Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Database Compromised. Show all posts

Russian hackers have posted confidential British police data

The hacker group Clop, allegedly linked to Russia, put up for sale data stolen from the British police. This statement was made on Sunday by the Mail on Sunday newspaper.

According to the publication, information stolen by hackers can be bought on the darknet. The Mail on Sunday says that information from the Police national computer system (PNC), where information about 13 million British residents is stored, could have fallen into the hands of hackers.

"We are aware of the incident and we are working with our law enforcement partners to understand and limit the extent of its potential consequences," the Kingdom's National Cyber Security Center said.

The ransomware attack reportedly targeted the British IT company Dacoll, one of whose divisions provides remote access to PNC for 90% of UK police forces.

The company confirms that the incident happened on October 5, but claims that it was related only to the company's internal network and did not affect its clients or their systems. Meanwhile, the Mail on Sunday claims that information from Dacoll's customers was put up for sale after the company refused to pay a ransom to hackers, the amount of which was not disclosed.

British cybersecurity expert Philip Ingram said that the damage caused by such a data leak is immeasurable, as now there are serious questions about the security of solutions used by numerous public and private organizations.

It is worth noting that the Clop group has been actively using the malware family with the same name since the winter of 2019, demanding a ransom for the return of access to blocked data. Some companies specializing in protection against hackers have suggested that some of the members of the group live in Russia.

Hackers put up a database of drivers in Moscow for sale

 The attackers put up for sale a database of drivers in Moscow and the Moscow region on the darknet. The database worth $800 contains 50 million lines with the data of drivers registered in the capital and Moscow region from 2006 to 2019. It was put up for sale on October 19, 2019. Information from 2020 is offered as a bonus for purchase.

The buyer can get the name, date of birth, phone number, VIN code, and car number of the car owner from the database, as well as find out the make of the car, model, and year of registration.

According to the seller, the information was obtained from an insider in the traffic police. Alexei Parfentiev, head of the Serchinform analytics department, also calls the insider's actions the reason for the leak. “It looks more likely also because the requirements of regulators to such structures as the traffic police, in terms of protection from external attacks, are extremely strict,” he said.

However, Andrey Arsentiev, head of analytics and special projects at InfoWatch, noted that the database could have been obtained not through the actions of an insider, but as a result of external influence, for example, through vulnerabilities in system software.

The forum where the database archive was put up for sale specializes in selling databases and organizing information leaks. The main buyers of personal data are businessmen and fraudsters. For example, companies can organize spam mailings or obtain information about competitors, and attackers can use personal data for phishing.

This is not the first time that traffic police databases have been put up for sale. For example, in August 2020, an announcement appeared on one of the hacker forums about the sale of a database with personal data of drivers from Moscow and the region, relevant to December 2019.

“This is not a single leak. This is a systematic (monthly) drain,” said Ashot Oganesyan, founder of DeviceLock.

Hackers stole half a million profiles from a Russian job search site


The hacker forums got a database of users of the portal jobinmoscow.ru. According to the founder and technical director of Device Lock, Ashot Hovhannisyan, the database has logins and passwords for 500,000 users in addition to the publicly available information.

Media noted that some logins and passwords were relevant, if you enter some of them, you could get to the pages of portal users. After the journalist informed the site representative about this, it became impossible to enter the accounts.

However, the company owning the site from which the leak occurred confirmed the information about the data leak.

"A quick analysis of the situation showed that there are no violations of the law on our part. Our experts analyze any possible threats to the technical security of the site and take the necessary steps to prevent unauthorized use of the site," commented on the leak, Forex Consulting CEO Yuri Mozgovenko.

Experts reported that the personal data of customers of the site can be used in the black market of fake employment. Scammers can call applicants and promise a job, but for the final stage of hiring, they will ask to pay a small amount.

In addition, the leak of passwords creates a vulnerability for social networks of users, they can be hacked. Experts also note that the resume contains not only personal information about the applicant but also data about former employers. As a result of such a leak, it becomes possible to replace the resume or vacancies of a particular company to damage its business reputation.

