of data-breach incidents imply how the healthcare industry has become the new favorite of cybercriminals.

The issue has gained widespread attention that led to calls for imposing national cybersecurity standards on the healthcare industry. In order to tackle the problem effectively and protect the privacy of their patients, the institutions are required to update their cybersecurity arsenal for which the federal government's involvement is deemed necessary by the experts.

While commenting on the matter, Paul-Émile Cloutier, the president and CEO of HealthcareCAN, said: "My biggest disappointment at this moment is that it seems that anything that has to do with the health sector and cybersecurity is falling between the cracks at the federal level."

Cybersecurity experts expressed their concern in regard and put into perspective the current inability of the Canadian health system to cope up with the increasing risk.

Experts believe that information regarding a person's health can potentially be of more value to the cybercrime space than credit card data itself for an individual's health care identity contains data with unique values that remains the same over time such as the individual's health number or DOB, it assists hackers in stealing identities by making the process smooth.

Over the past year, various Canadian health-care institutions became victim of breaches including LifeLabs, one of the country's largest medical laboratory of diagnostic testing for healthcare, which was hit by a massive cyberattack compromising the health data of around 15 million Canadians. The private provider was forced to pay a ransom in order to retrieve the stolen customer data.

In another incident, attackers breached the computer networks of three hospitals in Ontario that led to a temporary shut down of diagnostic clinics and non-emergency cases were told to come back later.

The prosecutor's office identified a leak of the full database export and import operations in Russia for eight years


Yekaterina Korotkova, the representative of the Moscow Interregional Transport Prosecutor's Office reported that the Northern Transport Prosecutor’s Office revealed a leak on the Internet of a full database of export-import operations of Russian companies at customs posts over eight years.
“It was established that one of the Darknet sites has on sale a complete, regularly-updated customs database for all export-import operations of Russian companies for 2012-2019 (data for all customs posts of the Russian Federation),” said Korotkova.

According to her, the site contains full declarations of all participants in foreign economic activity of Russia, TIN of recipients, senders, information about the processed goods, indicating the Declaration numbers, the country of origin of the goods, surnames, first names, patronymics of their representatives, vehicle numbers, contact numbers, as well as information about risks.

"The customs authorities' databases on the website for acquiring contain information of limited access and personal data," added the representative of the Ministry of Transport and Trade of Ukraine.

The Prosecutor's office through the court demanded to recognize this information prohibited on the territory of Russia.

The court granted the claim. After entering into force, the court's decision will be sent to Roskomnadzor to include the resource in the Unified register of information, the distribution of which is prohibited on the territory of the Russian Federation.

In December 2019, the Investigative Committee reported that during operational activities it was possible to establish a hacker who was to blame for the leak of personal data of several hundred thousand employees of the Russian Railways company on the Internet. A 27-year-old hacker from Krasnodar was charged with illegally obtaining and disclosing trade secrets and illegally accessing protected information.

Investigators found that in June 2019, the accused was able to access internal resources of the Russian Railways computer network. He copied the personal data of several hundred thousand employees, including managers, of Russian Railways and posted it on the Internet. The young man pleaded guilty to committing this cyberattack.

250,000+ Login/Passwords Leaked in The Trident Crypto Fund Data Breach


More than 260,000 customers’ data was compromised online in a gigantic data breach that went down pretty recently.

Trident Crypto Fund, per reports, experienced this data breach which gave rise to the leakage of thousands of customer records including usernames and passwords, online.

Per sources, Trident is a crypto-investment index fund that functions as an arm of the “Dragonara Business Center”, Italy. It also is reportedly the “first coin-based index fund”.

And like scattered sugar for ants, the leaked records were immediately devoured by the cyber-cons right after they were compromised.

Per sources, personal data of over 260,000 registered users of the Trident Crypto Fund was left bare for people to exploit as per they wished to.

Reports mention that the leaked data comprised of phone numbers, encrypted passwords, email addresses, and IP addresses.

The aforementioned data was discovered to be published on several “file-sharing” websites in the past month.

According to researchers, the hackers had evidently de-crypted the stolen files and published an array of over 120,000 passwords at the beginning of March. It was also found out that the password and login ID pairs were matchless with the ones previously leaked.

The details or even the mention of the data breach haven’t appeared on the website or on other communication platforms. But reportedly, a victim of the breach was contacted who confirmed the connection between the fund and the leaked data.

