Massive Email Address Exposure: SOCRadar.io Data Scraping Incident

 

A significant security concern has arisen following the exposure of an estimated 332 million email addresses online, allegedly scraped from the security intelligence platform SOCRadar.io. The massive data dump was reportedly posted on a cybercrime forum by a threat actor known as Dominatrix. According to Hackread, the data was initially scraped by another actor, “USDoD,” who has a history of involvement in previous data breaches. The leaked data was extracted from what are described as “stealer logs and combolists,” suggesting that malware infections played a crucial role in the initial data collection. 

This indicates a broader issue involving malware distribution and the exploitation of compromised systems. The data scraping incident reportedly took place in July 2024. Hackread notes that an announcement on the underground hacker forum Breach Forums revealed that a 14GB CSV file containing only email addresses, aggregated from various data breaches, was obtained. The forum user known as USDoD initially attempted to sell the scraped data for $7,000 on July 28, 2024. 

However, Dominatrix, who is alleged to have purchased the data, made it public on August 3, 2024, stating, “Hello BreachForums Community, Today I have uploaded a SocRadar database for you to download, thanks for reading and enjoy! In July 2024, @USDoD scraped socradar.io extracting 332 million emails parsed from stealer logs and combolists. I have purchased the data to share with you all today.” 

Although the incident does not involve passwords, the exposure of email addresses poses several risks. Cybercriminals could use the email list to conduct large-scale phishing campaigns, attempt unauthorized access through brute-force attacks, or perform credential stuffing by comparing the emails with previously leaked data containing passwords. SOCRadar’s Chief Security Officer, Ensar Seker, has disputed the claims that the data was sourced from their platform. According to Seker, there is no evidence proving that the data was collected from SOCRadar. 

Instead, he suggests that the data was likely harvested from Telegram channels and misrepresented as being from SOCRadar. Seker emphasizes that threat actors had impersonated legitimate companies to gather the information. SOCRadar is pursuing legal avenues and cooperating with law enforcement agencies to address the issue. This incident underscores the critical need for strong cybersecurity practices. 

Users are advised to employ unique passwords for different accounts, enable multi-factor authentication (MFA) to add an extra layer of security, and remain vigilant against unsolicited emails, avoiding suspicious links and attachments to mitigate potential threats.