However, experts do not see significant threats in such data leaks.
According to jobinmoscow.ru, more than 566,000 vacancies from 209,000 companies were posted, as well as more than 195,000 resumes.

Unistellar Attackers Delete Over 12,000 Unsecured MongoDB Databases




With around 12,000 unsecured MongoDB databases being deleted in the course of three weeks, attackers have solicited the owners from the databases to contact the said cyber-exotortionists to have the information restored with just a message left behind.

They search for the already exposed database servers utilizing BinaryEdge or Shodan search engines, delete them and demand a ransom for their 'restoration services' and these sorts of attacks focusing on the publicly available MongoDB databases have known to have occurred since atleast the early 2017 [1, 2, 3, 4].

While Mongo Lock attacks likewise target remotely open and unprotected MongoDB databases, the campaign does not appear to demand a particular ransom. Rather, an email contact is given, well on the way to arrange the terms of information recuperation.

Sanyam Jain, an independent security researcher and the person who found the wiped out databases, gave quite a sensible clarification to this, saying that "this person might be charging money in cryptocurrency according to the sensitiveness of the database."

The 12,564 unprotected MongoDB databases wiped out by Unistellar were found by the researchers utilizing BinaryEdge. Seeing that, right now, BinaryEdge indexes somewhat more than 63,000 publicly accessible MongoDB servers as per Jain, it appears as though the Unistellar attackers have dropped by approx 20% of the aggregate.




The cyber-extortionists leave behind notes asking their victims to connect with them if  they need to reestablish their data by sending an email to one of the accompanying two email addresses: unistellar@hotmail.com or unistellar@yandex.com.

Shockingly, there is no real way to follow if their victims have been paying for the databases to be reestablished on the grounds that Unistellar just gives an email to be reached and no cryptocurrency address is given.

These attacks can happen simply because the MongoDB databases are remotely open and access to them isn't appropriately verified. This implies that the database owners can without much of a stretch forestall such attacks by following genuinely basic steps intended to appropriately secure their database instances.

MongoDB gives details on the most proficient method on how to verify a MongoDB database by actualizing legitimate confirmation, access control, and encryption, and furthermore offers a security agenda for executives to pursue.

More to the point, significant measures will undoubtedly be taken which will additionally forestall the attacks by empowering authentication and to not enable the databases to be remotely accessible.

Millions of Peoples’ Data Exposed On The Dark Web Via an Unprotected Database; Hackers At Advantage

Quite recently, a badly secured database fell prey to hijacking by hackers. Millions of users’ data was exposed. It was discovered by “Shodan Search Engine” last month. An infamous hacking group is speculated to be the reason.


A gigantic database containing records of over 275 million Indian citizens was found unprotected and now in the hands of a hacking group.

The database which was exploited comes from a widely used name of “MongoDB”.

The data in it seems to have come from various job portals, in light of the fields that were found out to be of “Resume IDs”, “functional areas” and “industry”.

Along with some not so confidential information some really personal details like name, email ID, gender, date of birth, salary and mobile number were found.
Reportedly, a hacking group which goes by the name of “Unistellar group” happens to be behind the hijacking of this already unprotected database.

Immediately after the unsafe database was discovered the cyber-security expert had informed the Indian Computer Emergency Response Team but in vain.

The database was open and laid bare for anyone to advantage for at least two weeks.

The owner of the database is yet to be known and it seems that it’s owned by an anonymous person or organization.

The details of over 275 million people were out but as it turns out no Indian job portal holds information of members of such a large number. 

Massive HIV Data Leak: Thousands of Detailed Records Compromised.












In a recent major data leak in Singapore, thousands of HIV positive people’s records were compromised.


One of the victims of this leak was informed via a phone call that her record was out in the open along with those of approx. 14,000 others.

This enormous leak came off as really shocking to people as many of them were reluctant to let the fact surface in outer world.

The main target which has emerged in this database leakage incident is the Singaporean media.

The government said that a local doctor who had an American partner, who had access to all the records in question, is the main person who’s at fault.

Reportedly, according to the authorities the leak has been contained but an extreme emotional damage has been caused to the HIV infected.

