Search This Blog

Showing posts with label User Data Leak. Show all posts

Data of 6 Million Battle for the Galaxy Players Leaked


WizCase security experts recently uncovered an unsecured ElasticSearch server owned by AMT Games, a Chinese mobile and browser game company, that exposed 5.9 million Battle for the Galaxy users' accounts, as well as 2 million transactions and 587,000 feedback messages. 

Despite the fact that AMT Games used the server to store profile information, payment history, and feedback messages for millions of Battle for the Galaxy players, the researchers discovered that data stored in the ElasticSearch server was not encrypted and the server was not secured with a password. 

AMT Games, which has a slew of mobile and social games with tens of millions of downloads, exposed 1.5TB of data through an Elasticsearch server. AMT Games Ltd. is a renowned mobile and browser-based online game company based in China. It creates games for Android, iPhone, Steam, and web browsers. Battle for the Galaxy, Heroes of War: WW2 Idle RPG, Epic War TD2, and Trench Assault are among of the company's most popular games. 

Player IDs, usernames, country, total money spent on the game, and data from Facebook, Apple, or Google accounts if the user linked them to their gaming account are often included in profiles. Account IDs, feedback ratings, and users' email addresses are all included in feedback messages. 

According to WizCase, transaction data includes price, item purchased, time of purchase, payment provider, and occasionally buyer IP addresses. Users who had their data exposed were advised that it could have been snatched up by opportunistic cyber-criminals looking for misconfigured databases. It went on to say that information on how much money people have spent on the site might help fraudsters target the biggest spenders. 

WizCase warned that "it is common for unethical hackers and criminals on the internet to use personal data to create trustworthy phishing emails. The more information they possess, the more believable these emails look." Bad actors could utilize personal information like email addresses and user difficulties with the service to "pose as game support and send users to fraudulent websites where their credit card credentials can be stolen," according to the report. 

The company advised players to enter as little personal information as possible when purchasing or setting up an account, and parents not to lend their credit cards to their children. WizCase stated that it notified AMT Games of the data breach but received no response. Access to the database was later disabled by the company.

45 Lakh Customer Data Compromised as Air India Servers Gets Hacked


A massive cyberattack was perpetrated against the domestic carrier Air India, which compromised passengers' data including passports, contacts, ticket information, and credit card information. 

Air India is India's flag carrier, based in New Delhi. It owns and runs the Airbus and Boeing aircraft fleet serving 102 national and international destinations and is operated by Air India Limited. 

The airline stated that the incident impacted about 4,500,000 data subjects worldwide. The company further added that the violation involved data from somewhere between August 2011 and February 2021. 

“The breach involved personal data registered between 26 August 2011 and 3 February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data,” a message from Air India reads. 

While the airline has admitted that the credit card details have been violated, it has made it clear that its data processors have not held the CVV/CVC numbers - which are the key to carrying out transactions. 

"Our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world," said the statement issued by Air India. 

The state-owned flight operator also mentioned that the first communication concerning the data violation had been obtained from its data processor on 25 February 2021. That being said, on March 25 and May 4, the identification of the data subjects concerned was given. 

"While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and 5.04.2021," the statement said. 

Air India has also mentioned that it follows data protection policies and has started investigating data protection incidents. The airline also secures vulnerable servers, engages external computer protection experts, liaises, and notifies Air India frequent flyer program credit card issuers and reset flyer passwords.

250 Million Americans Sensitive Data Leaked Online by Pompompurin


As of 22nd April 2021, a Pompompurin named hacker group dropped a database of more than 250 (250,806,711) million American citizens and residents which included their personal and sensitive household information. 

The database that was published on a popular hacker forum, included 263 GB of documents, each with 200,000 CSV subfiles. Although the origin of the leak comes from open Apache SOLR on Amazon Web Server, it is not clear who obtained or managed the data. Besides, three separate IP addresses were made accessible for the data which is something the hacker obtained before its owner disabled or reassigned them. 

The stolen information is nothing short of a treasure trove for cybercriminals and state-supported hackers as it contained massive amounts of information such as full names, telephone numbers, mailing addresses, DOB, Status of marriage, home developed year, Zip code, gender, house rental, home address, credit capability, political participation, number of proprietary cars, details on wages and taxes, number of domestic animals, children's numbers in a home. However, the leak didn’t contain any passwords. 