As mentioned on the fund’s website, the company “works hard” to protect its customers’ data and secure accounts. They allegedly are also investigating the “suspected breach”.

The Russians were the ones to get heavily affected by the above-mentioned data leak as the compromised data was a direct key to their accounts. Word has it that more than 10,000 Russian users were impacted by the Trident Crypto Fund data breach.

Even though it’s possible that Russian residents might have had their records leaked previously as well, there are no records of that happening.

Nevertheless, this data breach structured the history of data leakages for Russia as this happens to be one of the first major ‘Personal’ data breaches the country’s citizens have faced that has had such a major impact.

Security is Clearview’s top priority?


Clearview AI an American technology company was, as of late breached as hackers figured out how to exploit a security flaw and 'make-off' its whole client list. Despite the fact that there's a lot of reason of concern, the specific nature and source of the breach remain unknown as of now. The company anyway has emphasized over and over that it has already patched the vulnerability and insists its that servers were not accessed. 

The facial recognition software company has made claims, that not exclusively does its clientele incorporates many police stations, but it purportedly services the FBI and DHS and said that they are exclusively working with law enforcement agencies. 

The Daily Beast's Betsy Swan originally investigated the breach. In the wake of assessing the documents from Clearview AI staff they wrote: 

Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of users accounts those customers had set up, and to the number of searches its customers have conducted. 

The breach, however, isn't the main issue Clearview AI has to deal with currently. It's additionally entangled in a standoff with an alliance of tech titans hell-bent on seeing it shutdown. The contention comes from the company's utilization of "publicly available" images of peoples from the internet to compile its database. 

Supposedly, Clearview has billions of images in its database of simply peoples' faces. It assembles these images by utilizing a "crawler" AI to scour websites like Facebook, Twitter, and Google Image Search for each accessible picture. At that point, it coordinates the faces with whatever data it can discover on the internet and gives law enforcement access in a convenient application. 

Up until now, the company's gotten cease and desist letters from Microsoft, Google, Venmo, and Twitter. While it's very vague precisely what legitimate response Clearview has now, it seems like it might be going towards a court confrontation like HiQ v. LinkedIn.

Financial and Customer Info being Exposed in Slickwraps Data Breach


Slickwraps, a mobile device case retailer that specializes in designing and assembling the most precision-fitted phone cases in the world has suffered a major data breach that exposed the personal information of employees including their API credentials, resumes and much more.



In January 2020, a security researcher named Lynx attempted to gain access to Slickwraps's systems, he acquired full access to the company's website employing a path traversal vulnerability present in a script which is used by them for customizing cases.

After exploiting the vulnerability, Lynx sent emails stating the same to the company and upon receiving no response to those emails, he decided to make public disclosure of the vulnerability and how he exploited it to acquire access to the systems and the data that was compromised.

While giving insights of the incident, Lynx told that it allowed them to acquire access to 9GB of personal customer data that included employee resumes, customers' pictures, API credentials, ZenDesk ticketing system along with more sensitive data such as hashed passwords, transactions, and contact-related information.

As per the reports, multiple attempts made by Lynx to report the data breaches to Slickwraps were blocked by the company. Even though Lynx made it clear that they don't want any bounty and are just trying to get Slickwraps to publicly disclose the breach.

In a post made by Lynx on Medium, he stated, "They had no interest in accepting security advice from me. They simply blocked and ignored me."

While accepting the shortcomings of the company in terms of user security, Jonathan Endicott, Slickwraps CEO, apologized for the data breach and said, "There is nothing we value higher than trust from our users. In fact, our entire business model is dependent on building long-term trust with customers that keep coming back."

"We are reaching out to you because we've made a mistake in violation of that trust. On February 21st, we discovered information in some of our production databases was mistakenly made public via an exploit. During this time, the databases were accessed by an unauthorized party."

"Upon finding out about the public user data, we took immediate action to secure it by closing any database in question. As an additional security measure, we recommend that you reset your Slickwraps account password. Again, no passwords were compromised, but we recommend this as a standard safety measure. Finally, please be watchful for any phishing attempts."

"We are deeply sorry about this oversight. We promise to learn from this mistake and will make improvements going forward. This will include enhancing our security processes, improving the communication of security guidelines to all Slickwraps employees, and making more of our user-requested security features our top priority in the coming months. We are also partnering with a third-party cybersecurity firm to audit and improve our security protocols."

