Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Database Dumped. Show all posts

The source code of the Public Services Portal of the Russian Federation was made publicly available

On December 25, a publication appeared on the Cybersec hacker website, in which the author posted the source code of Public Services Portal in open access. According to him, the data was downloaded from resources from mos.ru subdomains.

The author of Cybersec discovered an open repository containing the source code of Public Services Portal in the format.git and unencrypted. In addition to the source code, the leak contains ESIA certificates that can be used to hack accounts.

After studying the code, it turned out that the Public Services Portal was created on the Bitrix engine, and the ESIA authorization system was based on OpenID. The author noted that his study will help to find other vulnerabilities of the system and close them or wrap them in his side and steal user data.

Also in the article, the author said that before publication he turned to the administration of Public Services Portal to tell about the data leak. However, they only asked him for a detailed description of the leak and its confirmation, and after that they stopped responding at all.

The head of the analytical center specializing in information security, Zecurion, Vladimir Ulyanov, said that most likely the fault is the usual human factor. In such cases, it is always either someone simply made a mistake due to lack of competence or carelessness and allowed the code to be disclosed, or it is a deliberate leak of information from those who have access to the source code.

Ashot Oganesyan, the founder of the DLBI data leak intelligence and monitoring service, said that user data did not get into the Network. However, it cannot be ruled out that the compromised code will allow attackers to gain access to them in the future.

 

The number of Russian bank card sales on the darknet will decline, says Group-IB

Group-IB found out that carding is losing its appeal to cybercriminals. At the same time, sales of magnetic stripe content of bank cards and text data of bank cards decreased in Russia and the CIS, while the market for such data grew worldwide.

According to Hi-Tech Crime Trends Group-IB, the volume of the shadow carding market in Russia and the CIS has decreased by 77%. The number of bank card data posted for sale on the darknet and attributed to banks in Russia and the CIS decreased by 60%.

The market for text data of bank cards (number, expiration date, holder name, address, CVV) decreased by 44%.

A similar trend is typical for the global carding market: its volume decreased by 26%. Group-IB attributed this trend to a decrease in dump sales due to the closure of the largest cardshop Joker's Stash.

At the same time, in the global market, the amount of text data of bank cards in the shadow market increased by 36%.

Group-IB believes that the increase in the number of sold text data is associated with the increase in phishing during the pandemic. The company expects that the number of sales of bank cards will continue to gradually decline.

According to his experts, the activity of skimmers and online stores on the proliferation of these cards in Russia is declining. This is due to the development of banks, for example, introducing systems such as 3-D Secure. Moreover, such protection systems are not widespread in the world. This explains that the market for text data of bank cards has grown worldwide, while in Russia it has decreased.

Experts add that the share of Russian-language messages is growing on shadow forums: in order to minimize personal risks, hackers are trying to steal payment data from customers in other countries, which negatively affects global statistics.

Footage from thousands of hacked CCTV cameras sold online in Russia

Thousands of private CCTV cameras have been hacked in Russia, said Igor Bederov, head of the Information and Analytical Research department at T.Hunter. According to him, many of these devices are located in hotels, massage rooms, salons where intimate haircuts and depilation are done.

This is evidenced by the fact that there are many Telegram channels, VK publics and forums on the Web, where they sell access to hacked cameras or videos from them.

One of these channels published an advertisement for the sale of access to video from more than 300 cameras from other people's bedrooms, washrooms, medical offices, salons, changing rooms. Price — 600 rubles ($8). Thousands of screenshots from such cameras have been published as advertisements on the channel: one shows a naked woman on a massage table, the other shows a man doing intimate depilation.

“Owners of hotels, beauty salons and other types of businesses put cameras in their premises for security purposes. Often such cameras are located directly in the rooms or offices where intimate services are carried out. At the same time, they are not always properly protected,” Igor Bederov explained the reason for such leaks.

According to open sources, vulnerable cameras are located all over the world. Accesses are often sold by subscription. But this is not the only way to monetize hacked devices. For example, recently the media wrote about the sale of an archive of video from surveillance cameras in Russian hotels and saunas for 15 TB.

Experts said that in some cases such frames are used to blackmail the heroes of the video or the owners of the cameras. Various services are often used to identify people from photos. If people are not identified, hackers can always find the organization where these cameras are installed by metadata.

