Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Database Leaked. Show all posts

Data of more than 45 million users of VPN services appeared on the web

Data from 45.5 million users of FreeVPN[.]org and DashVPN[.]io services appeared on the shadow forums. The data was left on an unsecured MongoDB database management system server. Both services belong to the international company ActMobile Networks with headquarters in the USA, only 795.7 thousand records belong to Russia. According to the company's website, more than 75 million people worldwide have used their VPN services.

The database contains user email addresses, encrypted passwords, registration dates, profile updates and last login. The authors of the channel specify that the database stores data from 2017 to 2021.

Information leaks through such services are happening more and more often, previously mobile application data with free VPN GeckoVPN, SuperVPN and ChatVPN appeared on the network, a total of 21 million people were affected.

Before that, in July 2020, the data of more than 20 million users of similar applications UFO VPN, Secure VPN and others were leaked. Experts immediately drew attention to the fact that free mobile VPN services are unsafe, and fraudsters who bought the database can use the data for phishing and hacker attacks.

Experts believe that if a person uses a free service, he should understand that, most likely, he is the product himself. Such companies collect and repeatedly resell information about which sites the user visits, what he is interested in, what purchases he makes. Alexander Dvinskikh, an information security expert at the Krok IT company, is sure that in addition, VPN applications retain information about e-mail and IP addresses of users, which allow identifying directly the owner of this data.

He added that the publicly available information from VPN services can help the special services in investigating cyber incidents in which those who use these services in illegal actions on the Internet were noticed.

Hackers put up a database of drivers in Moscow for sale

 The attackers put up for sale a database of drivers in Moscow and the Moscow region on the darknet. The database worth $800 contains 50 million lines with the data of drivers registered in the capital and Moscow region from 2006 to 2019. It was put up for sale on October 19, 2019. Information from 2020 is offered as a bonus for purchase.

The buyer can get the name, date of birth, phone number, VIN code, and car number of the car owner from the database, as well as find out the make of the car, model, and year of registration.

According to the seller, the information was obtained from an insider in the traffic police. Alexei Parfentiev, head of the Serchinform analytics department, also calls the insider's actions the reason for the leak. “It looks more likely also because the requirements of regulators to such structures as the traffic police, in terms of protection from external attacks, are extremely strict,” he said.

However, Andrey Arsentiev, head of analytics and special projects at InfoWatch, noted that the database could have been obtained not through the actions of an insider, but as a result of external influence, for example, through vulnerabilities in system software.

The forum where the database archive was put up for sale specializes in selling databases and organizing information leaks. The main buyers of personal data are businessmen and fraudsters. For example, companies can organize spam mailings or obtain information about competitors, and attackers can use personal data for phishing.

This is not the first time that traffic police databases have been put up for sale. For example, in August 2020, an announcement appeared on one of the hacker forums about the sale of a database with personal data of drivers from Moscow and the region, relevant to December 2019.

“This is not a single leak. This is a systematic (monthly) drain,” said Ashot Oganesyan, founder of DeviceLock.

Hackers put up for sale the passports of more than 1.3 million Russians

The hackers posted an 809 GB archive with more than 1.3 million scans of passports of Russian citizens, which were stolen as a result of hacking the servers of the cosmetics company Oriflame, on the Cybercriminal Forum RaidForums.

The company's website reports that on July 31 and August 1, it was subjected to a series of cyberattacks, which led to unauthorized access to the company's information systems. At the same time, Oriflame assured that bank account numbers, phone numbers, passwords and commercial transactions of users were not affected by the attack.

The company admits that not only customers from Russia, but also from other CIS countries and Asia were affected. Oriflame has strengthened its cybersecurity measures and is investigating the incident with the participation of law enforcement agencies.

"Probably, the company refused to buy the data from the attackers, so now they are being put into public access," adds Ashot Oganesyan, the founder of the DLBI data leak intelligence service.

It is noted that earlier the seller posted on the Cybercriminal Forum scans of documents of Oriflame clients in Georgia and Kazakhstan and claimed that he has data of the participants of the system from 14 countries in his hands.

Experts speculate that the hackers got it as a result of an attack using vulnerabilities on a corporate site. The leak could have come from a backup copy of the file storage.

