Search This Blog

Showing posts with label Data Stolen. Show all posts

'ShinyHunters', a Hacker Group Selling Databases of 10 Organization on the Dark Web for $18,000


A group of hackers has put the user databases of 10 companies for sale on the dark web, a part of the internet world that requires specialized software to be accessed, it isn't normally visible to search engines. 

The group that is selling more than 73.2 million user records goes by the name of 'Shinyhunters' and was reportedly behind the breach of Indonesia's biggest online store, Tokopedia. Notably, it's the success of Tokopedia's breach that has encouraged the hackers to steal and sell data from various organizations including Zoosk (online dating app, 30 million records), Minted (online marketplace, 5 million records), Chatbooks (Printing service, 15 million records), Mindful (Health magazine, 2 million records), Bhinneka (Indonesia online store, 1.2 million records), Home Chef (Food delivery service, 8 million records) and others. The samples of the aforementioned stolen records have been shared by the hackers; security experts have verified the same to confirm the authenticity of most of the databases that are being sold separately by the hackers for almost $18,000. However, the legitimacy of some of the enlisted user records is yet to be proved. Despite the ambiguity and confusion, ShinyHunters seems to be a well-founded threat actor as per community sources. 

In the last week's breach targeting Tokopedia, initially, hackers published 15 million user records for free, however, later on, the organization's full database containing around 91 million records was put on sale for $5,000. 

Allegedly the hacker group has also been involved in the data breach of a very popular Facebook-funded education initiative, Unacademy, the breach affected a total of 22 million user records. 

Reports indicate that the data posted by hackers contain authentic databases that could lead to serious concerns for all the affected organizations, although there are limited insights available about ShinyHunters, the modus-operandi of the hacker group resembles that of Gnosticplayers, a computing hacking group that made headlines for selling stolen data of the dark web with its latest victim being Zynga Inc, a mobile social game company.

Facebook leaks millions of Instagram passwords

2018 – What a year was it for Facebook! Data scandals and security leaks, issues from Cambridge Analytica and trails by authorities, Facebook have gone under every shit it’s connected with.

And the problems just keep coming in 2019. And in this year, it seemed to have enough already by internal probs, where is announced in a blog post last month saying, “Millions of users passwords were stored in a readable format in their databases!”

Just a day after the social networking giant admitted that it "unintentionally" uploaded email contacts of nearly 1.5 million of new users, Facebook has now revealed that it exposed millions of Instagram users' passwords in a data-security lapse. The password exposure is part of the security breach that was first reported last month by Krebs on Security. Admitting the security blunder, Facebook has said that the company it stored passwords of millions of users in plain text on its internal servers.

However, at that time Facebook claimed that “hundreds of millions of Facebook Lite users” and “tens of millions of other Facebook users” have been affected. Incidentally, the company has chosen just to update the old blog post while making the new revelation. "This is an issue that has already been widely reported, but we want to be clear that we simply learned there were more passwords stored in this way," a Facebook spokesperson said in a statement. Here's all you need to know about this latest 'password leak' from Facebook ...

The process was unintentional – according to Facebook – and happened when users were prompted for their password as part of a security verification process. It's been going on since May 2016 but Facebook says its now deleting all the scraped data.

In the updated post Facebook says: We will be notifying these users as we did the others.

Security breach encountered in Perth international airport

A Vietnamese hacker infiltrated Perth international airport's computer system and swiped away sensitive security details. Le Duc Hoang Hai, 31 , utilized credentials of a third party contractor to unlawfully get to the airport's system in March a year ago.

Prime Minister Malcolm Turnbell's cyber security adviser Alastair Macgibbon told the West Australian that the Vietnamese figured out how to steal "a significant amount of data". He added the hack to be "a close miss" that could have been a considerable measure more terrible. The programmer could get the data on the Airport's building security yet luckily not radars. The authorities at the Airport detected a security breach and informed the federal cyber security authorities in Canberra who at that point tipped-off Vietnam.

