Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Database Leaked. Show all posts
Employee Data
Australia Australian Businesses Cybersecurity Researchers Data Breach Data Leak data security Database Leaked Database Security Employee Data

Sydney Tools Data Leak Exposes Millions of Customer and Employee Records

 

A major data leak from Sydney Tools, an Australian retailer specializing in power tools, hand tools, and industrial equipment, has potentially exposed the personal information of millions of customers and employees. The breach, discovered by cybersecurity researchers at Cybernews, involved an unprotected Clickhouse database that remained publicly accessible online, allowing unauthorized individuals to view sensitive data.  

According to the report, the database contained more than 5,000 records related to Sydney Tools employees, including both current and former staff. These records included full names, branch locations, salary details, and sales targets. Given that Sydney Tools reportedly employs around 1,000 people, a large portion of the exposed records likely belong to individuals who no longer work for the company. While no banking details were included in the leak, the exposure of employee information still poses a significant security risk. 

Cybercriminals could use these details to craft convincing phishing scams or for identity theft. Beyond employee data, the breach also exposed an even larger volume of customer information. The database reportedly contained over 34 million online purchase records, revealing customer names, email addresses, phone numbers, home addresses, and details of purchased items. The exposure of this information is particularly concerning, as it not only compromises privacy but also increases the risk of targeted scams. 

Customers who purchased expensive tools and equipment may be especially vulnerable to fraud or burglary attempts. Cybernews researchers have expressed serious concerns over the extent of the breach, highlighting that the database includes a mix of personally identifiable information (PII) and financial details. This kind of information is highly valuable to cybercriminals, who can exploit it for various fraudulent activities. The researchers attempted to notify Sydney Tools about the security lapse, urging them to secure the exposed database. 

However, as of their last update, the data reportedly remained accessible, raising further concerns about the company’s response to the issue. This incident underscores the ongoing risks posed by unprotected databases, which continue to be one of the leading causes of data breaches. Companies handling large volumes of customer and employee information must prioritize data security by implementing robust protection measures, such as encryption, multi-factor authentication, and regular security audits. Failing to do so not only puts individuals at risk but also exposes businesses to legal and reputational damage. 

With cybersecurity threats on the rise, organizations must remain vigilant in safeguarding sensitive information. Until Sydney Tools secures the database and provides assurances about how it will handle data protection in the future, customers and employees should remain cautious and monitor their accounts for any suspicious activity.
Read more »
VPN
Data Breach Database Dumped Database Leaked VPN

Data of more than 45 million users of VPN services appeared on the web

Data from 45.5 million users of FreeVPN[.]org and DashVPN[.]io services appeared on the shadow forums. The data was left on an unsecured MongoDB database management system server. Both services belong to the international company ActMobile Networks with headquarters in the USA, only 795.7 thousand records belong to Russia. According to the company's website, more than 75 million people worldwide have used their VPN services.

The database contains user email addresses, encrypted passwords, registration dates, profile updates and last login. The authors of the channel specify that the database stores data from 2017 to 2021.

Information leaks through such services are happening more and more often, previously mobile application data with free VPN GeckoVPN, SuperVPN and ChatVPN appeared on the network, a total of 21 million people were affected.

Before that, in July 2020, the data of more than 20 million users of similar applications UFO VPN, Secure VPN and others were leaked. Experts immediately drew attention to the fact that free mobile VPN services are unsafe, and fraudsters who bought the database can use the data for phishing and hacker attacks.

Experts believe that if a person uses a free service, he should understand that, most likely, he is the product himself. Such companies collect and repeatedly resell information about which sites the user visits, what he is interested in, what purchases he makes. Alexander Dvinskikh, an information security expert at the Krok IT company, is sure that in addition, VPN applications retain information about e-mail and IP addresses of users, which allow identifying directly the owner of this data.

He added that the publicly available information from VPN services can help the special services in investigating cyber incidents in which those who use these services in illegal actions on the Internet were noticed.

Read more »
Russia
Data Breach Database Compromised Database Leaked Moscow Moscow Cyber Security Russia

Hackers put up a database of drivers in Moscow for sale

 The attackers put up for sale a database of drivers in Moscow and the Moscow region on the darknet. The database worth $800 contains 50 million lines with the data of drivers registered in the capital and Moscow region from 2006 to 2019. It was put up for sale on October 19, 2019. Information from 2020 is offered as a bonus for purchase.

The buyer can get the name, date of birth, phone number, VIN code, and car number of the car owner from the database, as well as find out the make of the car, model, and year of registration.