After the database had been leaked online for a whole week, it was then exposed alongside Telegram chat groups on even several Russian-speaking hacker forums. 

The leaked documents are a treasure trove among malicious people looking for US civilians based on the ongoing diplomatic line-up between Russia and the United States over the SolarWinds hack. 

Moreover, this is not the first instance that US people and residents have been unveiled with a collection of confidential household data online. Data of 200 million people from the US was mistakenly disclosed by a marketing agency in June 2017. Further in December 2017, a data analytics company based in California revealed household data, in which 123 million Americans were compromised due to an AWS bucket that was not properly installed. 

The leaked documents now constitute a threat to the confidentiality and physical protection of victims online. Although some may use the data to find people, hackers and scammers may send phishing emails, SMS, and use the data to try SIM swapping or other identity frauds. However, if an unknown party sends users an email emphasizing clicking on a connection or logging in then they must not click on the links sent as Text messaging.

BigBasket: Data Breach Leaks 20 Million User Data


A threat actor dropped about 20 million Big Basket user reports containing personally identifiable details and hashed passwords on a common hacking forum. 

Headquartered in Bangalore, India – Big Basket is an online food supply service. The company mainly provides its customers with food products in convenience shops, home supplies, and food. Big Basket is a famous grocery delivery service platform that enables consumers to purchase and deliver food online. 

Lately, a popular dealer of data breaches named Shiny Hunters, on the morning of 26th April, published a free database on a hacker website claiming that it has already been stolen from Big Basket. Last year during November, when the same dealer, Shiny Hunter attempted to sell the data stolen via private sales on some hacking websites, Big Basket confirmed to Bloomberg News that it had experienced a data breach. 

“There’s been a data breach and we’ve filed a case with the cybercrime police,” Big Basket CEO Hari Menon told Bloomberg News. “The investigators have asked us not to reveal any details as it might hamper the probe.” 

The entire database, which is estimated to be containing over 20 million user records, now has been published for free. It contains e-mail addresses, SHA1 hashed passwords, addresses, phone numbers, and various other details.

The forum members have claimed to have already cracked 2 million passwords by using the SHA1 algorithm. Another Member says 700k of the clients have used their accounts with the password as, 'password.' Shiny Hunters have executed several other data breaches in the past including Tokopedia, Tee Spring, Minted, Chat books, Dave, Promo, Mathway, Wattpad, and more. 

The event happened weeks after the Indian Tata Group decided to purchase Big Basket, at an increase of over $1.8 billion in the value of Indian start-ups. Approval by the Indian Regulator is currently pending in the acquisition plan. 

As Bleeping Computer has also verified that certain documents are correct, like Big Basket's personal information, consumers should be confident in keeping it safe and believing that customer data has been leaked too. It is highly recommended that all Big Basket users update their passwords immediately with the same password on Big Basket and all other pages.

Ubiquiti has been Covering up a Data Breach


Ubiquiti, an organization whose prosumer-grade routers have gotten synonymous with security and manageability is being blamed for concealing a “catastrophic” security breach — and following 24 hours of silence, the organization has now given a statement that doesn't deny any of the whistle-blower’s claims. 

In January, the creator of routers, Internet-connected cameras, and other networked gadgets, revealed what it said was “unauthorized access to certain of our information technology systems hosted by a third-party cloud provider.” The notification said that, while there was no proof the intruders accessed client information, the organization couldn't preclude the likelihood that they got clients' names, email addresses, cryptographically hashed passwords, addresses, and telephone numbers. Ubiquiti suggested clients to change their passwords and enable two-factor authentication.

 Initially, Ubiquiti emailed its clients about a supposedly minor security breach at a “third-party cloud provider” on January 11th but found out that the cybersecurity news site KrebsOnSecurity is reporting that the breach was far more awful than Ubiquiti let on. A whistle-blower from the organization who spoke to Krebs guaranteed that Ubiquiti itself was breached and that the organization's legal team forestalled efforts to precisely report the dangers to customers. 

The breach comes as Ubiquiti is pushing—if not outright requiring—cloud-based accounts for clients to set up and regulate gadgets running newer firmware renditions. An article says that during the underlying setup of an UniFi Dream Machine (a popular router and home gateway appliance), clients will be incited to sign in to their cloud-based account or, on the off chance that they don't have one, to make an account. 