Oleg Bakhtadze-Karnaukhov, an independent researcher on the darknet, claims that most often attackers hack cameras with network port 37777.

It is very easy to protect the device at the same time — just change the factory settings. However, according to expert, this basic rule is often ignored.


Data of more than 45 million users of VPN services appeared on the web

Data from 45.5 million users of FreeVPN[.]org and DashVPN[.]io services appeared on the shadow forums. The data was left on an unsecured MongoDB database management system server. Both services belong to the international company ActMobile Networks with headquarters in the USA, only 795.7 thousand records belong to Russia. According to the company's website, more than 75 million people worldwide have used their VPN services.

The database contains user email addresses, encrypted passwords, registration dates, profile updates and last login. The authors of the channel specify that the database stores data from 2017 to 2021.

Information leaks through such services are happening more and more often, previously mobile application data with free VPN GeckoVPN, SuperVPN and ChatVPN appeared on the network, a total of 21 million people were affected.

Before that, in July 2020, the data of more than 20 million users of similar applications UFO VPN, Secure VPN and others were leaked. Experts immediately drew attention to the fact that free mobile VPN services are unsafe, and fraudsters who bought the database can use the data for phishing and hacker attacks.

Experts believe that if a person uses a free service, he should understand that, most likely, he is the product himself. Such companies collect and repeatedly resell information about which sites the user visits, what he is interested in, what purchases he makes. Alexander Dvinskikh, an information security expert at the Krok IT company, is sure that in addition, VPN applications retain information about e-mail and IP addresses of users, which allow identifying directly the owner of this data.

He added that the publicly available information from VPN services can help the special services in investigating cyber incidents in which those who use these services in illegal actions on the Internet were noticed.

Experts reported a possible data leak from the Mosgortrans website

According to their data, more than 1,000 phone numbers with names and more than 30,000 email addresses could have been leaked into the network.

Files containing names, email addresses, phone numbers, as well as usernames and passwords of the Mosgortrans (a state-owned company operating bus and electrical bus networks in Moscow and Moscow region) website users were publicly available. In total, the hacker posted about 1.1 thousand phone numbers and 31 thousand email addresses on the Internet.

The fact that the data appeared on the Network was reported by the Telegram channel “Information Leaks” on Thursday, October 14.

A representative of Kaspersky Lab confirmed that the company's employees found a message on one of the forums about a data leak, which presumably relates to the Mosgortrans website.

“According to a post on the forum, among the leaked data there are a number of configuration files: group, hosts, motd, my.cnf, networks, passwd, protocols, services, sshd_config, as well as files containing presumably user data: mails.txt , mostrans_admins.txt , Names.txt , phones.txt ", reported in the company.

Alexander Dvoryansky, Communications Director of Infosecurity, said that the company has not yet been able to confirm the authenticity of the database. But if the database is still real, the attackers can use the received data for phishing and targeted advertising.

It is noted that there is no possibility to create a personal account on the Mosgortrans website, where users could specify personal data, but there is a feedback form.

The company itself denies the fact of data leakage. “The published documents contain the standard contact information of employees, which is available in any bus depot, branch and office. In fact, this is a phone book, and most of the information is outdated. There was no hacking of the website and the internal database, this was already checked by our IT -specialists“, said the representative of the company.

Data from thousands of Russian companies have been made publicly available on the web

The data of several hundred Russian companies that used the free online project manager Trello has been made publicly available. Among the hundreds of thousands of leaked boards are those containing confidential information.

Data from boards of free online project manager Trello, which were maintained by Russian companies, was made publicly available. Leaked data of several hundred large companies and thousands of small and medium-sized businesses were found by analysts of Infosecurity a Softline company.

The company specified that in Russia, Trello boards are mainly used by small and medium-sized businesses, and there are representatives of large organizations, including banks.

Kirill Solodovnikov, CEO of Infosecurity, called the entry of corporate data in the network "an illustration of a leak, which occurred not due to hacker attacks, but as a result of inattention or negligence of company employees". 

According to Infosecurity, organizations post lists of employees and customers, contracts, passport scans, documentation related to participation in tenders and product development, as well as credentials of corporate accounts and passwords to various services. 