According to the seller, the information was obtained from an insider in the traffic police. Alexei Parfentiev, head of the Serchinform analytics department, also calls the insider's actions the reason for the leak. “It looks more likely also because the requirements of regulators to such structures as the traffic police, in terms of protection from external attacks, are extremely strict,” he said.

However, Andrey Arsentiev, head of analytics and special projects at InfoWatch, noted that the database could have been obtained not through the actions of an insider, but as a result of external influence, for example, through vulnerabilities in system software.

The forum where the database archive was put up for sale specializes in selling databases and organizing information leaks. The main buyers of personal data are businessmen and fraudsters. For example, companies can organize spam mailings or obtain information about competitors, and attackers can use personal data for phishing.

This is not the first time that traffic police databases have been put up for sale. For example, in August 2020, an announcement appeared on one of the hacker forums about the sale of a database with personal data of drivers from Moscow and the region, relevant to December 2019.

“This is not a single leak. This is a systematic (monthly) drain,” said Ashot Oganesyan, founder of DeviceLock.

Read more »
Hackers News
Data Breach Database Leaked Hackers News

Hackers put up for sale the passports of more than 1.3 million Russians

The hackers posted an 809 GB archive with more than 1.3 million scans of passports of Russian citizens, which were stolen as a result of hacking the servers of the cosmetics company Oriflame, on the Cybercriminal Forum RaidForums.

The company's website reports that on July 31 and August 1, it was subjected to a series of cyberattacks, which led to unauthorized access to the company's information systems. At the same time, Oriflame assured that bank account numbers, phone numbers, passwords and commercial transactions of users were not affected by the attack.

The company admits that not only customers from Russia, but also from other CIS countries and Asia were affected. Oriflame has strengthened its cybersecurity measures and is investigating the incident with the participation of law enforcement agencies.

"Probably, the company refused to buy the data from the attackers, so now they are being put into public access," adds Ashot Oganesyan, the founder of the DLBI data leak intelligence service.

It is noted that earlier the seller posted on the Cybercriminal Forum scans of documents of Oriflame clients in Georgia and Kazakhstan and claimed that he has data of the participants of the system from 14 countries in his hands.

Experts speculate that the hackers got it as a result of an attack using vulnerabilities on a corporate site. The leak could have come from a backup copy of the file storage.

A database of 1.3 million copies of passport scans on the black market would cost hundreds of thousands of dollars. Fake documents can be used to take out a microloan, register domains in the .ru zone, SIM cards or wallets of payment systems.

Oriflame leak is not the first among the companies developing network marketing. In 2020, the data of 19 million customers and employees of Avon, including names, phone numbers, dates of birth, e-mail and addresses, became publicly available.

Read more »
Database Leaked
Dark Web Darknet Data Breach Database Leaked

The average price of access to a hacked company in the darknet reached $5,400

Specialists of the Israeli company Kela analyzed more than 1 thousand ads for the sale of initial access to the internal computer networks of hacked organizations published on the darknet from July 2020 to June 2021. The average lot price is about $5.4 thousand.

Kela noted that pricing depends on the revenue of the hacked company: this indicator also determines the nominal value of the ransom that hackers can request. Therefore, access to small firms costs $100-200, and the most expensive lots are thousands of times more.

The highest price tag that the experts met was equal to 12 bitcoins (about $540 thousand at the exchange rate on August 18). That's how much the brokers asked for access to an unnamed Australian company with an annual income of $500 million. The second most expensive access cost 5 bitcoins (about $225 thousand). For this amount, an account was sold in the ConnectWise Control remote desktop access system from the network of one of the American IT companies. Another lot from the top three most expensive accesses was a lot for $100,000, which promised access to the network of some Mexican government agency.

Kela's specialists have compiled a rating of countries, access to companies from which are most often sold on the darknet. The United States led the top by a large margin: 27.9% of ads concern American organizations. France is on the second line with an indicator of 6.1%. Next are the United Kingdom and Australia with shares of 4% each. Canada closed the top five with a result of 3.8%. Then there are Italy (3.5%), Brazil (3.2%), Spain and Germany (2.3% each), the United Arab Emirates (2%).

The researchers noted that Russia and the CIS countries could not enter the top 10, since working with local companies on Russian-language hacker forums is not customary.


Read more »
Hacking News
Data Breach Data Leakage Database Leaked Hackers News Hacking News

Hacker gained access into a major CIS drug marketplace

Part of the database of the forum and its owners is available free of charge, the hackers offered to purchase the rest for 1 bitcoin. Experts hope that the action will allow a series of arrests and deal a major blow to the drug trade.

According to the leaked data, the owner and developer of the forum is a citizen of Latvia Artem Shvedov, one of the former developers is Roman Kukharenko, registered in the Moscow region, and the current administrator is a citizen of Ukraine Alexander Prokhozhenko.