In Singapore, as mandated by the law, the aforementioned victim’s HIV status was added to the national database.

The HIV registry was set up in 1985 by the ministry of health to keep a check on the infection and potential cases’ status.

The previously mentioned database is the one which got compromised accompanied by the names and addresses of more than 14,000 people.

According to the sources the name of the American partner has been reported to be as, Mikhy Farrera-Brochez. The data and the access to the registry had been wrested from his Singaporean doctor partner.

Mikhy couldn’t work in Singapore because as the Singaporean law states so. But he got convicted of fraud because he used someone else’s blood to pass a mandatory HIV test.

According to Mikhy there is more to the story of the leakage and it’s not just him who’s behind it all. He also said that he had contracted HIV in prison and that he was denied medication.

He also blamed Singapore for using the HIV database for keeping track of gay men in the country because same-sex sex there is illegal.

To this accusation Singaporean authorities have replied negatively and cited that the statement is absolutely untrue.

Singapore’s health minister is working with the authorities of the US regarding the case.
Earlier there was a total ban on people with HIV entering the borders of Singapore, which got lifted in 2015.

But the people who have married Singaporean citizens or have permanent residencies in the country could dodge it.

This leak has come as a shock as well as emotionally degrading. This chaotic circumstance has made the citizens question the way records are kept in security.

One of the senior doctors who have been working on safeguarding the interests of the HIV patients in Singapore said that many implementations exist which restrict the doctors from accessing such records.

This incident has wreaked a lot of emotional havoc to people who are infected and whose names are in those compromised records.

The victims aren’t even sure that whether the leak has actually been contained or not.

This leaked information could ruin a lot of lives and careers for the infected.

The victims are seriously concerned about the diaspora of the detailed information and the compromised records.


Dominos Pizza hacked, details of 650k customers stolen

Hackers who claimed to have compromised the database server of Domino's Pizza have demanded a ransom of €30,000 to prevent the public disclosure of customer's data.

The hacker group going by the name of Rex Mundi said they hacked into the servers of Domino's Pizza France and Belgium.

The hackers have managed to download more than 592,000 customer records from Dominos France and 58,000 records from Belgian website.

They claim the compromised database contained sensitive information such as customer's full names, addresses, phone numbers, delivery instructions, email IDs and passwords.

The group gave a deadline of 8PM CET for Dominos to pay them.

"If they do not do so, we will post the entirety of the data in our possession on the Internet." The group said.

Domino's France posted a series of tweets in which it acknowledged the hack and recommended users to change their passwords.

Security Breach at TradeMotion affects customers of AutoNation

AutoNation, Inc, said to be one of the largest largest automotive retailer in the United States, is notifying its customers that hackers may have gained access to their personal and financial information.

AutoNation said one of their third party vendors 'TradeMotion' has experienced a cyber attack.

Websites of AutoNation including 'parts.autonationfordwhitebearlake.com', 'parts.championtoyotaofaustin.com' and 'www.discounttoyotaparts.com' which is maintained by TradeMotion affected by this breach.

The information accessed by hackers includes customers' names, street addresses, email addresses, telephone numbers and credit card numbers entered between March 5,2014 and May 2, 2014.

TradeMotion has contacted the FBI regarding the icident.

AutoNation advises customers to monitor their financial accounts closely and offers one year free identity theft protection to affected customers.

Doge Vault hacked, 121 Million Dogecoin appears to be stolen


A Popular Dogecoin online wallet service DogeVault has reportedly been infiltrated by cyber criminals, millions of Dogecoins missing from user's wallet.

A note on the front page of the website(www.dogevault.com) says DogeVault service compromised by attackers on May 11, resulting in a service disruption and tampering with wallet funds.

The website has not provide much information about how much they lost in the heist.  However,  Some users at reddit reported that coins have been transferred to a newly created mega wallet.

According to Dogechain records, this wallet (DHKM6NDUUv9kaHAGi1QU7MRBNKfQiAdP3F) has more than 121 million Dogecoins that is about $56,000 dollars.

"We are currently in the process of identifying the extent of the attack and potential impact on user's funds" The statement on the website reads.