A database of 1.3 million copies of passport scans on the black market would cost hundreds of thousands of dollars. Fake documents can be used to take out a microloan, register domains in the .ru zone, SIM cards or wallets of payment systems.

Oriflame leak is not the first among the companies developing network marketing. In 2020, the data of 19 million customers and employees of Avon, including names, phone numbers, dates of birth, e-mail and addresses, became publicly available.

The average price of access to a hacked company in the darknet reached $5,400

Specialists of the Israeli company Kela analyzed more than 1 thousand ads for the sale of initial access to the internal computer networks of hacked organizations published on the darknet from July 2020 to June 2021. The average lot price is about $5.4 thousand.

Kela noted that pricing depends on the revenue of the hacked company: this indicator also determines the nominal value of the ransom that hackers can request. Therefore, access to small firms costs $100-200, and the most expensive lots are thousands of times more.

The highest price tag that the experts met was equal to 12 bitcoins (about $540 thousand at the exchange rate on August 18). That's how much the brokers asked for access to an unnamed Australian company with an annual income of $500 million. The second most expensive access cost 5 bitcoins (about $225 thousand). For this amount, an account was sold in the ConnectWise Control remote desktop access system from the network of one of the American IT companies. Another lot from the top three most expensive accesses was a lot for $100,000, which promised access to the network of some Mexican government agency.

Kela's specialists have compiled a rating of countries, access to companies from which are most often sold on the darknet. The United States led the top by a large margin: 27.9% of ads concern American organizations. France is on the second line with an indicator of 6.1%. Next are the United Kingdom and Australia with shares of 4% each. Canada closed the top five with a result of 3.8%. Then there are Italy (3.5%), Brazil (3.2%), Spain and Germany (2.3% each), the United Arab Emirates (2%).

The researchers noted that Russia and the CIS countries could not enter the top 10, since working with local companies on Russian-language hacker forums is not customary.


Hacker gained access into a major CIS drug marketplace

Part of the database of the forum and its owners is available free of charge, the hackers offered to purchase the rest for 1 bitcoin. Experts hope that the action will allow a series of arrests and deal a major blow to the drug trade.

According to the leaked data, the owner and developer of the forum is a citizen of Latvia Artem Shvedov, one of the former developers is Roman Kukharenko, registered in the Moscow region, and the current administrator is a citizen of Ukraine Alexander Prokhozhenko.

Cybersecurity experts pointed out that in 99% of cases a person, whose name domain and hosting such resources are registered, may not even know about it.

According to Blockchair, a total of 20.57 bitcoins (about $1 million) went through the Legalizer forum's cryptocurrency wallet. At the same time, it is associated with larger wallets. More than 5.3 thousand bitcoin (about $248 million) passed through one of them.

In addition, the email address given by the hacker who hacked Legalizer matches the contact whose user calls himself a Russian-speaking hacker and an information security specialist at the shadow site o3shop.

An analyst of the operational monitoring group Angara Professional Assistance said that usually shadow forums are hacked "because of competition or partner revenge." In his opinion, the attack on Legalizer may be related to the redistribution of the drug market or extortion.

The expert admitted that hacking Legalizer can lead to arrests.

State borders may also become an obstacle for law enforcement agencies. Although the forum is oriented at the Russian-speaking audience from the CIS, it may be physically located on servers hosted in a country where drugs are legal.

Logins and passwords of at least 1.2 million Russians have been leaked online

 The credential verification service developed by cybersecurity company BI.ZONE (a subsidiary of Sberbank) has revealed that information about logins and passwords of more than 1.2 million Russians is freely available as a result of data leaks.

"BI.ZONE, a strategic digital risk management company, helped over one and a half million Russians check their credentials for leaks containing their usernames and open passwords. The owners of more than 1 million 200 thousand contacts could become potential victims," the company said.

Experts note that this information is available not only on the darknet but also on the normal Internet. At the same time, since it is freely available, attackers do not even need to buy it.

According to Anton Okoshkin, director of anti-fraud at BI.ZONE, many Russians use the same credentials for many sites, so their leakage can lead to hacking of all accounts.