"Usually it is not difficult to determine from which organization the information leaked. Its name often appears either in the name of the board or in the description of tasks," added the experts.

Analysts Infosecurity found that nearly a million public boards of service Trello are currently indexed by search engines, and thousands of them contain confidential information. So, now, according to thematic queries in search engines, there are more than 9000 boards with mentions of logins and passwords.

Trello belongs to the Australian software developer Atlassian, other similar free services include Evernote, Wunderlist, XMind, Notion. Data from Trello boards were already in the public domain, but this was the first time such a large-scale leak occurred.

Sergei Novikov, deputy head of the Kaspersky Lab's Threat Research and Analysis Center, noted that the service is used by cyber groups to coordinate their activities. Infosecurity told about detecting a board in Trello, which belonged to a group of fraudsters who specialize in deceiving credulous foreigners under the "Russian brides" scenario when the hunt is conducted for those willing to meet young girls from Russia.

"Hackers could use data from the boards, for example, to attack companies' clients or hack corporate Instagram accounts, as in the fall of 2020," added Infosecurity.

Experts warned that data leaks could also lead to fines for violations of the law on personal data, for example, it contradicts the storage of scans of clients' passports in public storage located abroad.

Personal data of one million Moscow car owners were put up for sale on the Internet


On July 24, an archive with a database of motorists was put up for sale on one of the forums specializing in selling databases and organizing information leaks. It contains Excel files of about 1 million lines with personal data of drivers in Moscow and the Moscow region, relevant at the end of 2019. The starting price is $1.5 thousand. The seller also attached a screenshot of the table. So, the file contains the following lines: date of registration of the car, state registration plate, brand, model, year of manufacture, last name, first name and patronymic of the owner, his phone number and date of birth, registration region, VIN-code, series and number of the registration certificate and passport numbers of the vehicle.

This is not the first time a car owner database has been leaked.  In the Darknet, you can find similar databases with information for 2017 and 2018 on specialized forums and online exchanges.
DeviceLock founder Ashot Hovhannisyan suggests that this time the base is being sold by an insider in a major insurance company or union.

According to Pavel Myasoedov, partner and Director of the Intellectual Reserve company, one line in a similar archive is sold at a price of 6-300 rubles ($4), depending on the amount of data contained.
The entire leak can cost about 1 bitcoin ($11.1 thousand).Information security experts believe that the base could be of interest to car theft and social engineering scammers.

According to Alexey Kubarev, DLP Solar Dozor development Manager, knowing the VIN number allows hackers to get information about the alarm system installed on the car, and the owner's data helps to determine the parking place: "There may be various types of fraud involving the accident, the payment of fines, with the registration of fake license plates on the vehicle, fake rights to cars, and so on."

Against the background of frequent scandals with large-scale leaks of citizens data, the State Duma of the Russian Federation has already thought about tightening responsibility for the dissemination of such information. "Leaks from the Ministry of Internal Affairs occur regularly. This indicates, on the one hand, a low degree of information security, and on the other — a high level of corruption,” said Alexander Khinshtein, chairman of the State Duma Committee on Information Policy.

Hackers sell data of 80 thousand cards of customers of the Bank of Kazakhstan


An announcement about the sale of an archive of stolen data from 80,000 Halyk Bank credit cards appeared on the Darknet's site Migalki.pw.

It should be noted that Halyk Bank of Kazakhstan is the first Bank in the country in terms of the number of clients and accumulated assets. This is not the first time for a Bank when data has been compromised.

The fact that the archive consists only of Halyk Bank cards suggests that the cards were stolen inside the structure.

Typically, identifiers of stolen cards are obtained using MitM attacks (Man in the middle). While the victim believes that he is working directly, for example, with the website of his Bank, the traffic passes through the smart host of the attacker, which thus receives all the data sent by the user (username, password, PIN, etc.).

It is possible that the archive is not real. This may be a bait for potential carders created by the Bank, the so-called honey pot. This trap for hackers creates an alleged vulnerability in the server which can attract the attention of attackers and inspire them to attack. And the honeypot will see how they work, write down the information and pass it to the cybersecurity department.

Although, such actions are risky for the image of a financial institution, as any Bank tries to avoid such negative publicity.

