Search This Blog

Showing posts with label Database Dumped. Show all posts

Data from thousands of Russian companies have been made publicly available on the web

The data of several hundred Russian companies that used the free online project manager Trello has been made publicly available. Among the hundreds of thousands of leaked boards are those containing confidential information.

Data from boards of free online project manager Trello, which were maintained by Russian companies, was made publicly available. Leaked data of several hundred large companies and thousands of small and medium-sized businesses were found by analysts of Infosecurity a Softline company.

The company specified that in Russia, Trello boards are mainly used by small and medium-sized businesses, and there are representatives of large organizations, including banks.

Kirill Solodovnikov, CEO of Infosecurity, called the entry of corporate data in the network "an illustration of a leak, which occurred not due to hacker attacks, but as a result of inattention or negligence of company employees". 

According to Infosecurity, organizations post lists of employees and customers, contracts, passport scans, documentation related to participation in tenders and product development, as well as credentials of corporate accounts and passwords to various services. 

"Usually it is not difficult to determine from which organization the information leaked. Its name often appears either in the name of the board or in the description of tasks," added the experts.

Analysts Infosecurity found that nearly a million public boards of service Trello are currently indexed by search engines, and thousands of them contain confidential information. So, now, according to thematic queries in search engines, there are more than 9000 boards with mentions of logins and passwords.

Trello belongs to the Australian software developer Atlassian, other similar free services include Evernote, Wunderlist, XMind, Notion. Data from Trello boards were already in the public domain, but this was the first time such a large-scale leak occurred.

Sergei Novikov, deputy head of the Kaspersky Lab's Threat Research and Analysis Center, noted that the service is used by cyber groups to coordinate their activities. Infosecurity told about detecting a board in Trello, which belonged to a group of fraudsters who specialize in deceiving credulous foreigners under the "Russian brides" scenario when the hunt is conducted for those willing to meet young girls from Russia.

"Hackers could use data from the boards, for example, to attack companies' clients or hack corporate Instagram accounts, as in the fall of 2020," added Infosecurity.

Experts warned that data leaks could also lead to fines for violations of the law on personal data, for example, it contradicts the storage of scans of clients' passports in public storage located abroad.

Personal data of one million Moscow car owners were put up for sale on the Internet

On July 24, an archive with a database of motorists was put up for sale on one of the forums specializing in selling databases and organizing information leaks. It contains Excel files of about 1 million lines with personal data of drivers in Moscow and the Moscow region, relevant at the end of 2019. The starting price is $1.5 thousand. The seller also attached a screenshot of the table. So, the file contains the following lines: date of registration of the car, state registration plate, brand, model, year of manufacture, last name, first name and patronymic of the owner, his phone number and date of birth, registration region, VIN-code, series and number of the registration certificate and passport numbers of the vehicle.

This is not the first time a car owner database has been leaked.  In the Darknet, you can find similar databases with information for 2017 and 2018 on specialized forums and online exchanges.
DeviceLock founder Ashot Hovhannisyan suggests that this time the base is being sold by an insider in a major insurance company or union.

According to Pavel Myasoedov, partner and Director of the Intellectual Reserve company, one line in a similar archive is sold at a price of 6-300 rubles ($4), depending on the amount of data contained.
The entire leak can cost about 1 bitcoin ($11.1 thousand).Information security experts believe that the base could be of interest to car theft and social engineering scammers.

According to Alexey Kubarev, DLP Solar Dozor development Manager, knowing the VIN number allows hackers to get information about the alarm system installed on the car, and the owner's data helps to determine the parking place: "There may be various types of fraud involving the accident, the payment of fines, with the registration of fake license plates on the vehicle, fake rights to cars, and so on."

Against the background of frequent scandals with large-scale leaks of citizens data, the State Duma of the Russian Federation has already thought about tightening responsibility for the dissemination of such information. "Leaks from the Ministry of Internal Affairs occur regularly. This indicates, on the one hand, a low degree of information security, and on the other — a high level of corruption,” said Alexander Khinshtein, chairman of the State Duma Committee on Information Policy.

Hackers sell data of 80 thousand cards of customers of the Bank of Kazakhstan

An announcement about the sale of an archive of stolen data from 80,000 Halyk Bank credit cards appeared on the Darknet's site

It should be noted that Halyk Bank of Kazakhstan is the first Bank in the country in terms of the number of clients and accumulated assets. This is not the first time for a Bank when data has been compromised.

The fact that the archive consists only of Halyk Bank cards suggests that the cards were stolen inside the structure.