"In most cases, people use the same username and password on a variety of resources: from accounts in social networks and online stores to work services. In such a situation, if your account is compromised on one of them, the risk of hacking all accounts increases," Okoshkin noted.

At the same time, the expert noted that attackers usually begin automated verification of credentials on different services a few hours after the appearance of the leak in the public domain. "It is very important to promptly warn users about the compromise of their data," he stressed.

Almost 1.7 million Russians have already used the Bi.zone company's credential verification service. The service checks for a set of 5 billion credentials that have exactly fallen into the hands of attackers and contain user usernames and passwords. The leaked database is updated weekly.

Raychat App Suffered a Data Breach of 150 Million Users

 

Around 7:20 a.m. on Monday, May 3, 2021, the database was first made public on a prominent Russian hacker website. It was unclear if these documents were stolen from the Raychat app's servers or whether they were a result of a recent data breach, which occurred on January 31st, 2021, as a consequence of a misconfigured database discovered by IT security researchers Bob Diachenko. 

Diachenko posted a series of tweets about the Raychat application on Twitter. He said that a misconfigured server leaked the entire database of the Raychat app. According to the researcher, the database contained over 267 million accounts with information such as addresses, addresses, passwords, metadata, encrypted messages, and so on. 

He also claimed that he had not received a response from the organization after Diachenko received a response from an Iranian Twitter user. He shared a screenshot of a tweet from the Raychat app confirming that no data had been compromised. 
 
The data was allegedly leaked by a threat actor on a well-known hacker website, Raid Forum. He said that they downloaded the data until the meow attack erased it. The data seems to be genuine, and millions of Iranians' personal information has been made public. The leaked data includes names, IP Addresses, email addresses, Bcrypt passwords, Telegram messenger IDs, etc.

Despite the fact that Iranian hackers have been blamed for increasingly advanced attacks against their adversaries, Iranian civilians have been one of the most overlooked victims of data breaches in recent years. For example, a database allegedly belonging to the Snapp app (Iranian Uber) leaked "astonishingly sensitive details" of millions of users on an unreliable MongoDB server in April 2019. 

52,000 Iranian ID cards with selfies were sold on the dark web in April 2020 and later leaked on the open web. The personal information and phone numbers of 42 million Iranians were sold on a hacker forum in March 2020. The database was first revealed on an Elasticsearch server by a misconfigured database. 

It's now up to the victims to be more cautious. They should be wary of email-based phishing attacks. Users should not click on links in texts or emails because they could be scams. By breaking into a user's phone, they could further intrude on their privacy.

Apple will pay $100 million to Russian hackers for leaking data on new products

Apple's database was hacked due to cybersecurity deficiencies of the Taiwanese equipment manufacturer. The stolen information is estimated at $50 million, and the Russian hacker group is to be blamed.

Quanta, which produces MacBooks and peripherals for Apple, reported hacking of its own system and theft of engineering, production schemes of current and future products. We are talking, in particular, about the Air 2020, M1 2020 model of laptops and an unreleased copy with additional ports.

The group, described as the most dangerous in global cyberspace, REvil, sent an extortion message to Apple with samples of stolen technical files. The hackers are demanding a ransom of $50 million if Quanta pays the full amount by April 27. After that date, the amount will double to $100 million. The message was distributed through the Tor anonymous network connection, protected from eavesdropping.

According to profile portal Bleeping Computer, by Saturday, April 24, REvil had published more than a dozen schematics and diagrams of laptop components on its Darknet leak site. However, no links were found to the fact that the data relate to Apple products.

Quanta confirmed that its servers had been hacked. As Bloomberg reported, Quanta Computer's information security team is working with outside IT experts to review several cyberattacks on a few Quanta servers. The manufacturer says the hack will not significantly affect the company's future operations

The company also said that it has not yet figured out the extent of the leak. The images that leaked to the Net include the schematics of the redesign of the iMac just presented by Apple, which until this situation has not been seen by anyone outside of Apple's sphere of influence. This confirms the fact that the documents are indeed accurate.

Recall that REvil's largest illegal extortion profit was $18 million. The money was anonymously cashed and laundered through a cryptocurrency exchange.