Brian Krebs of KrebsOnSecurity wrote, "In reality, Adam (the fictitious name that Brian Krebs of KrebsOnSecurity gave the whistleblower) said, the attackers had gained administrative access to Ubiquiti’s servers at Amazon’s cloud service, which secures the underlying server hardware and software but requires the cloud tenant (client) to secure access to any data stored there." 

“They were able to get cryptographic secrets for single sign-on cookies and remote access, full source code control contents, and signing keys exfiltration,” Adam said.

Here's How to Safeguard Against Mobikwik Data Breach


Cybersecurity researchers claimed that the KYC data of as many as 11 crores Mobikwik users had been leaked and put up for sale on the dark web. However, the Gurugram-based digital wallet company is denying the data breach by stating that they have not discovered any evidence of a data leak.

Rajshekhar Rajaharia, an independent cyber-security researcher was the first person who disclosed the data leak in February. He had said that bank details, email addresses, and other sensitive details of nearly 11 crore Indians were leaked on the dark web. 

Approximately, 8 terabytes (TB) of personal user information were stolen from Mobikwik’s main server by a hacker named ‘Jordan Daven’ and put on dark web platforms on January 20, Rajaharia stated. As a shred of evidence, Jordan Devan emailed the link of the stolen database to PTI and stated that they do not have any other motive of using the data except to acquire it from the company and delete it from their end and also shared the private details of Mobikwik founder Bipin Preet Singh and CEO Upasana Taku from the stolen database. 

When approached, Mobikwik denied the claims and stated, “the company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications which includes annual security audits and quarterly penetration tests to ensure the security of its platform. As soon this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of breach.” 

Precautionary measures for Mobikwik users 

To check out whether your data is compromised or not, you have to download the Tor browser. It is a free and open-source web that helps you anonymously browse the web. You should also update your Mobikwik account by setting new passwords and setting up two-factor authentication. 

Open this link to access the entire database of the leak that is now online. Search for your data by using your email id or contact number. If nothing pops up, you are safe but if something does pop up then you should immediately contact your bank, and block your cards now.

Japanese Games Publisher Koei Tecmo Suffers Cyber Attack, 65,000 Users Account Compromised

The Japanese games' publisher Koei Tecmo was targeted by hackers who compromised the company's English language website and stole confidential data belonging to over 65,000 users. Following the attack, Koei Tecmo announced that they have temporarily shut down their US and European website as a precautionary measure. 

The hackers targeted the company’s website to obtain confidential information about the user accounts like names, encrypted passwords, and email addresses, however, the hackers were not successful in their attempt to acquire the data related to 'user payment details'.  

The Japanese publisher announced in the press release that “Within the website operated by KTE, the ‘Forum’ page and the registered user information (approximately 65,000 entries) has been determined to the data that may have been breached. The user data that may have been leaked through hacking is perceived to be the (optional) account names and related password (encrypted) and/or registered email address.” 

In the press release, the publisher further stated that users do not need to worry about personal financial information because they do not store this confidential information about the users.  

Referencing the reports of Bleeping Computer, the hacker has leaked critical information about users' accounts for free on a hacker forum like IP addresses, email addresses, and passwords.  

Founded in 2009, following the merger of 'Koie' and 'Teo', Koei Tecmo is a Japanese video game and anime holding organization that is responsible for many popular PC and console games like Hyrule Warriors; Age Of Calamity, Dead or Alive, Nioh 2, Atelier Ryza, to name a few. 

The attackers assert that they have used a spear-phishing campaign to hack the website on December 18th. The operators behind the attack also claimed that they were deliberating to sell a forum database for 0.05 bitcoins or about 1,300 dollars on a hacking marketplace.  

As per the reports by Bleeping Computer, stating their malevolent motives, the hackers told that they have “leaked the data to punish the Koei Tecmo publisher because they were not following the General Data Protection Regulation (GDPR) guidelines and they were refusing to spend the money on encrypting the users' information and were using a fragile salted MD5 hashing algorithm from 1992 and further warned them if they do not use the strong encryption techniques, we will continue to attack them”.