It is important to note that all data leaks from the Bank is the personal fault of the owners, managers of the Bank. In Russia and in Kazakhstan, in case of data leakage, the bank at best publishes a press release stating that "the situation is under control". However, banks in the US and Europe in the same situation receive a huge fine.

Sri Lanka Rupavahini TV and One SriLanka sites hacked by Davy jones


One of the Famous Sri Lankan TV Channel Rupavahini's official website (rupavahini.lk) has been hacked by a hacker named as Davy Jones.

In a pastebin post(pastebin.com/4j5bP9Qn), the hacker claimed that he hacked Rupavahini tv channel database server and leaked the database.

The paste contains database details and few credentials stolen from the target server which includes administrator username, email id, and password hash with salt.

The hacker uploaded the dump of the database in mediafire and posted in the same paste. The dump contains the .CSV files that contain the same data posted in the pastebin.


The hacker also claimed to have hacked the website belong to "One SriLanka"(onesrilanka.tv). The hacker as extracted all data with 1000 email ids and passwords and posted in a Paste(pastebin.com/ynLPDxbP)

According to Intruder statement(, most of the passwords match to email login also. So malicious hacker can use those email addresses for sending mails to anyone.

The paste contains a mediafire download link that contains the dump compromised from the One SriLanka tv website.  One of the .CSV files has the name, email address, username and hashed passwords.

Few days back, he also hacked into Sri Lanka Bureau of Foreign Employment website(slbfe.lk) and leaked the database(pastebin.com/V9ddGkrD). The leak contains few login credentials including the admin id and password.

DarkWebGoons leaks 20k Credentials from Association of Irish Festival Events


20,000 Credentials has been compromised from the Association of Irish Festival Events website (aoifeonline.com) by a new hacker with twitter handle @DarkWebGoons.

The Association of Irish Festival Events(AOIFE) is an all-island voluntary network organisation that brings together organisers of festivals and events in Ireland, suppliers to the festival and event sector and policy-makers and funders

The hacker announced the breach in Twitter and posted a link to the leak of the compromised database. Hacker did not mention the reason for the attack 

http://www.darkwebgoons.net/data/associationirish.txt

The dump contains password hash, Corporate Company, Email & Password , mobile number, name and other details.

South Africa's National Department of Health website hacked

database dumped

A Tunisian greyhat hacker named as "Human Mind Cracker" has claimed to have breached the South Africa's National Department of Health website(doh.gov.za) and compromised the database.

In an email sent to EHN, hacker provided the vulnerable link as well as link to Database dump.  Hacker requested me not to post the vulnerable link.

" The only reason about this hack that i love challenge and I readed a lot about the Moroccan hacker that break into some south Africa website so I just wanted to pentest their security" The hacker told EHN.

The dumped database contains database details, username and hashed passwords.

http://pastebin.com/niCEMbRs

DreamHost server breached by Security Warriors Team Swt and database leaked


A hackers collective called as Security Warriors Team Swt has breached the server belong to one of the popular hosting website DreamHost which has alexa rank 3k.

In a pastebin post titled ' dreamhost.com myself into the air' , hackers published the compromised data.

The dump contains list of all subdomains, basic server information, all shell accounts with usernames and passwords as well as list of all client FTP servers.

http://pastebin.com/19X41WgL

Ealier this year, Dreamhost notified users about a security breach and recommends users to change the FTP/shell passwords. Now once again they got hacked.  At the time of writing, there is no official statement about the latest breach.

hi5ads.com Hacked and Database Exposed by 3xp1r3 cyber army

hi5ads.com is hacked by a Hackers team named as "3xp1r3 cyber army".  They exposed the database in pastebin. About 8000 users data is leaked.  The leak contains the password and email of users.

If you are one of the user  and used same password for gmail, immediately change your password now .

Majority of password is 123456, those users may not know about the cyber security.  If you also using simple password like 123456,iloveyou,ilovemom, then you should Check our Security Blog to know about the Interenet Risks and Cyber Security.  



10,000 Facebook account hacked by TeamSwaSTika


Recently Formed Hacking Crew From Nepal called "TeamSwaStika" hacked more than 10 thousand facebook account hacked .
They claim as as most powerful hacking team from Nepal. They also said that next target will be Nepal Government website .