Data from thousands of Russian companies have been made publicly available on the web

The data of several hundred Russian companies that used the free online project manager Trello has been made publicly available. Among the hundreds of thousands of leaked boards are those containing confidential information.

Data from boards of free online project manager Trello, which were maintained by Russian companies, was made publicly available. Leaked data of several hundred large companies and thousands of small and medium-sized businesses were found by analysts of Infosecurity a Softline company.

The company specified that in Russia, Trello boards are mainly used by small and medium-sized businesses, and there are representatives of large organizations, including banks.

Kirill Solodovnikov, CEO of Infosecurity, called the entry of corporate data in the network "an illustration of a leak, which occurred not due to hacker attacks, but as a result of inattention or negligence of company employees". 

According to Infosecurity, organizations post lists of employees and customers, contracts, passport scans, documentation related to participation in tenders and product development, as well as credentials of corporate accounts and passwords to various services. 

"Usually it is not difficult to determine from which organization the information leaked. Its name often appears either in the name of the board or in the description of tasks," added the experts.

Analysts Infosecurity found that nearly a million public boards of service Trello are currently indexed by search engines, and thousands of them contain confidential information. So, now, according to thematic queries in search engines, there are more than 9000 boards with mentions of logins and passwords.

Trello belongs to the Australian software developer Atlassian, other similar free services include Evernote, Wunderlist, XMind, Notion. Data from Trello boards were already in the public domain, but this was the first time such a large-scale leak occurred.

Sergei Novikov, deputy head of the Kaspersky Lab's Threat Research and Analysis Center, noted that the service is used by cyber groups to coordinate their activities. Infosecurity told about detecting a board in Trello, which belonged to a group of fraudsters who specialize in deceiving credulous foreigners under the "Russian brides" scenario when the hunt is conducted for those willing to meet young girls from Russia.

"Hackers could use data from the boards, for example, to attack companies' clients or hack corporate Instagram accounts, as in the fall of 2020," added Infosecurity.

Experts warned that data leaks could also lead to fines for violations of the law on personal data, for example, it contradicts the storage of scans of clients' passports in public storage located abroad.

Database containing e-mail addresses of Navalny's supporters leaked onto the Internet

Navalny's team is now investigating and identifying the source of the leak. The team assured them that they did not collect any personal data other than email addresses of their supporters

Attackers gained access to the email database of the "Freedom to Navalny!"(free.navalny.com), created as part of the campaign in support of the politician. The site registers supporters of the opposition leader who are ready to go out to rally. Alexei Navalny's team promised to announce it when the number of people ready to join "at least" 500,000. The authenticity of the leaked addresses was confirmed by Ivan Zhdanov, director of the Anti-Corruption Foundation (included by the Ministry of Justice in the register of foreign agents).

"A database of emails from free.navalny.com has now appeared on the Internet. It corresponds to reality, unlike the previously issued fakes," Mr. Zhdanov wrote in the Team Navalny Telegram channel.

The director of the Anti-Corruption Foundation explained that the base for the email newsletter had leaked. "We use third-party services to send out emails because when working with a large number of emails it is impossible to avoid using third-party services. In this case, we use the mailing service mailgun.com", said he.

Ivan Zhdanov noted that only the base of email addresses was leaked. It does not contain any names or other identifying data. Mr. Zhdanov added that this was the first time in the Anti-Corruption Foundation work, the Foundation will try not to repeat such a situation and later will report the results of the investigation. He urged to send the emails received from intruders to spam.

Several journalists found their mailboxes in the base. In addition, the base includes email addresses of state bodies. Among them are domains of accreditation department of Press Service and Information of the President of Russia, press-services of Ministry of Internal Affairs, party "United Russia", Federal Tax Service and also those of the Government of Chechnya. There are 529,000 mailboxes in the database.

We remind you that on February 2, 2021, the Moscow court replaced Alexei Navalny's suspended sentence in the Yves Rocher case with a real one due to violation of the conditions of the probationary period. In mid-March, the politician was taken to the penal colony, where he must spend two years and eight months. 