 The 31-year-old was then arrested in Vietnam after the authorities got the information about the tip-off from the Australian federal police. He has been convicted in a Vietnamese military court and condemned to 4 years behind the bars. Aside from this, the travellers were not placed in threat as he was not able access radars, computer data related with air traffic or even the personal details of said travellers.

 Kevin Brown,Perth Airport CEO,later assured that no personal data of members of the public,such as details of credit card numbers, was accessed but other Perth Airport documents were taken. Brown said the airport has completed a full risk assessment of the data stolen and concluded that there was no threat or risk to the travelling public.The Perth international airport was in any case, the main Australian focus of the hacker, who had prior succeeded in compromising the website of the Vietnamese banks and telecommunications also including an online military newspaper.

 Macgibbon further added saying that right now there is no confirmation whether Hai, was working with a bigger hacking group or whether the data stolen in the breach was sold off or leaked online. In any case, he commented on the incident saying that it is indeed a warning sign that crisis like these are going to be encountered a lot in the coming future.

Celebrities Hacked and Doxed ! (Exclusive:Hack analysis)



The private details of many Celebrity's have  been leaked on a website :" http://www.exposed.su/ (Currently Going in and out of service)"

This is the list of celebrities exposed: Michelle Obama, Kim KardashianJoe BidenRobert Mueller (FBI Director)Hillary ClintonEric Holder (U.S. Attorney General)Charlie Beck (LAPD Chief)Mel GibsonAshton KutcherJay ZBeyonceParis Hilton,Britney SpearsSarah PalinHulk HoganDonald TrumpArnold SchwarzeneggerAl GoreKanye WestKris JennerStacia Hylton (U.S. Marshals Director)Mitt RomneyTiger Woods ,Sandusky, Chris Christie, Bill Gates  

When this site went viral online and gained lots of media attention the FBI got involved and is now investigating.

Data seems to be from credit reporting agency's TransUnion, Experian and Equifax. All of them admitted they were compromised.

TransUnion, Equifax and Experian have a common website called annualcreditreport.com, where customers can get a free copy of their credit report by entering personal information – such as address, social security number and date of birth –, and by answering a few multiple-choice questions.

“What it appears happened is that personal identifiable information was evidently accessed or somehow obtained by the fraudsters who therefore were able to go into annualcreditreport.com and get some pieces of information on some individuals,” Equifax representatives told Ars Technica.

Here is an exclusive analysis of the site:

The website is running behind Cloudflare (CDN). Using Cloudflare has a lot of advantages .

  • It hides the actual IP address of the site thus it will slow down attempts to trace and take down the original server.
  • Keeps the site content on cache even if it is taken down by DDOS etc.  
  • Even a small server will be able to handle lots of traffic.
Note: Cloudflare was also used by the infamous "Lulzsec" before they were shutdown

The hacker seems to be a fan of the TV series "Dexter" which is about "A likeable Miami police forensics expert who moonlights as a serial killer of criminals who he believes have escaped justice" .

First the Quote on the main page "If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve"

It is from the same TV show (Episode 12: "The British Invasion")

Second the background music embedded in the site links to : (Music from the TV show) https://www.youtube.com/watch?v=e2xxizpHuoo

The website also does not contain any images hosted within itself . All the images are taken from other sites that have already hosted them.

The use of  .su domain seems be an diversion to try to shift the attention to Russian hackers.

Whois data:

domain:        EXPOSED.SU
nserver:       dave.ns.cloudflare.com.
nserver:       fay.ns.cloudflare.com.
state:         REGISTERED, DELEGATED
person:        Private Person
e-mail:        exposed@allperson.ru
registrar:     REGTIME-REG-FID
created:       2013.03.06
paid-till:      2014.03.06
free-date:     2014.04.08
source:        TCI

The some of the pages also have youtube videos embedded in them (Most of them have something to do with the person exposed in the page)