Hackers Message:
"Fight For Justice | Justice To Freedom
Never Give up | Never Back down"

The hacked facebook accounts dumped in pastebin:

http://pastebin.com/KYsd0j5B (part1)
http://pastebin.com/nN5uDrQS (part2)

Now it is unavailable,pastebin removed the link for security reason.

100+ websites Hacked and Database Dumped by Stohanko


A Hacker Known as Stohanko hacked 100+ websites and leaked the database in pastebin. The Hacked websites are from different country. The leak contains username ,password and personal informations.

Leak 1:
http://pastebin.com/1dZX7rHt
Hacked Sites:
http://www.ferobrake.co.za/
http://www.gjtmap.gov.pk/
http://www.glassdome.com/
http://www.importexportplatform.com/
http://www.indi.ie/

Leak 2:
http://pastebin.com/n5G11m8r
Hacked Sites:

http://www.konka.co.nz/
http://www.mdvo.nl/
http://www.newmentech.com/
http://www.onionring.co.uk/
http://www.onradio.gr/
http://www.progressalliance.com/
http://recifebar.com.br/
http://www.skoh.nl/
http://www.ridgewoodnj.net/
http://renaissance2.eu/

Leak 3: 
http://pastebin.com/L411ckM9

Hacked Sites:
http://www.snareone.com/

http://www.terranova.pt/

http://www.t-pistonz.tv/

http://www.valtos.nl/

Leak 4 : 
http://pastebin.com/Y1qA0fpF

Hacked Sites:
http://www.versiertips.nl/
http://www.voetbalpaspoort.nl/

http://www.vrouwenpensioen.nl/

http://zebaishjewellers.com/

http://www.antoniandalison.co.uk/

http://www.baacouncil.org/

Leak 5:
http://pastebin.com/J13fSA73
Hacked Sites:
http://www.bruddennautica.com.br/

http://www.5elementshostel.de/

http://www.tbiz.co.za/

http://seasons.tourplan.in/

http://www.sbs.ac.in/

http://www.no-smoke.org/

http://www.mentortechnology.co.uk/

http://www.ias100.in/

http://www.find2trade.com/

http://www.eunicemalathtv.com/

Leak 6:
http://pastebin.com/ZP7y7hBT
Hacked Sites:

http://www.educationcity.com.au/

http://www.altermed.org

Leak 7:
http://pastebin.com/c6tbiVAd
Hacked Sites:
www.drenabidjan1.net/
www.notrevoie.com/
news.abidjan.net/

http://www.pacsafe.com/

http://www.tours.fr/

http://www.bordeaux.fr/

www.aitek.pro/
www.leptitzappeur.com/
www.golfhotel-ci.com/
http://www.palaisdelaculture.ci/
http://www.abidjan.net/
http://www.stragulp.com/

Leak 8:
http://pastebin.com/jHcfnEmw
Hacked Sites:
http://www.versiertips.nl/

http://www.clarksdale-ms.com/

http://www.21stcenturytiger.org/

Leak 9:
  http://pastebin.com/uZxy4faA
Hacked Sites:
http://3b.nweurope.eu/ 

Leak 10:
http://pastebin.com/93vhK54b
Hacked Sites:
http://www.sdvisualarts.net/

http://www.washington-heights.us/
http://www.sdvisualarts.net/ 

Leak 11:
 http://pastebin.com/hKVhxnxn
Hacked Sites:
http://www.findcontactlenses.com/

http://www.lcoastpress.com/

http://www.sne.org/

http://www.siamfittings.th.com/

http://renaissance2.eu/

Leak 12:
http://pastebin.com/2yLiU8iW
Hacked Sites:
http://www.mappn.com/

Leak 13:
  http://pastebin.com/NB6JdxF8
Hacked Sites:
http://www.mappn.com/

http://www.affordablecomfort.org/

Leak 14:
http://pastebin.com/va6nQhE0
Hacked Sites:
http://www.beautycall.co.uk/

http://www.becomehealthynow.com/

http://www.cfkeep.org/

http://www.corsamotorcycletire.com/

http://tui.cn/

http://www.notebookfocus.com/

http://www.marmoon.com

http://www.mmbuildings.com

http://www.mortemzine.net


Leak 15:
  http://pastebin.com/hxR1jaYH
Hacked Sites:
http://www.goldsgym.co.id/

http://www.t-pistonz.tv/

http://art.colorado.edu/

http://www.cathyscraving.net/

http://www.cheap-web-hosting-info.com/

http://www.delmaralumni.com/

http://www.global-money.com/

http://www.greenwichauctions.co.uk/

http://www.imaginezmaintenant.com/

http://www.inmobia.com/
http://www.lcoastpress.com/
http://www.leavenworth.org/
http://www.nissi-beach.com/
http://oceansummerschools.org/