Data from the Russian cybercriminal forum Maza (Mazafaka) leaked to the network

Attackers hacked the Russian-language forum Maza, which was used by the hacker "elite". According to experts, competitors or an anti-hacker group may be behind the hacking

The forum of elite Russian-speaking hackers Maza was hacked in February, as a result of the attack, the data of more than 2 thousand cybercriminals were freely available.

This is a community of cybercriminals and financial fraudsters, many of whom began their criminal activities in the mid-1990s.

According to the US cybersecurity company Flashpoint Intel, the forum was hacked on February 18. As a result, "usernames, passwords, e-mails of users and alternative ways of communicating with them, such as contacts in ICQ, Skype, Yahoo and Msn," leaked to the network.

The message about the hacking of the site appeared on the forum itself, and it was translated into Russian with the help of an online translator. Experts believe that this is either proof that the forum was hacked by non-Russian-speaking criminals, or it may be an attempt by attackers to "send analysts on a wild goose chase."

The experts suggest that anti-hacker groups or so-called white hackers working on behalf of the authorities may be behind the cyberattack on Maza. The forum could also be hacked by competitors.

Mikhail Kondrashin, Technical Director of Trend Micro Russia and the CIS, notes that Maza was already hacked ten years ago.

"But this has not shaken the stronghold of the cybercrime underground," said the expert.

According to him, the data from this forum is "invaluable information" for law enforcement agencies, and with the proper operational application, this information can help reduce the overall level of cyber threats in the world.

According to Ilya Tikhonov, an expert of the information security department of Softline, the data obtained can be very valuable for combating cyber attacks, even if there was no hacker software on the forum.

"The correspondence and user credentials will also be useful," added he.

At the same time, the founder of the DLBI data leak intelligence service, Ashot Hovhannisyan, doubts that such a leak will affect the fate of hackers. In his opinion, the disclosure of email addresses on the forum is not proof that they participated in illegal activities.

At the same time, Hovhannisyan noted that usually hacker forums are hacked by competitors. Hacking Maza, in his opinion, could be a warning to the owners of the forum from competitors.

Other experts suggested that, most likely, the reason for the attack was personal or financial interest. It is possible that some of the participants were insulted or someone has underpaid the money promised from the fraudulent scheme.


Database of 21 million users of popular VPN services leaked

The database contains email addresses, passwords and usernames of Russian users. This information can be used by hackers to obtain bank card data.

A database of 21 million users of free VPN services GeckoVPN, SuperVPN, and ChatVPN for the Android operating system was put up for sale on Darknet.

According to the SuperVPN page in the Google Play Store, the app has been installed more than 100 million times. GeckoVPN has over 10 million installs, and ChatVPN has over 50,000.

The database contains e-mail addresses, passwords and usernames of users. One of the archived samples for sale contains data about VPN users' devices, including serial numbers, phone types, and brands.

SuperVPN users' data was already in the public domain as a result of a large-scale leak last summer. The founder of the company "Internet-search" Igor Bederov, in an interview with the publication, said that the new data leak of free VPN users occurred due to "obvious negligence in handling confidential information." “Service owners have not trite to change the default passwords on their database servers,” he explained.

According to experts, user data can be used by fraudsters for phishing and man-in-the-middle attacks, when a hacker puts malicious tools between the victim and the target resource, thus intercepting the user's web sessions.

Alexei Kubarev, an expert at the Solar Dozor Product Center, told that such attacks endanger confidential data transmitted from devices over the Internet, including passwords and CVV codes of bank cards.

According to Denis Batrankov, an independent information security expert, users of VPN services need to set unique passwords so that in the event of a leak, fraudsters cannot brute force access to other services with the same password.

The data of 1.3 million Russian Hyundai customers are on sale

The database, which contains information about 1.3 million Russian owners of Hyundai cars, is put up for sale on Darknet. This is reported by Telegram-channel "Information Leaks".

According to him, the data of 1.3 million registered users of the hyundai.ru website were put up for sale. The database contains the full names, phone numbers, email addresses and home addresses of the automaker's customers, as well as information about the vehicles they purchased, spare parts orders and participation in the brand's marketing activities.