"More details will follow and we appreciate your patience during this process." the statement further read.

SoPo Nonprofit Told, Unknown Number of Clients Affected by Data Breach


A South Australian company, PSL Services, also known as Peregrine Corporation involved in the operation of service stations, convenience retail outlets and tobacconists recently disclosed a data breach to Mainebiz.

The company administered from its head office in Kensington Park, South Australia told that personal data of its employees including their names, email accounts, some medical information along with other sensitive information may have been accessed illegally between December 16 and December 19, 2019. Other information accessed without authorization includes address, DOB, Driving License Number, Social Security Number and Identifying Numbers of clients for participation in Mainecare.

There have been no speculations made by the corporation as to who is behind the public breach of its confidential data, however, the officials told in an email that there are chances that the criminal behind the incident was trying to force the agency in sending funds electronically which they did not.

Post-incident, the company was subjected to back to back investigations and it refused to specify the number of employees being affected. PSL did not provide other details regarding the incident such as whether the individuals were clients, employees, family members or others. As per some news releases, PSL came to know about the breach on 17th December after some suspicious activity was observed in an employee's email account, it immediately reported the same to its information services department.

The corporation told that it had “notified the Office of Civil Rights at U.S. Department of Health and Human Services, the Maine Attorney General, and prominent news media outlets throughout the state of Maine."

Referencing from the statements given by Lori Sanville, executive director, “The contents of a small number of email accounts were exposed,”

“The number is unknown until the data mining is completed. We will then contact anyone affected.”

In regard of the same incident, PSL also contracted with a cybersecurity vendor to further investigate the matter and come up with security measures, as per Sanville. In addition, she told Mainebiz, “We want our clients and the community to know that we take this matter very seriously and that we remain committed to assisting our clients first and foremost."

Facebook Data Breach: API Security Risks


In the year 2018 Facebook disclosed a massive data breach due to which the company had to face a lawsuit along with allegations of not properly securing its user data. The breach directly affected the authentication tokens of nearly 30 million of its users which led to the filing of several class-action complaints in a San Francisco appeals court. In the wake of the incident, Facebook pledged to strengthen its security.

A feature, known as "View As" which was employed by developers to render user pages was exploited by hackers to get access to user tokens. The theft of these tokens is associated with the advancement of a major API security risk, it also indicates how API risks can go unnoticed for such a long time frame. The trends in digital up-gradation have further pushed the process of continuous integration and continuous delivery – CI/CD, which are closely related concepts but are sometimes used interchangeably. The main purpose of continuous delivery is to ensure that the deployment of a new code takes the least possible effort. It enables DevOps to maintain a constant flow of software updates to fasten release patterns and reduce the risks related to development.

Conventionally, developers used to work on the parts of an application– one at a time and then manually merge the codes. The process was isolated and time-consuming, it led to the duplication of code creation efforts. However, as the IT ecosystem went on embracing the new CI/CD model and effectively sped up the development process while ensuring early detection of bugs, almost all the security has been commercialized by ace infrastructure providers namely Microsoft and Amazon. The commodities offered include authorization, container protection and encryption of data. Similarly, security components of first-generation firewalls and gateways like the protection of denial-of-service (DDoS) attacks also constitute the infrastructure.

When it comes to navigating and communicating – especially through an unfamiliar space, APIs are a powerful tool with great flexibility in their framework. However, similar reasons also make APIs equally vulnerable also.

While giving insights into the major IT risk posed by APIs, Terry Ray, chief security officer for Imperva told, "APIs represent a mushrooming security risk because they expose multiple avenues for hackers to try to access a company's data."

"To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications."

The API threat is basically rooted in its lack of visibility, Subra Kumaraswamy, the former head of product security at Apigee, an API security vendor owned by Google, while putting the risk into the perspective, told: "When you have visibility into your APIs throughout your organization, you can then put controls in place."

"You might decide that a certain API should only be exposed to in-house developers, not external, third-party ones. If you don't have visibility, you can't see who is accessing what."

While labeling the authorization and improper asset management as areas of key concern, Yalon told, “Authorization mechanisms are complex because they are not implemented in one place, but in many different components like configuration files, code, and API gateways."