Michelle Obama -- https://www.youtube.com/watch?v=rhN7SG-H-3k

Robert Mueller -- https://www.youtube.com/watch?v=ANeWYnArWXk

Charles Beck    -- https://www.youtube.com/watch?v=1M8vei3L0L8

Paris Hilton      -- https://www.youtube.com/watch?v=srP5twK-9Dw

Britney Spears  -- https://www.youtube.com/watch?v=kHmvkRoEowc

Donald Trump  -- https://www.youtube.com/watch?v=WD729yIKskU

Arnold Schwarzenegger -- (Broken Link in site) 

Mitt Romey -- (Broken Link in site) https://www.youtube.com/watch?v=DrR4G5HHPxY (recovered)

Though the attack is very well planned the website itself seems be done in a hurry. And there seems to be no "pattern" to the hacks except that all of the victims are celebrities.

Note: Will update this post if I find anything else.

Cichlid forum hacked & 67,000 account details leaked by SirLeakAlot


A Hacker who call himself SirLeakAlot managed to break into the Cichlid forum (www.cichlid-forum.com),a discussion board dedicated to cichlid, an interesting fish from the Cichlidae family.

Hacker published the compromised data in AnonPaste.  Hacker splits the dump into three parts due to the size of it.

The dump contains username, email address and passwords.  The passwords are in encrypted form(MD5 hashes).


The hacker didn’t reveal the reasons why the website was targeted, but a Twitter post provides some clues.

Japanese parliament's computers infected by Virus, an Cyber Attack


Japanese Parliment's computers infected by virus .  This gave access to Hackers. They Steal Confidential Data belonging to 480 lawmakers and their staff, for over a month.

As per the Report their servers are infected after a Trojan Horse was emailed to a a Lower House member in July. This Trojan Horse downloaded malware from Chinese based Server. This malware Spy on Email Communication and Steal confidential Data of Lawmakers and send to the attacker.








Last month, Mistubishi(Japan's Biggest Defense Contractor) server compromised and confidential data stolen such as such as fighter jets, as well as nuclear power plant design and safety plans.

XBox Live(XBL) Accounts hacked to buy FIFA 12 packs


As per the eurogamer report, Xbox 360 owners account is hacked in order to buy FIFA ultimate Team content packs. 

One of victim Speedjack reported to Eurogamer first about the compromise , who on 11th October found his gamertag had been "recovered" to someone else's machine.

"I then find out that I've had 5000 then 500 MS points bought on my credit card. Better yet, all the points including the 120 I had already on my account are gone... all spent on FIFA 12 content packs yesterday afternoon while I was at work.

"Not only that, but my account now has 35 FIFA 12 achievement points on it!!! Never played the game in my life - hate football."  Speedjack spoke to Microsoft support, which suggested there exists an issue with EA's servers that leaves XBL accounts vulnerable.

There is also a similar report on forum Facepunch, and multiple users' reports on the Xbox.com forum.

In order to Investigate complaints ,Microsoft support freezed compromised accounts up to 30 days.

Computer Tapes stolen~5 Million US Soldiers, Family Members Identity in risk

A computer Tapes contains the information about 5 Million Soldiers, Family Members were stolen from a car belonging to an employee of Science Applications International Corp. (SAIC), a large military contractor that runs medical centers for soldiers and their families.

“The employee was responsible for transporting the tapes between federal facilities in San Antonio, Texas,” Vernon Guidry, a spokesman for SAIC.


The tapes contained the medical records of 4.9 million patients at hospitals and military clinics in the San Antonio are from 1992 through Sept. 2, 2011, as well as patients elsewhere whose lab work and pharmacy prescriptions were handled by San Antonio-area facilities, according to a written statement by Tricare, a Defense Department health care program.

Also included were patients’ addresses, phone numbers, lab tests, prescriptions and clinical notes. The tapes did not contain any financial information like bank account numbers.

To view the data, the thief would need have specific hardware and software, plus knowledge of the data system’s structure, making it unlikely that the information could be accessed or misused.

“There is no indication that the data has been accessed by unauthorized persons,” Tricare said in its statement.

Tricare plans to send letters to all the victims of the data breach over the next four to six weeks.