Ashot Hovhannisyan, the founder of the DLBI data leak intelligence service, said in an interview that the database with Hyundai customer data is sold for about $2 thousand. According to him, the seller of the database has a high rating and has not previously been seen selling fake data. Hovhannisyan clarified that the latest data on user operations contained in the "testers" of the database refers to 2019.

The seller of the database, as other interviewed information security experts told, has a good reputation, so the leak is similar to the real one. One of the interlocutors claims that the seller of the base is a Russian who lives in Moscow.

According to Hovhannisyan, the database is a "dump" of the SQL server that serves the site of the Russian office of Hyundai, so most likely the source of the leak was a vulnerability in this server found by an automatic scanner or a backup copy of the data accessed by cybercriminals.

According to KELA analyst Viktoria Kivilevich, the seller of the database has many ads in which he offers databases of other companies in the same format, so it is likely that the hacker massively scans vulnerable networks, "selects those that are more delicious" and exploits vulnerabilities.

Korean Dating App Leaks Private Images and Information of 1 Million Users

 

Korea is a country where incidents of data breach have significantly risen in number, becoming the new normal. Due to this, Data Protection has become a subject of concern in Korea. Massive-scale data leakage incidents have caused the residents great trouble as their resident registration numbers are easily accessible on the internet. For instance, while using various online platforms for shopping a person provides the required information that is not regarded safe as small business owners pay little attention to the protection of the database while on the other hand big business owners at times lack efficient data control system. 

This data breach mostly leaks the private information of the users such as explicit content or certain images that should not be out in the public domain. The data that gets easily accessed due to the misconfigured and unsecure services, includes user information such as personally identifiable information and other sensitive data like private messages or images. 

Lately, one such incident took place in Korea again where a dating app has leaked highly sensitive NSFW picture and information of the app users that are nearly 1 million in the count. This one was free of cost dating app that goes by the name “ Sweet Chat” belonging to Sweet Talk. 

The aforementioned incident is a bit of a déjà vu, as the nearly same incident was reported in November last year. Though that incident had images, videos, and audios that were extremely explicit and private for the user and that particular database contained 130,000 files in total. Articulating about the incident that transpired this year the database only had NSFW images and only half of the total images were explicit. The count of the images and messages leaked this time was 1 million. 

The era of technology accords with a wide range of approaches that can harm a user caught in such cases. The user ID’s are easily connected to the leaked images by a Reverse Image search process, which is very handy for cybercriminals who later on blackmail the users. Wrongdoers even get imprisonment for up to 40 years for such blackmailing cases in Korea.

These cases are very sensitive, as they breach the wall of privacy for the user. It’s the responsibility of the owners and the app developers to make sure that all such private information and the confidential database remains safe and private. The consequences of such cases are highly amplified for the victims as now anybody could access their personal information. 

The users need to use these dating apps with proper care and change their passwords every now and then. Users are also advised to keep an eye on the personal information stored in the app. One must always be cautious about permissions that the apps ask for its proper working on the device. And cases carrying such sensitivity must be reported to the concerned authorities as soon as possible.

A Russian-speaking hacker put up for sale the accounts of the heads of the world's largest companies

 A Russian-speaking hacker under the pseudonym Byte leaked passwords from the personal profiles of managers of many large companies in the world

Data for accessing the personal accounts of Microsoft's online services and the email addresses of several hundred senior executives are put up for sale on a Russian-language hacker forum.  This was done by a Russian-speaking hacker under the pseudonym Byte. The seller claims that he has hundreds of passwords of different top managers from all over the world. He is ready to confirm the authenticity of the data to the buyer.

Offer to sell credentials appeared on a private forum Exploit.in for Russian-speaking cybercriminals. The description states that you can purchase email addresses and passwords to access the accounts of Office 365 and other Microsoft services of presidents, their deputies, CEOs, and other high-ranking executives of companies from around the world.

Byte asks for each address from $100 to $1500, the price directly depends on the size of the company and the position held by the account owner.

An information security specialist entered into negotiations with the seller to confirm how relevant the database offered for sale is. For verification, he received the credentials of two accounts: the CEO of an American software development company and the CFO of a chain of retail stores in one of the EU countries. As a result of verification, he got access to the data of these people. 