“Even though this sometimes may look like simple housekeeping, having a very clear understanding of the APIs, with well-maintained inventory, and documentation (we whole-heartedly recommend Open API Specification) is very critical in the world of APIs,” he further said.

Data from more than half a million clients of Russian microfinance organizations has been put up for sale


The base of more than 1.2 million MFIs clients, which is in the top 10 on the market, is up for sale. It affects more than one company. Bistrodengi, Zaymer, Ekapusta found their customers in this base. According to experts, the data is collected from different places. Information can be used by fraudsters to make online loans.

The database includes full names, phone numbers, email addresses, dates of birth and passport data of Russians. The seller of the database does not disclose the name of the organizations. whose data he had, but most of the customers who answered the calls reported that they applied for loans to the Bistrodengi company.

Elena Stratieva, Director of Microfinance and Development, said that internal audits were carried out on the first day after the announcement was revealed.

She stressed that the level of data matches with the databases of individual companies is quite low, which may indicate a leak on the part of an agent that aggregates data for many financial institutions at once.

At the same time, according to her, the database includes not only data of individuals who were approved loans in 2017-2019, but also those who were refused. According to Federal law, MFIs do not store this much time.
It was also noted that the fact of data leakage from any MFIs or from several MFIs has not yet been established.

In turn, Olesya Bobkova, managing Director of Lime Zaim MFO, expressed the opinion that customer data could get into the network because of unscrupulous webmasters who still have user data in their databases. For example, most of these data sales ads contain inaccurate, outdated, and incomplete data that are not enough to use or harm customers. However, according to Bobkova, some hackers do not lose their attempts to monetize this database and bring information to black markets and forums.

Website Puts 12 Billion User Records Up For Sale and Gets Seized By US Authorities


Are you fond of buying stolen'/leaked data? Because, one such domain, named ‘WeLeakInfo.com’ recently got seized by the US authorities.

WeLeakInfo, with its absolutely convenient name, had been selling stolen data from other hacked websites, online for the past three years.

The website provided an online service where hacked data was made available to people willing to pay for it.

Per sources, hackers were made available people’s “cleartext passwords” which aided them to purchase a subscription on the site in order to attain access to tons of user credentials.

Apparently, this illegal website was doing so well that it had gotten quite a popular fan-base for itself in the hacking “underworld”.

Reportedly, people were even providing them with consignments to execute recon on targeted individuals and organizations alike.

The modus operandi was in the way, that hackers would buy access to the site. They’d then search for names, emails and usernames of people they want to hack. The site would come up with results in the affirmative as to in which data breaches exactly were the required user’s data available.

The hackers would then have complete access to people’s passwords which they could easily run against that person’s other online profiles as well.

The cost of the website was incredibly low making it easily accessible to all sorts of hackers of all sorts of abilities and financial attributes.

Reportedly, for a lowly amount of $2/day hackers could fully wring the website for unlimited searches for any user’s data which was ever in a data breach.

During the silence before the storm period, WeLeakInfo was proudly flaunting on its website its expanded network of over 12 billion user records owing it to more than 10,000 data breaches, reports mentioned.

The storm hit and WeLeakInfo got taken down together by FBI, authorities from the Netherlands, Northern Ireland, the UK, and Germany.
Also, per sources, two arrests were made in the Netherlands and Northern Ireland each. Reportedly, the arrested suspects are allegedly staff members of the site.

After the US authorities took down “LeakedSource” in February 2017, “WeLeakInfo happens to be the second most major website to go down the same drain.

There still exist several websites that are providing people access to stolen data especially cleartext password, as you read this.

Per sources, similar websites, allegedly by the name of “Detached”, “Leak-Lookup” and “Sunbase” have been created on the model of a website “Have I Been Pwned” which is a website created by Australian researchers, per reports.

The model of the three websites and “Have I Been Pwned” may be the same but the latter never permits access to cleartext passwords.

Ukrainian government job site posted passport scans of thousands of civil service candidates


Government job site https://career.gov.ua/ published scans of passports and other documents of citizens who registered on the portal to search for work in the government sector. This was announced on January 16 by the Office of the Ombudsman of Ukraine on Facebook.

“A possible leak of personal data of citizens who registered on the site https://career.gov.ua/ with the aim of passing a competition for government service was identified. A copy of the passport and other scanned documents that users uploaded to the Unified Vacancy Portal for public service are in free access," the message said.