DogeVault suggests users not to transfer any funds to Doge Vault addresses until they finish the investigation.

Third-party database compromise leads to Yahoo mail account hack

Yahoo has acknowledged a number of yahoo mail accounts have been accessed by hackers.  Yahoo says the unauthorized access came after hackers compromise a third-party database.

Yahoo didn't specify the name of the third-party and didn't disclose number of affected users.  After learned about the unauthorized access, Yahoo is sending password reset mail to all impacted accounts.

The company also said in its official statement that they have found no evidence that the credentials were compromised directly from its server.  Their investigation revealed a malicious software is using the login credentials to access Yahoo mail accounts.

The company said that it is now working with federal law enforcement to find the cause of the unauthorized access.  Additional measures also implemented to secure its server.

Yahoo says if your account is affected by this breach, you will get a notification through your yahoo email or SMS if a phone number is linked to your account.

Staysure's system hacked and financial data of 90k+ customers stolen


Staysure, UK based Travel Insurance company, has notified more than 93,000 customers that their sensitive financial data may he been compromised by hackers.

The company systems suffered a cyber attack during the second half of the October 2013. However, they came to know about the breach only in the mid of November.

The company said that they immediately hired a cyber forensic investigator to fully ascertain the extent of the problem.

Hackers accessed sensitive information includes names, addresses, encrypted payment card details of customers and CVV details.

The company said that only people who bought the insurance policies before May 2012 are at risk - The company has stopped storing sensitive data after this date.

Affected customers are being offered a free access to Data Patrol, a 24/7 online identity fraud monitoring service provided by Experian.

MacRumors Forums hacked, 860,000+ users data compromised


MacRumors forums have been breached by hackers who managed to obtain the information belonging to 860106 users that includes hashed passwords.

"In situations like this, it's best to assume that your MacRumors Forum username, email address and (hashed) password is now known." Editorial Director Arnold Kim wrote.

The hacker who behind the attack also made a post in MacRumors forum regarding the breach saying "We're not 'mass cracking' the hashes. It doesn't take long whatsoever to run a hash through hashcat with a few dictionaries and salts, and get results."

Hackers also claimed that they are not going to use the compromised credentials to log into gmail, apple accounts or any other accounts unless they target users specifically for some reason.

"Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place." the hacker added.

It appears hackers have gained access to the database by logging into the forum with the stolen credentials of a single moderator.

South Africa's National Department of Health website hacked

database dumped

A Tunisian greyhat hacker named as "Human Mind Cracker" has claimed to have breached the South Africa's National Department of Health website(doh.gov.za) and compromised the database.

In an email sent to EHN, hacker provided the vulnerable link as well as link to Database dump.  Hacker requested me not to post the vulnerable link.

" The only reason about this hack that i love challenge and I readed a lot about the Moroccan hacker that break into some south Africa website so I just wanted to pentest their security" The hacker told EHN.

The dumped database contains database details, username and hashed passwords.

http://pastebin.com/niCEMbRs

Linux Application WineHQ database Hacked

WineHQ database system is compromised. WinHQ is Linux Application that helps to run the .exe file inside the Linux. The hacker might get the access by compromising an admins credentials, or by
exploiting an unpatched vulnerability in phpmyadmin.

They had reluctantly provided access to phpmyadmin to the appdb developers (it is a very handy tool, and something they very much wanted). But it is a prime target for hackers, and apparently our best efforts at obscuring it and patching it were not sufficient.

Now they removed all access to the PhpMyAdmin from outside.

Still now, there is no harm to Database.Unfortunately, the attackers were able to download the full login database for both the appdb and bugzilla. This means that they have all
of those emails, as well as the passwords. The passwords are stored
as Encrypted(Hash), but with enough effort and depending on the quality of the
password, they can be cracked .

He afraid about the users information. The attacker can use those information and get access to the Users Account. So he planned to reset the password and send to the email user.

Security Tips from BreakTheSec:
  •  Don't Use the same password everywhere.(especially use different and secure password for gmail account and other important accounts)
  • @WineHQ's users: If you use the same password anywhere else, Change it immediately.