The attacker did not disclose the source of the data but claims that it can provide access to hundreds of accounts.

Analysts at KELA reported that the person selling these credentials previously tried to purchase information collected from computers infected with the Azorult malware. It usually contains usernames and passwords that the program extracts from victims' browsers.

This incident once again highlights the need for better data protection. Two-factor authentication or 2FA is often recommended.

Here's why a Greece Hacker Easily Hacked Croatian University?

 

A hacker from Greece has published the database of the University of Rijeka in the context of Croatia supporting the anti-Serb movement. Reportedly, the hacker was fueled by the prevailing situation in the Balkans, and his acts were motivated by the same; addressing his Serbian brothers he wrote, "it's time to defend our land and our history". 

Hashing is a one-way road to security and a reliable password storage strategy that makes storing passwords less risky and complex by creating a strong foundation for securely storing passwords.
 
The database contains a table that compares every username with a password. The server receives a request for authentication with a payload containing a username and a password when a user logs in; then the username is being looked up in the database and matched with the stored password, and when the right match is being found, the user gets the access to the application or the website. 
 
The strength of security depends upon the format of storing the password, one of the most basic ways of password storage is 'cleartext', which however is also the least secure of all as it is readable data stored in the clear, for instance, unencrypted. To say, using cleartext for storing passwords is the real-world equivalent of writing them down on paper – here a digital one.  
 
Notably, the University website has been using Md5 to store the passwords which is yet another outdated format that can be easily cracked. Now coming back to hashing – it uses an algorithm to map data regardless of its size to a fixed length, one must not confuse hashing with encryption as encryption is a two-way function and hence reversible while hashing is a one-way function and hence is not reversible. The computing power required to reverse-hash something is unfeasible. 
 
What is salting?
 
Salting is a unique value that is added at the end of the password to distinguish its hash value from that of a similar password, without salting the same hash will be created for two identical passwords. It is done to strengthen security by complicating the cracking process. However, in the abovementioned hash, there are no additional values added to the passwords. 

They have simply used the md5 method without salting and as the main virtue of a secure hash function is to make its output difficult to predict, this method used by the University defies the whole purpose – making passwords weak and easy to crack. Some of the pre-cracked passwords are shown below. 



The data of 55 thousand clients of Russian banks were publicly available


 The Bank of Russia and the Visa payment system have notified credit institutions about the leakage of bank customer card data.

The database with the data of 55 thousand users of the Joom marketplace, specializing in the delivery of goods from China, was publicly available. 

- The database was available for free download on the Darknet and in Telegram channels last week. It contained the first six and last four digits of the card number, its expiration date, the payment system and the Bank that issued the card, as well as the user's full name, phone number, email address and residential address.

A representative of the company said that the leak occurred back in March. The company has terminated cooperation with the counterparty due to which the incident occurred.

It is noted that only those banks whose cards were used by customers from the database received messages from a center for monitoring and responding to computer attacks in the credit and financial sector (FinCERT). A number of banks have already taken measures to prevent the threat, some of them have informed customers about the reissue of cards.

According to Ilya Tikhonov, Head of Compliance and Audit at Softline Group of Companies, online stores are traditionally one of the most poorly protected segments, since their creators do not pay enough attention to the issue of protection from cyber attacks. 

"Based on the nature of the data, I can assume that it was obtained by an external attack: malware was used to intercept data during the payment process”, added he.

"The database is freely available in several places, it could have been downloaded by hundreds of people, so it will be difficult for fraudsters to use it", said Ashot Hovhannisyan, founder and technical Director of DeviceLock.

Databases of users of Russian ad services Avito and Yula have appeared on the network


Six files with tables in CSV format are in the public domain, which means that anyone can download them. Each file contains the data of about 100 thousand users (three databases with information from Avito users, and three more from Yula users). Each record contains information about the user's region of residence, phone number, address, product category, and time zone. The first database was uploaded to the hacker Forum on June 26, and the last one appeared there on July 22.

Russian media writes that they confirmed the relevance of at least part of the published data by calling users at the specified phone numbers.

A representative of Yula said that the uploaded files do not contain personal data of users of the service.