It is noted that data leakage became known from posts on Facebook by job seekers in the public sector. So, on January 15 at night in the social network, there were messages from candidates for government posts about publishing scans of their passports, diplomas and other documents. A spokeswoman for the Ukrainian cyber activist community, Ukrainian Cyber Alliance, known as Sean Townsend, filed a complaint with the Ombudsman’s Office.

The press service of the Ombudsman's Office noted that the circumstances of this incident are being established and monitoring is being carried out. However, Ukrainians are afraid that their documents will be used by fraudsters.

"Don't be surprised if a loan is accidentally taken in your name," users write in the comments.
The cybersecurity expert Andrei Pereveziy wrote the following: "Minister Dmitry Dubilet, what about digitalization? Probably, this vulnerability in the framework of #FRD should be demonstrated to the European Ombudsman, so that Europe understands what it supports."

The National Security and Defense Council (NSDC) of Ukraine held an extraordinary meeting of the working group on responding to cyber incidents and countering cyber attacks on state information resources in connection with the leak of data from the Unified Vacancy Portal.
During the meeting, experts noted the need for state authorities to ensure proper cyber protection of their own information systems.

Adult Webcam Models' Private and Sexual Data Compromised!


Undoubtedly, being an "Adult Webcam Model" means living a "revealing" life "out in the open". But to an extent where "Personal" and "Sexual" details are laid out on the table? Not what most would think.

PussyCash, an infamous “live webcam porn network” suffered a data breach and threw in the face of the internet all the tremendously “controversial” details of their adult webcam models’ lives.

Per sources, “PussyCash” hosts “affiliation programs” for numerous adult websites. Webmasters are paid for sending traffic to these sites via “banners”.

PussyCash owns and operates other similar websites via its parent organization “IML SLU” by the names of, “ImLive”, “Shemale”, “Forget Vanilla”, “Whiplr”, “Supermen”, “Phonemates”, “Fetish Galaxy”, “Sexier” and many more.

PussyCash, who really should’ve known better, had administered an “explicit webcam network” with over 870,000 files left unattended for ANYONE with an internet connection to access without the need for a PASSWORD.

The awfully gigantic plop of information about the adult webcam models that was leaked by PussyCash had in it the models’ full names, dates of birth, places of birth, addresses, nationalities, citizenship statuses, passport details, genders, photographs, signatures, parents’ full names, fingerprints, the entire credit card numbers their expiry dates, driving licenses, marriage certificates, birth certificates, body measurements, tattoo and piercing details and other such stuff.

But this was NOT ALL.

Other particularly uncanny and creepy details of the models’ personal and work lives got revealed, including, PHOTOGRAPHS, VIDEO CHATS and SCREENSHOTS of their work, apparently. And, their Sexual Fantasies, Favorite Sexual Positions, scans of their handwritten biographies, hobbies, favorite food, and the list goes on.

(Mortifying!)

This data leak has surely opened up new avenues for criminals by providing them fresh meat to ‘extort’, ‘stalk’, ‘blackmail’ and publicly humiliate these models in addition to the commonplace attempts at identity thefts and scams.

Once an adult webcam model, NOT ALWAYS an adult webcam model.
It is more than probable that out of the listed individuals some preferred to quit being “adult webcam models” and moved towards more conventional and professional jobs and careers. What would happen if their workplaces get privy to these exceedingly controversial details of their past lives?

Unfortunately, PussyCash isn’t the first one to err so. Loads and tons of websites leave their sensitive data out on the face of the internet for people to exploit.

Porn websites certainly can’t be condoned of lack of security just because, well, they are porn websites. Everyone on the web should equally worry about the privacy of their data, it doesn’t matter if the organization is professional or not.

Hackers sell data of 80 thousand cards of customers of the Bank of Kazakhstan


An announcement about the sale of an archive of stolen data from 80,000 Halyk Bank credit cards appeared on the Darknet's site Migalki.pw.

It should be noted that Halyk Bank of Kazakhstan is the first Bank in the country in terms of the number of clients and accumulated assets. This is not the first time for a Bank when data has been compromised.

The fact that the archive consists only of Halyk Bank cards suggests that the cards were stolen inside the structure.

Typically, identifiers of stolen cards are obtained using MitM attacks (Man in the middle). While the victim believes that he is working directly, for example, with the website of his Bank, the traffic passes through the smart host of the attacker, which thus receives all the data sent by the user (username, password, PIN, etc.).