http://www.saratogaedc.com/

http://www.sequentialtart.com/

http://www.theatrotechnis.com/

http://www.ritainternational.com/

http://www.renrox.com/

http://www.oneglobesystems.com

http://www.konka.co.nz/

http://www.karroxdeccan.com/

http://www.jigsawesl.co.uk/

Leak 16:
 http://pastebin.com/ZaC65e8i
Hacked Sites:
http://www.gvkbio.com/

http://www.campus100.in/



3 Indonesia Government Sites hacked and DB leaked by Cyb3rSec Crew

Cyb3rSec Crew hacked 3 Indonesia Government Websites and Leaked the Database(DB) information in pastebin. The leak contains the admin id and password.


Hacked website and Database Leak:

http://agroindustri.menlh.go.id/
http://pastebin.com/YqaSx1Uh

http://landspatial.bappenas.go.id/
http://pastebin.com/fyv1A0in

http://ktm.depnakertrans.go.id/
http://pastebin.com/wHymUfPx

The Supreme Court of Justice (TSJ) website is hacked and database leaked by @SwichSmoke

www.tsj.gov.ve website is hacked and database is leaked in pastebin by SwichSmoke


This is what hacker Said(translated to english from spanish):
The Supreme Court of Justice (TSJ) is the highest of Venezuela's judicial system. As such, the Supreme Court is the head of the Judiciary of the Bolivarian Republic of Venezuela, replacing in 1999 the Supreme Court.

He is responsible for defending the order established by the Constitution of Venezuela, to balance the various powers and governing bodies, and resolve, so definitive judicial matters of great social relevance, through rulings that dictates. Therefore, and since the principal and highest court of a constitutional nature, there is no body or authority that falls on it or judicial remedy can be brought against its decisions.

Its current President is Judge Luisa Estella Morales, who also chairs the Constitutional Chamber of the same organ.

Pastebin Leak: http://pastebin.com/epYG6PEQ

Biggest ISP in Kuwait Qualitynet Side-Server Database Leaked


Qualitynet is the biggest internet service provider in Kuwait. It owns a very big network connected to other countries in Middle East. Qualitynet shocked us all in InfoConnect exhibition when it increased the pricing of their services by 70% and it shocked us again by applying the unfair downstream cap policy. Qualitynet is one of the major factors in setting the decision of cap policy which angered people of Kuwait toward these unlawful unacceptable decisions

Penetration of one of Qualitynet servers working for Ministry of Education having a database containing high school graduating students information. The server is moe.qualitynet.net.

 AnonKuwait have hacked the whole server and extracted an SQL dump.

The leaked the whole database in .sql format:
http://fileape.com/dl/77jsI6mp15SPPvY4



3 Websites Hacked and leaked the database info by @CMDL1NE

@CMDL1NE hacked three website and leaked the admin info in pastebin.

site:  Bellissimainternational.com
Pastebin Link:  http://pastebin.com/8gWbBBAX

Site: Alanrogers.com
Pastebin Link: http://pastebin.com/kNtp5Fdk

Site: Klasifikasiindonesia.com
Pastebin Link: http://pastebin.com/Fka0Bwd9

Muluthange is defaced and database leaked by Th3Jasper

Th3Jasper defaced www.muluthange.lk and leaked the database in mediafire. He tweeted the link to mediafire in twitter(http://twitter.com/#!/th3Jasper).



Muluthange Online, a Srilankan site for quick and easy sharing of recipes, tips and hints on creating the perfect dish. Sign up for free to save your favorite recipes, enter competition, receive our monthly e-newsletter and join in our forums.

Defacement Screenshot:

Th3jasper Previous hacks