Cybersecurity experts pointed out that in 99% of cases a person, whose name domain and hosting such resources are registered, may not even know about it.

According to Blockchair, a total of 20.57 bitcoins (about $1 million) went through the Legalizer forum's cryptocurrency wallet. At the same time, it is associated with larger wallets. More than 5.3 thousand bitcoin (about $248 million) passed through one of them.

In addition, the email address given by the hacker who hacked Legalizer matches the contact whose user calls himself a Russian-speaking hacker and an information security specialist at the shadow site o3shop.

An analyst of the operational monitoring group Angara Professional Assistance said that usually shadow forums are hacked "because of competition or partner revenge." In his opinion, the attack on Legalizer may be related to the redistribution of the drug market or extortion.

The expert admitted that hacking Legalizer can lead to arrests.

State borders may also become an obstacle for law enforcement agencies. Although the forum is oriented at the Russian-speaking audience from the CIS, it may be physically located on servers hosted in a country where drugs are legal.

Read more »
Russian Cyber Security
Data Breach Database Leaked Hacking News Russia Russian Cyber Security

Logins and passwords of at least 1.2 million Russians have been leaked online

 The credential verification service developed by cybersecurity company BI.ZONE (a subsidiary of Sberbank) has revealed that information about logins and passwords of more than 1.2 million Russians is freely available as a result of data leaks.

"BI.ZONE, a strategic digital risk management company, helped over one and a half million Russians check their credentials for leaks containing their usernames and open passwords. The owners of more than 1 million 200 thousand contacts could become potential victims," the company said.

Experts note that this information is available not only on the darknet but also on the normal Internet. At the same time, since it is freely available, attackers do not even need to buy it.

According to Anton Okoshkin, director of anti-fraud at BI.ZONE, many Russians use the same credentials for many sites, so their leakage can lead to hacking of all accounts.

"In most cases, people use the same username and password on a variety of resources: from accounts in social networks and online stores to work services. In such a situation, if your account is compromised on one of them, the risk of hacking all accounts increases," Okoshkin noted.

At the same time, the expert noted that attackers usually begin automated verification of credentials on different services a few hours after the appearance of the leak in the public domain. "It is very important to promptly warn users about the compromise of their data," he stressed.

Almost 1.7 million Russians have already used the Bi.zone company's credential verification service. The service checks for a set of 5 billion credentials that have exactly fallen into the hands of attackers and contain user usernames and passwords. The leaked database is updated weekly.

Read more »
User Security
Data Breach Database Leaked Iran User Data User Privacy User Security

Raychat App Suffered a Data Breach of 150 Million Users

 

Around 7:20 a.m. on Monday, May 3, 2021, the database was first made public on a prominent Russian hacker website. It was unclear if these documents were stolen from the Raychat app's servers or whether they were a result of a recent data breach, which occurred on January 31st, 2021, as a consequence of a misconfigured database discovered by IT security researchers Bob Diachenko. 

Diachenko posted a series of tweets about the Raychat application on Twitter. He said that a misconfigured server leaked the entire database of the Raychat app. According to the researcher, the database contained over 267 million accounts with information such as addresses, addresses, passwords, metadata, encrypted messages, and so on. 

He also claimed that he had not received a response from the organization after Diachenko received a response from an Iranian Twitter user. He shared a screenshot of a tweet from the Raychat app confirming that no data had been compromised. 
 
The data was allegedly leaked by a threat actor on a well-known hacker website, Raid Forum. He said that they downloaded the data until the meow attack erased it. The data seems to be genuine, and millions of Iranians' personal information has been made public. The leaked data includes names, IP Addresses, email addresses, Bcrypt passwords, Telegram messenger IDs, etc.

Despite the fact that Iranian hackers have been blamed for increasingly advanced attacks against their adversaries, Iranian civilians have been one of the most overlooked victims of data breaches in recent years. For example, a database allegedly belonging to the Snapp app (Iranian Uber) leaked "astonishingly sensitive details" of millions of users on an unreliable MongoDB server in April 2019. 

52,000 Iranian ID cards with selfies were sold on the dark web in April 2020 and later leaked on the open web. The personal information and phone numbers of 42 million Iranians were sold on a hacker forum in March 2020. The database was first revealed on an Elasticsearch server by a misconfigured database. 

It's now up to the victims to be more cautious. They should be wary of email-based phishing attacks. Users should not click on links in texts or emails because they could be scams. By breaking into a user's phone, they could further intrude on their privacy.
Read more »
Subscribe to: Posts (Atom)