It is possible that the archive is not real. This may be a bait for potential carders created by the Bank, the so-called honey pot. This trap for hackers creates an alleged vulnerability in the server which can attract the attention of attackers and inspire them to attack. And the honeypot will see how they work, write down the information and pass it to the cybersecurity department.

Although, such actions are risky for the image of a financial institution, as any Bank tries to avoid such negative publicity.

It is important to note that all data leaks from the Bank is the personal fault of the owners, managers of the Bank. In Russia and in Kazakhstan, in case of data leakage, the bank at best publishes a press release stating that "the situation is under control". However, banks in the US and Europe in the same situation receive a huge fine.

Seattle- based Wyze alleged of data breach: Unpaired all devices from Google Assistant and Alexa


Seattle-based smart home appliance maker Wyze, which is popular for selling its products cheaper than its competitors, has been accused of a data breach and trafficking the data to Alibaba Cloud servers in China.




In response to the alleged data breach against its production database, Wyze logged out its users out of their accounts and has strengthened security for its servers.
 "Customers endured a lengthy reauthentication process as the company responded to a series of reports claiming that the company stored sensitive information about people's security cameras, local networks, and email addresses in exposed databases.", stated Android Police.

Texas-based Twelve Security, a self-described "boutique" consulting firm, claimed of a data breach against Wyze's two Elasticsearch databases on Medium yesterday. The data has come from 2.4 million users from the United States, United Kingdom, the United Arab Emirates, Egypt, and parts of Malaysia.

The data included, email addresses, firmware versions, and names of every camera device in a household, time of devices' last activation, times of users' last login and logout, account login tokens for users' Android and iOS devices, camera access tokens for users' Alexa devices, Wi-Fi SSID, and internal subnet layout. Some users who also gave out more information, their info was also tracked, their height, weight, gender, bone health, and protein intake were also exposed.

Twelve Security also posted that Wyze was clearly dealing with and trafficking data through Alibaba Cloud servers in China. Video surveillance news blog IPVM along with Twelve Security could spot devices and accounts linked to their staff those reviewed Wyze products. They chose not to inform Wyze about this breach before going public because of the negligence of the company and probable link to Alibaba and previous security blunders.

Wyze in response to these allegations logged out the users from their accounts but posted in their community forum that it failed to verify a breach. Wyze also denied any relation with Alibaba.

But later it posted that the breach was caused by an employee and was a "mistake" and the affected customers can expect an email from the company and as a caution,n the company logged out all users and they'll have to log in again with two-factor authentication.

Automotive Giant Honda Exposes 26,000 Vehicle Owner Records Containing Personally Identifiable Information of North American Customers


Subsequent to misconfiguring an 'Elasticsearch cluster' on October 21, the multinational conglomerate Honda exposed around 26,000 vehicle owner records containing personally identifiable information (PII) of North American customers.

Security Discovery researcher Bob Diachenko reached out to Honda's security team in Japan following which the team immediately verified the publicly accessible server within only a couple of hours.

The database records incorporated the customers' full names, email addresses, phone numbers, mailing address, vehicle make and model, vehicle VINs, agreement ID, and various service information on their Honda vehicles, the company later included that none of its North American customers' financial information, credit card information, or credentials were uncovered in the episode.

While the company responded instantly in the wake of being informed that the misconfigured Elasticsearch cluster was publicly accessible on the Internet, Diachenko says that their week-long public exposure "would have allowed malicious parties ample time to copy the data for their own purposes if they found it."

The Honda customers' information may be utilized in highly targeted phishing attacks later on if the information was spilled during the week the database was exposed.

Anyway this isn't the first episode for Honda for being involved with such occurrences, for in the past there were comparable circumstances experienced by the 'automotive giant', with the most recent one from July 2019 additionally including a publicly accessible ElasticSearch database that exposed about 134 million documents containing 40 GB worth of information on roughly 300,000 Honda employees from around the world.

Despite the fact that Elastic Stack's 'core security features' are free since May per an announcement made by Elastic NV, publicly accessible and "unsecured" ElasticSearch clusters are continually being spotted by security researchers while scouring the web for unprotected databases. "

This means that users can now encrypt network traffic, create and manage users, define roles that protect index and cluster level access, and fully secure Kibana with Spaces, “ElasticSearch’s designer’s state.