"They only contain information that anyone could get directly from the site, or by parsing (copying using scripts) ads.

Yula is extremely attentive to the security of our users and the safety of their data. We do not disclose information about addresses from ads even when parsing (and this is visible in the files) and allow our users to completely hide their phone numbers, accepting calls only through the service's app," said the service.

The press service of Avito also reported that the user data contained in the databases was publicly available and this is not a leak of information.

The head of the Zecurion analytical center, Vladimir Ulyanov, noted that it may even be a manual data collection since user numbers on Avito and Yula websites are usually covered with stars. The published information, in his opinion, can be used by fraudsters in social engineering.

'ShinyHunters', a Hacker Group Selling Databases of 10 Organization on the Dark Web for $18,000


A group of hackers has put the user databases of 10 companies for sale on the dark web, a part of the internet world that requires specialized software to be accessed, it isn't normally visible to search engines. 

The group that is selling more than 73.2 million user records goes by the name of 'Shinyhunters' and was reportedly behind the breach of Indonesia's biggest online store, Tokopedia. Notably, it's the success of Tokopedia's breach that has encouraged the hackers to steal and sell data from various organizations including Zoosk (online dating app, 30 million records), Minted (online marketplace, 5 million records), Chatbooks (Printing service, 15 million records), Mindful (Health magazine, 2 million records), Bhinneka (Indonesia online store, 1.2 million records), Home Chef (Food delivery service, 8 million records) and others. The samples of the aforementioned stolen records have been shared by the hackers; security experts have verified the same to confirm the authenticity of most of the databases that are being sold separately by the hackers for almost $18,000. However, the legitimacy of some of the enlisted user records is yet to be proved. Despite the ambiguity and confusion, ShinyHunters seems to be a well-founded threat actor as per community sources. 

In the last week's breach targeting Tokopedia, initially, hackers published 15 million user records for free, however, later on, the organization's full database containing around 91 million records was put on sale for $5,000. 

Allegedly the hacker group has also been involved in the data breach of a very popular Facebook-funded education initiative, Unacademy, the breach affected a total of 22 million user records. 

Reports indicate that the data posted by hackers contain authentic databases that could lead to serious concerns for all the affected organizations, although there are limited insights available about ShinyHunters, the modus-operandi of the hacker group resembles that of Gnosticplayers, a computing hacking group that made headlines for selling stolen data of the dark web with its latest victim being Zynga Inc, a mobile social game company.

The prosecutor's office identified a leak of the full database export and import operations in Russia for eight years


Yekaterina Korotkova, the representative of the Moscow Interregional Transport Prosecutor's Office reported that the Northern Transport Prosecutor’s Office revealed a leak on the Internet of a full database of export-import operations of Russian companies at customs posts over eight years.
“It was established that one of the Darknet sites has on sale a complete, regularly-updated customs database for all export-import operations of Russian companies for 2012-2019 (data for all customs posts of the Russian Federation),” said Korotkova.

According to her, the site contains full declarations of all participants in foreign economic activity of Russia, TIN of recipients, senders, information about the processed goods, indicating the Declaration numbers, the country of origin of the goods, surnames, first names, patronymics of their representatives, vehicle numbers, contact numbers, as well as information about risks.

"The customs authorities' databases on the website for acquiring contain information of limited access and personal data," added the representative of the Ministry of Transport and Trade of Ukraine.

The Prosecutor's office through the court demanded to recognize this information prohibited on the territory of Russia.

The court granted the claim. After entering into force, the court's decision will be sent to Roskomnadzor to include the resource in the Unified register of information, the distribution of which is prohibited on the territory of the Russian Federation.

In December 2019, the Investigative Committee reported that during operational activities it was possible to establish a hacker who was to blame for the leak of personal data of several hundred thousand employees of the Russian Railways company on the Internet. A 27-year-old hacker from Krasnodar was charged with illegally obtaining and disclosing trade secrets and illegally accessing protected information.

Investigators found that in June 2019, the accused was able to access internal resources of the Russian Railways computer network. He copied the personal data of several hundred thousand employees, including managers, of Russian Railways and posted it on the Internet. The young man pleaded guilty to committing this cyberattack.