Typically, identifiers of stolen cards are obtained using MitM attacks (Man in the middle). While the victim believes that he is working directly, for example, with the website of his Bank, the traffic passes through the smart host of the attacker, which thus receives all the data sent by the user (username, password, PIN, etc.).

It is possible that the archive is not real. This may be a bait for potential carders created by the Bank, the so-called honey pot. This trap for hackers creates an alleged vulnerability in the server which can attract the attention of attackers and inspire them to attack. And the honeypot will see how they work, write down the information and pass it to the cybersecurity department.

Although, such actions are risky for the image of a financial institution, as any Bank tries to avoid such negative publicity.

It is important to note that all data leaks from the Bank is the personal fault of the owners, managers of the Bank. In Russia and in Kazakhstan, in case of data leakage, the bank at best publishes a press release stating that "the situation is under control". However, banks in the US and Europe in the same situation receive a huge fine.

Sri Lanka Rupavahini TV and One SriLanka sites hacked by Davy jones

One of the Famous Sri Lankan TV Channel Rupavahini's official website ( has been hacked by a hacker named as Davy Jones.

In a pastebin post(, the hacker claimed that he hacked Rupavahini tv channel database server and leaked the database.

The paste contains database details and few credentials stolen from the target server which includes administrator username, email id, and password hash with salt.

The hacker uploaded the dump of the database in mediafire and posted in the same paste. The dump contains the .CSV files that contain the same data posted in the pastebin.

The hacker also claimed to have hacked the website belong to "One SriLanka"( The hacker as extracted all data with 1000 email ids and passwords and posted in a Paste(

According to Intruder statement(, most of the passwords match to email login also. So malicious hacker can use those email addresses for sending mails to anyone.

The paste contains a mediafire download link that contains the dump compromised from the One SriLanka tv website.  One of the .CSV files has the name, email address, username and hashed passwords.

Few days back, he also hacked into Sri Lanka Bureau of Foreign Employment website( and leaked the database( The leak contains few login credentials including the admin id and password.

DarkWebGoons leaks 20k Credentials from Association of Irish Festival Events

20,000 Credentials has been compromised from the Association of Irish Festival Events website ( by a new hacker with twitter handle @DarkWebGoons.

The Association of Irish Festival Events(AOIFE) is an all-island voluntary network organisation that brings together organisers of festivals and events in Ireland, suppliers to the festival and event sector and policy-makers and funders

The hacker announced the breach in Twitter and posted a link to the leak of the compromised database. Hacker did not mention the reason for the attack

The dump contains password hash, Corporate Company, Email & Password , mobile number, name and other details.

South Africa's National Department of Health website hacked

database dumped

A Tunisian greyhat hacker named as "Human Mind Cracker" has claimed to have breached the South Africa's National Department of Health website( and compromised the database.

In an email sent to EHN, hacker provided the vulnerable link as well as link to Database dump.  Hacker requested me not to post the vulnerable link.

" The only reason about this hack that i love challenge and I readed a lot about the Moroccan hacker that break into some south Africa website so I just wanted to pentest their security" The hacker told EHN.

The dumped database contains database details, username and hashed passwords.

DreamHost server breached by Security Warriors Team Swt and database leaked

A hackers collective called as Security Warriors Team Swt has breached the server belong to one of the popular hosting website DreamHost which has alexa rank 3k.

In a pastebin post titled ' myself into the air' , hackers published the compromised data.

The dump contains list of all subdomains, basic server information, all shell accounts with usernames and passwords as well as list of all client FTP servers.

Ealier this year, Dreamhost notified users about a security breach and recommends users to change the FTP/shell passwords. Now once again they got hacked.  At the time of writing, there is no official statement about the latest breach. Hacked and Database Exposed by 3xp1r3 cyber army is hacked by a Hackers team named as "3xp1r3 cyber army".  They exposed the database in pastebin. About 8000 users data is leaked.  The leak contains the password and email of users.

If you are one of the user  and used same password for gmail, immediately change your password now .

Majority of password is 123456, those users may not know about the cyber security.  If you also using simple password like 123456,iloveyou,ilovemom, then you should Check our Security Blog to know about the Interenet Risks and Cyber Security.  

10,000 Facebook account hacked by TeamSwaSTika

Recently Formed Hacking Crew From Nepal called "TeamSwaStika" hacked more than 10 thousand facebook account hacked .
They claim as as most powerful hacking team from Nepal. They also said that next target will be Nepal Government website .

Hackers Message:
"Fight For Justice | Justice To Freedom
Never Give up | Never Back down"

The hacked facebook accounts dumped in pastebin: (part1) (part2)

Now it is unavailable,pastebin removed the link for security reason.