Nonetheless Elastic NV recommends database administrators to verify their ElasticSearch stack by "encrypting communications, role-based access control, IP filtering, and auditing," by appropriately configuring the cluster before conveying it, and by setting up passwords for the servers' built-in clients.

A cyber- security provider discovers Microsoft, LinkedIn and many others becoming the most preferred targets for phishing


Akamai Technologies, Inc. an American content delivery network as of late discovered various issues, like the DDoS attacks, credential stuffing, and phishing and in its State of the internet/security (SOTI) report, it featured the research done by the organization over the last 12 months.

According to Akamai's discoveries over 50% of every unique organization that was 'impersonated' by tracked phishing domains was from the financial services and among the favored targets for phishing, companies like Microsoft, PayPal, DHL, DocuSign, and LinkedIn were among the top targets.

As per Akamai the attack aimed at gathering the personal information of users and duping them by later claiming to be a 'trustworthy' source, just like an organization or a bank, it assumes a vital job in 32% all breaches and 78% of all cyber-attacks.

In its report it has featured that among the phishing kits observed by it for almost 262 days, 60% of kits were active for 20 days or less, more than 2 billion unique domains that seemed malignant and 89% of the domains utilized for phishing had a 'life expectancy' of under 24 hours while 94% had a life expectancy of under three days.

While the measures embraced against such phishing attacks have been developing throughout the years, the shifty and cautious strategies utilized by phishing kits have been transforming too.

Akamai’s report basically highlights some of the content-based evasion techniques used by phishing kits. The crucial evasion techniques incorporate the CSS font evasion, arbitrarily generated URLs, sub-domain and HTTP user-agent filtering.

Here are some of the steps to be taken by users to better protect themselves from such attacks:

  1. Check the email or message for spelling mistakes, unusual phrases, and discrepancies in the domain name.                                                                                                                                        
  2. If the email contains unnecessary attachments or links, avoid clicking on them.                                 
  3. Do not click on shortened links, especially on social media.                                                                    
  4. At all costs avoid emails from suspicious senders that contain urgent deadlines and ask you to click on a link or visit a website urgently.                                                                                                   
  5. Do not enter personal information in pop-up screens as companies generally do not use pop-up screens to ask for user information.


Maze Ransomware Exfiltrated Data of Southwire Firm, Threatens to Publish if Ransom Not Paid


Maze ransomware, a variant of Chacha Ransomware that has been leading the charge of various ransomware attacks lately, now claimed responsibility for yet another cyber attack, this time on North America's most prominent wire and cable manufacturer, Southwire that generates household and industrial cables, utility products, portable and electronic cord products, OEM wire products, engineered products, and metal-clab cables for more than 50% of Northern America. It's a leading wire producing company with over 7,500 employees and has been around for seven decades now.

The attackers surreptitiously infiltrated company data and demanded a ransom of approximately $6 million (859 BTC) for a safe release of the data which reportedly is all set to be published in case the company fails to pay the demanded amount.

Maze Ransomware was originally discovered by Jérôme Segura, a security researcher at Malwarebytes in the month of May, earlier this year. Since then, the malware strain has gained massive popularity and is continuously becoming more and more active. While organizing various malspam campaigns, it has been discovered that its affiliates are essentially more dangerous.

On Monday, around the time when the company's website suffered the ransomware attack, admins located a message posted in Imgur demanding a ransom of 850 BTC from the company. In the wake of which, a topic was started on Reddit where Snooze16, seemingly an employee of the company, while putting the situation in perspective, said, “I went into the offices yesterday afternoon. Everyone was headed home – no computers. It looks like their site is still down. The IT guy that was there told me that the plant called him at 5 am asking how to shut the servers down. Bad time of year not to be shipping.”

In a conversation with the Chronicle, Jason Pollard, vice president of Talent Acquisition and Communications for the wire manufacturer, told, "We immediately self-quarantined by shutting down the entire network,"

"The incident did cause some disruption in our ability to make and ship our products."

"The safety of our employees, the quality of our products and our commitment to our customers are critically important to us. Today, we’re bringing critical systems back online, prioritizing manufacturing and shipping functions that enable us to create and send the product to our customers. We are dedicated to restoring all systems and bringing all of our employees back to work as safely and as quickly as possible." He further added.