100+ websites Hacked and Database Dumped by Stohanko

A Hacker Known as Stohanko hacked 100+ websites and leaked the database in pastebin. The Hacked websites are from different country. The leak contains username ,password and personal informations.

Leak 1:
Hacked Sites:

Leak 2:
Hacked Sites:

Leak 3:

Hacked Sites:

Leak 4 :

Hacked Sites:

Leak 5:
Hacked Sites:

Leak 6:
Hacked Sites:

Leak 7:
Hacked Sites:

Leak 8:
Hacked Sites:

Leak 9:
Hacked Sites: 

Leak 10:
Hacked Sites: 

Leak 11:
Hacked Sites:

Leak 12:
Hacked Sites:

Leak 13:
Hacked Sites:

Leak 14:
Hacked Sites:

Leak 15:
Hacked Sites:

Leak 16:
Hacked Sites:

3 Indonesia Government Sites hacked and DB leaked by Cyb3rSec Crew

Cyb3rSec Crew hacked 3 Indonesia Government Websites and Leaked the Database(DB) information in pastebin. The leak contains the admin id and password.

Hacked website and Database Leak:

The Supreme Court of Justice (TSJ) website is hacked and database leaked by @SwichSmoke website is hacked and database is leaked in pastebin by SwichSmoke

This is what hacker Said(translated to english from spanish):
The Supreme Court of Justice (TSJ) is the highest of Venezuela's judicial system. As such, the Supreme Court is the head of the Judiciary of the Bolivarian Republic of Venezuela, replacing in 1999 the Supreme Court.

He is responsible for defending the order established by the Constitution of Venezuela, to balance the various powers and governing bodies, and resolve, so definitive judicial matters of great social relevance, through rulings that dictates. Therefore, and since the principal and highest court of a constitutional nature, there is no body or authority that falls on it or judicial remedy can be brought against its decisions.

Its current President is Judge Luisa Estella Morales, who also chairs the Constitutional Chamber of the same organ.

Pastebin Leak:

Biggest ISP in Kuwait Qualitynet Side-Server Database Leaked

Qualitynet is the biggest internet service provider in Kuwait. It owns a very big network connected to other countries in Middle East. Qualitynet shocked us all in InfoConnect exhibition when it increased the pricing of their services by 70% and it shocked us again by applying the unfair downstream cap policy. Qualitynet is one of the major factors in setting the decision of cap policy which angered people of Kuwait toward these unlawful unacceptable decisions

Penetration of one of Qualitynet servers working for Ministry of Education having a database containing high school graduating students information. The server is

 AnonKuwait have hacked the whole server and extracted an SQL dump.

The leaked the whole database in .sql format:

3 Websites Hacked and leaked the database info by @CMDL1NE

@CMDL1NE hacked three website and leaked the admin info in pastebin.

Pastebin Link:

Pastebin Link:

Pastebin Link:

Muluthange is defaced and database leaked by Th3Jasper

Th3Jasper defaced and leaked the database in mediafire. He tweeted the link to mediafire in twitter(!/th3Jasper).

Muluthange Online, a Srilankan site for quick and easy sharing of recipes, tips and hints on creating the perfect dish. Sign up for free to save your favorite recipes, enter competition, receive our monthly e-newsletter and join in our forums.

Defacement Screenshot:

Th3jasper Previous hacks

Time wasters guide Database Leaked by ThEhAcKeR12

@ThEhAcKeR12 hacked Time Wasters Guide Website( and leaked the database in pastebin.  Time waster guide is known for game reviews, strategy guides, long-winded editorials, and the occasional game blog.

The database contains 6500 emails and Encrypted passwords.

Pastebin Leaked:

@CMDL1NE Leaked 4 Website's Database today-Pastebin Leaks

@CMDL1NE hacked four websites today and they dumped the database in Pastebin.

Website Hacked and Pastebin Link:
Blueberri:Mobile Related Website
Pastebin Leak:

Property Related Website:
Paste bin Leak:

Looks Chinese website
pastebin leak:

Web design related site
Pastebin Leak:

Dominican Government hacked and data leaked by @NetBashers

@NetBashers hacked and leaked the data of Dominican Government websites.  At the same time, they deface websites also.  The government sites that have been hacked are National Institute of Physical Education, The Social Security Institute of the Armed Forces Decree No.3013 and The Ministry of Interior and Police is an institution.

Screenshot of Defaced Site:

They release the data in Spanish .

Defaced Sites: