Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Have I Been Pwned. Show all posts
Troy Hunt
API Keys Credential Phishing Cyber Attacks CyberCrime Cybersecurity CyberThreat Have I Been Pwned Troy Hunt

HaveIBeenPwned Founder Compromised in Phishing Incident

 


The cybersecurity expert Troy Hunt, who founded the data breach notification platform Have I Been Pwned, recently revealed that he had been the victim of a phishing attack that was intended to compromise his subscriber list for the attacker to gain access to his data. Hunt explained the circumstances surrounding this incident in a detailed blog post, and provided screenshots of the deceptive email which enabled the attack to succeed.

In the fraudulent message, the author impersonated Mailchimp, a legitimate email marketing company, and embedded a hyperlink that was directed to a nearly identical, but fraudulent domain, which was a common phishing attack. It was very difficult to distinguish at a glance between the spoofed and authentic domains, which is why MailChimp-sso.com (now deactivated) is so closely similar. In Hunt's case, he acknowledged that he was severely fatigued at the time of the attack, which made it harder for him to act correctly. He also mentioned that he was experiencing jet lag at the time of the attack. 

In response to the email, he accidentally entered his credentials along with the one-time password, which was used for authentication. However, the fraudulent webpage did not proceed to the expected interface as he expected, signalling that the attack had been carried out. As a result of this incident, phishing scams represent a very prevalent risk, which underscores the importance of maintaining constant vigilance, even among cybersecurity professionals.

As soon as Troy Hunt discovered that he had been victimized by a phishing scam, he reset his password and reviewed his account activity immediately. However, since the phishing attack was highly automated, his credentials were already exfiltrated by the time he could respond. Although Hunt has extensive cybersecurity experience, this particular phishing attempt proved to be extremely successful. 

Hunt attributes the success to both his exhaustion after a long flight, as well as the sophistication of the email that was intended to fool others. According to him, the phish was "well-crafted" and was subtly manipulating psychological triggers. In the email, rather than utilizing overt threats or excessive urgency, it was suggested that he would not be able to send newsletters unless he took action. It was thus possible to send the email with just the right amount of apprehension to prompt action without creating suspicions. 

As a result, Hunt, the founder of the Have I Been Pwned platform, a platform that alerts people to compromised credentials, has taken steps to ensure that the information exposed in this incident will be incorporated into his platform in the future, which he hopes will lead to improved performance. A direct notification will be sent to individuals who have been affected by the breach, including both current subscribers and those who have already unsubscribed but are still impacted by the breach. 

Troy Hunt, a cybersecurity expert who runs a blog dedicated to cyber security and privacy, was targeted on March 25, 2018, by a phishing attack that compromised subscriber data from his blog. The attack originates from an email that impersonates Mailchimp, the platform he uses for sending out blog updates via email. According to the fraudulent message, his account had been suspended temporarily because of a spam complaint and he was required to login in order to resolve it.

The fake email made it look authentic by threatening disruption of service and creating a sense of urgency. Hunt was unable to distinguish this attack despite his extensive experience in identifying similar scams, as he was fatigued and jet lag affected his judgment in the process. In his attempt to log in with the email's link, he noticed an anomaly-his password manager did not automatically fill in his credentials. As a result, this could indicate that the website is fraudulent, but this is not a definitive indication, since legitimate services sometimes require a login from a different domain in some cases. 

As a result of the attack, approximately 16,000 email records were successfully exfiltrated, including those of active and unsubscribed readers alike. It is the result of Mailchimp's policy of retaining unsubscribed user information, a practice that is now being reviewed. There were emails, subscription statuses, IP addresses, location metadata and email addresses included in the compromised data, though the geolocation data did not pinpoint subscriber locations specifically. 

When the breach was discovered, immediate steps were taken to prevent further damage from occurring. It was determined that the attacker's API key would be revoked by Mailchimp, and the phishing website would be taken offline once the password was reset. Founder of Have I Been Pwned, a platform that tracks data breaches, Hunt has now added this incident to its database, making sure that affected users have been made aware of the incident. 

As phishing has become increasingly sophisticated over the years, it has moved beyond stereotypical poorly worded emails and implausible requests, moving into new levels of complexity. Cybercriminals today employ extremely sophisticated tactics that take advantage of human psychology, making it more and more difficult for consumers to distinguish between legitimate and fraudulent communications. The recent incident highlights the growing risks associated with targeted phishing attacks, as well as the importance of cybersecurity awareness and defense. 

Key Insights and Takeaways:

Psychological Manipulation and the Subtle Use of Urgency 

The majority of phishing emails are crafted to create a feeling of immediate panic, such as threats of account suspension or urgent payment requests, causing immediate panic within the target. However, modern attackers have honed their strategies, utilizing subtle psychological strategies to weaken the defences of their targets. As a matter of fact, in this case, the fraudulent email implied a very minor yet urgent issue: that the newsletter could not be sent. To manipulate the recipient into taking action, the email created just enough concern without raising suspicions, which led the recipient to respond to the email effectively. It is therefore imperative to recognize psychological manipulation in social engineering attacks, even for small requests that are relatively urgent, especially when it comes to logging into an account or updating one's credentials, to be viewed with suspicion. 

Password Manager Behavior as a Security Indicator 

In this attack, several red flags were pointing at Hunt's password manager's behaviour. Password managers are designed to recognize and auto-fill credentials only when they are used on legitimate websites. It should have been a warning sign in this case that the credentials of the user failed to automatically populate on the website, which could have indicated the website was fraudulent. By paying close attention to their password manager behaviour, users will be able to become more aware of security risks associated with their password manager. The site may be a spoofed one if the credentials are not automatically filled. Instead of entering the login details manually, users should double-check the source of the website and confirm it is authentic before proceeding with the transaction. 

The Limitations of One-Time Passwords (OTPs) in Phishing Attacks 

The multi-factor authentication (MFA) technique is widely considered to be one of the best security measures available, but it is not immune to phishing attacks. In this case, the attackers also requested Hunt to provide a password along with an OTP after he provided his username and password. Once he provided the password, the attackers gained access to his legitimate account immediately. 

A major weakness of OTP-based authentication is the inability to protect against real-time phishing attacks, where credentials are stolen and used instantly. The risk can be mitigated by requiring users to enter OTPs when they see sites that look suspicious or differ slightly from their usual login flow. Users are advised to be cautious when they are asked to enter OTP.

Passkeys as a Stronger, Phishing-Resistant Alternative There is no better way to authenticate a user than using passkeys, which are cryptographic credentials linked to the device of a user instead of traditional passwords. Passkeys are based on biometric authentication, for example, fingerprints, facial recognition, or even on-device authentication mechanisms. 

As passkeys are not associated with manually entering credentials, they have a much higher resistance to phishing attacks than traditional passwords. Passkeys work on the trust-based model, unlike passwords and OTPs, where they require physical access to the device registered for authentication. In contrast to traditional login methods, passkeys are a powerful alternative that can be used in place of traditional login methods and can serve as a valuable defence against phishing attempts as well. 

The Importance of Continuous Security Awareness 


Despite their expertise, even cybersecurity experts can be susceptible to sophisticated attacks, highlighting the importance of maintaining constant vigilance. The best way to enhance your security is to verify URLs carefully – Keep an eye out for slight misspellings or variations in URLs, as attackers are often able to create a lookalike URL by using security keys or passkeys. By using hardware-based authentication, such as YubiKeys, or passkeys, you can be assured that your information will be secure. If anyone receives a suspicious email asking for login credentials, security updates, or sensitive actions, be cautious and verify the message separately. 

Using Advanced Threat Protection – Organizations should take advantage of tools powered by artificial intelligence that are capable of detecting phishing attempts and blocking them in real-time. Educating Employees and Individuals – By attending regular cybersecurity training, you can become aware of the ever-evolving tactics used by phishing websites, minimizing the chances of human error. 

Although it is not possible to ensure complete protection against phishing attacks with just one security measure, adopting a multi-layered approach, a combination of awareness, technological safeguards, and behavioural vigilance, can greatly reduce your chances of becoming a victim of the attack. Despite being an experienced cybersecurity professional, even the most experienced individuals are not immune to social engineering techniques as demonstrated by the Troy Hunt incident. 

There was a significant contribution of fatigue and reduced attentiveness in this case, leading to a misjudgment that was essentially avoidable. It is known that social engineering can be extremely effective when it is employed in the right circumstances to reach the right people at the right time, resulting in a misjudgment that could have been avoided if it had been implemented correctly. The incident illustrates the way cybercriminals are using human weaknesses to achieve their objectives by exploiting human vulnerabilities. 

According to Aditi Gupta, a principal security consultant at Black Duck, attackers use a variety of tactics to manipulate unsuspecting victims, such as fear, urgency, and fatigue, to fool inexperienced people, reinforcing the theory that no one can escape sophisticated phishing schemes altogether. However, Hunt has been praised for being transparent in sharing his experience, which has served as a powerful tool for educating others about the risks associated with cybersecurity, despite the setbacks he has experienced. 

Despite admitting that he had made mistakes, he also expressed concern about Mailchimp’s security practices, especially the fact that the company did not offer two-factor authentication that is phishing resistant and kept intact for years to come. Cyber threats are not only mitigated through continuous vigilance, robust authentication mechanisms, and organizational responsibility, but also through continuous vigilance, robust authentication mechanisms, and organizational responsibility. 

The threat of social engineering attacks continues to increase and to remain protected from these attacks, it is imperative to strengthen security protocols, eliminate conventional authentication methods, and maintain cybersecurity awareness throughout the organization.
Read more »
My Digital Office
Cyberattacks Cybersecurity CyberThreat Data Data Breach Have I Been Pwned Hilton Hotel Chain Hyatt Marriott My Digital Office

Otelier Security Breach Leaks Sensitive Customer and Reservation Details

 


The International Journal of Security has revealed that some of the world's biggest hotel chains have had their personal information compromised following a threat actor's attack on a program provider that serves the industry. As part of a data breach on Otelier's Amazon S3 cloud storage system, threat actors were able to steal millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt after breaching the cloud storage. 

According to the threat actors, almost eight terabytes of data were stolen from Otelier's Amazon AWS buckets during the period July 2024 through October 2024, with continued access continuing to this date until October.   Hotelier, one of the world's leading cloud-based hotel management platforms, has reportedly confirmed a data breach affecting its Amazon S3 storage that exposed sensitive information from prominent hotel brands such as Marriott, Hilton, and Hyatt through the exposure of sensitive data from its Amazon S3 storage, according to reports. 

There were reports of unauthorized access to 7.8 terabytes of data from threat actors during this period. These threats were reported as starting in July 2024 and continuing until October 2024. There has been no report of any incident at Otelier as of now, but they have reportedly suspended their operations and have entrusted an expert team to investigate the incident. 

A freelance security expert, Stacey Magpie, speculates that the stolen data may contain sensitive data like email addresses, contact information, the purpose of the guest's visit, and the length of the stay, all of which could be utilized for phishing schemes and identity theft attacks. Telier, also formerly known as "MyDigitalOffice," has not yet made an official statement regarding the breach, but it is thought that a threat group is responsible for the attack. 

By using malware, the group may have been able to gain access to an employee's Amazon Web Services credentials and then transfer the stolen data to the company's servers. A spokesperson from the company has confirmed that no payment, employee, or operational data was compromised during this incident. An Otelier employee was recently reported to have had his Atlassian login credentials stolen by malicious actors using an information stealer. 

A user with this access is then able to scrape tickets and other data, which allows the attackers to get the credentials for S3 buckets, which is where the attackers obtained the credentials. As a result of this exfiltration, the hackers managed to get 7.8TB of data from these buckets, including millions of documents belonging to Marriott. The information contained in these buckets included hotel reports, shift audits, and accounting data, among other things. 

Among the data samples offered by Marriott were reservations, transactions, employee emails, and other internal data about hotel guests. There were instances where the attackers gained the names, addresses, phone numbers, and email addresses of hotel guests. The company confirmed that through Otelier’s platform, the breach indirectly affected its systems. A forensic analysis of the incident has been conducted by Otelier as a result of the suspension of the company's automated services with Otelier, which said it had hired cybersecurity experts to do so. 

Additionally, according to Otelier, affected accounts were disabled, unauthorized access had been terminated, and enhanced security protocols had been implemented to prevent future breaches from occurring. According to Otelier, affected customers have been notified of the breach. It is said that the hackers accessed Otelier's systems by compromising the login credentials of an employee who used malware to steal information. By using these credentials, they were able to access the Atlassian server on which the company's Atlassian applications were hosted. 

These credentials allowed them to gather additional information from the company, including credentials for Amazon S3 buckets. Based on their claims, they were able to extract data, including information regarding major hotel chains, using this access. In their initial attempt to get Marriott's data, the attackers mistakenly believed that the data belonged to Marriott itself. To avoid leaking data, they left ransom notes that demanded cryptocurrency payments. Otelier rotated their credentials in September, which eliminated the attacker's access. 

There are many types of data in the small samples, including hotel reservations and transactions, employee emails, and other internal files. In addition to information about hotel guests, the stolen data also includes information and email addresses related to Hyatt, Hilton, and Wyndham, as well as information regarding the properties owned by these companies. As Troy Hunt revealed during an interview for BleepingComputer, he has been given access to a huge dataset of data, which contains 39 million rows of reservations and 212 million rows of users in total. As a result of the substantial amount of data, Hunt tells us that he found 1.3 million unique email addresses, many of which appeared several times in the data. 

As a result of the recently discovered vulnerability, the exposed data is now being added to Have I Been Pwned, making it possible for anyone to examine if their email address appears to be a part of the exposed data. The breach affected a total of 437,000 unique email addresses which originated during reservations made with Booking.com and Expedia.com, thus resulting in a total of 1,036,000 unique email addresses being affected. 

A robust data protection strategy should be implemented by businesses in the hospitality sector to minimize risks, including the implementation of effective data continuity plans, the application of regular software updates, the education of staff regarding cybersecurity risks, the automation of network traffic monitoring for suspicious activity, the installation of firewalls to prevent threats, and the encryption of sensitive information.
Read more »
Phishing Attacks
1Password Manager 2FA Data Breach Have I Been Pwned Phishing Attacks

Zacks Data Breach Exposes 8 Million Users' Personal Information

 

A new data breach has been reported by Have I Been Pwned, revealing that Zacks, a prominent financial research and analysis firm, has suffered a massive security incident that has impacted approximately 8 million users. The breach highlights the ongoing threat to personal data and the need for enhanced cybersecurity measures.

The breach, which was first detected and reported by Have I Been Pwned, has exposed a wide range of personal information belonging to Zacks users. This includes names, email addresses, usernames, hashed passwords, and potentially other sensitive data. The severity of the breach underscores the potential risks faced by users whose personal information has been compromised.

Zacks, a well-known provider of financial data and research, has acknowledged the incident and is taking immediate steps to address the breach. They are working closely with cybersecurity experts to investigate the extent of the attack and determine how the breach occurred. Additionally, Zacks is notifying affected users about the breach and advising them to reset their passwords and remain vigilant for any suspicious activity.

This breach serves as a reminder of the importance of maintaining strong security practices, both for individuals and organizations. Users who have accounts with Zacks or any other online service should consider the following steps to protect their personal information:

  1. Change passwords: Resetting passwords is crucial to ensure that compromised credentials are no longer valid. Use unique and strong passwords for each online account and consider utilizing a password manager to securely store and manage passwords.
  2. Enable two-factor authentication (2FA): Implementing 2FA adds an extra layer of security by requiring an additional verification step, such as a unique code sent to a mobile device, in addition to the password.
  3. Regularly monitor accounts: Stay vigilant by monitoring financial accounts, email inboxes, and other online services for any suspicious activity. Report any unauthorized transactions or signs of identity theft immediately.
  4. Be cautious of phishing attempts: Cybercriminals may exploit data breaches to launch phishing attacks. Be cautious of unsolicited emails or messages asking for personal information and avoid clicking on suspicious links.

In response to this breach, Zacks should enhance its security measures to prevent similar incidents in the future. This includes implementing robust data encryption, conducting regular security audits, and providing comprehensive cybersecurity training to employees.

Ultimately, the Zacks data breach serves as a stark reminder of the persistent threats to personal data. Individuals and organizations must prioritize cybersecurity measures to protect sensitive information and stay one step ahead of malicious actors. By adopting strong security practices, users can mitigate the risks associated with data breaches and help safeguard their digital identities.
Read more »
User Privacy
Data Breach Have I Been Pwned Password Phishing Attacks Stolen Data User Privacy

20M User Data Breach Reported by PeopleConnect

Hackers stole a 2019 backup database holding the personal details of millions of users, PeopleConnect, the company behind the background check services TruthFinder and Instant Checkmate, acknowledged that they experienced a data breach.

Customers can run background checks on others using subscription-based services like TruthFinder and Instant Checkmate. Access to numerous databases containing personal data, including email addresses, physical addresses, social media profiles, arrest histories, and phone numbers, is offered.

Data for 20.22 million potential TruthFinder and Instant Checkmate users who utilized the services up to April 16th, 2019, were allegedly leaked on January 21 by a member of the Breached cybercrime and data breach forum.

When Have I Been Pwned's Troy Hunt informed PeopleConnect of the data leak, the business promptly initiated an investigation and reiterated that it intended to make the situation official? TruthFinder and Instant Checkmate received notifications from PeopleConnect stating that there had been a data breach on both sites.

"The list, which appears to cover all client accounts created between 2011 and 2019, was made, as we have confirmed, several years ago. Our organization produced the list that was published. Although our investigation is ongoing, it looks that this was an accidental list release or theft. It does not appear that any user activity, such as reports or queries on our system, was involved in the published list in question, and it does not appear that payment information, passwords that can be read or used, or other methods of breaching user accounts were involved," the data security firm told.

The business hired a cybersecurity organization from outside to look into the event, but there was no sign that their network had been compromised. PeopleConnect advises that targeted phishing attempts are to be on the lookout for and will provide more updates as new information becomes available.



Read more »
User Privacy
API Bug Cyber Crime Have I Been Pwned Ransomware Attacks. Security flaw Twitter User Privacy

Hackers Expose Credentials of 200 million Twitter Users

Researchers suggest that a widespread cache of email addresses related to roughly 200 million users is probably a revised version of the larger cache with duplicate entries deleted from the end of 2022 when hackers are selling stolen data from 400 million Twitter users.

A flaw in a Twitter API that appeared from June 2021 until January 2022, allowed attackers to submit personal details like email addresses and obtain the corresponding Twitter account. Attackers used the vulnerability to harvest information from the network before it could be fixed. 

The bug also exposed the link between Twitter accounts, which are frequently pseudonymous, numbers and addresses linked to them, potentially identifying users even if it did not allow hackers to obtain passwords or other sensitive data like DMs. 

The email addresses for a few listed Twitter profiles were accurate, according to the data that Bleeping Computer downloaded. It also discovered that the data had duplicates. Ryushi, the hacker, asked Twitter to pay him $200,000 (£168,000) in exchange for providing the data and deleting it. The information follows a warning from Hudson Rock last week regarding unsubstantiated claims made by a hacker that he had access to the emails and phone numbers of 400 million Twitter users.

Troy Hunt, the founder of the security news website Have I Been Pwned, also investigated the incident and tweeted his findings "Acquired 211,524,284 distinct email addresses; appears to be primarily what has been described," he said. 

The social network has not yet responded to the enormous disclosure, but the cache of information makes clear how serious the leak is and who might be most at risk as a consequence. Social media companies have consistently and quickly minimized previous data scrapes of this nature and have dismissed them as not posing substantial security risks for years.

Read more »
User Privacy
Dark Web Email Fraud Have I Been Pwned MFA Password Phishing Attacks Privacy User Privacy

 Find Out if Your Email Address Is Being Sold on the Dark Web


Almost everybody uses email. You have probably had a data breach if your private information, like your email address, is discovered on the dark web. There are numerous methods to sell and use your personal information.  

The portion of the Internet that is hidden and inaccessible with a standard web browser is known as the dark web.  The dark web's material is encrypted and needs special permission to access. The most popular method for accessing the black web is Tor, a program that masks IP addresses and locations. Additionally, hackers can easily purchase and sell identity-related information on the dark web, including credit card data, Social Security numbers, medical records, passports, etc. 

How to search for your email on the dark web

1. Launch a computer scan

Unusual or suspicious activity is a certain indication that your email account has been hijacked. Monitoring your laptop for viruses. For instance, it is very likely that your account has been hijacked if you find that your recovery email address or phone number has changed. 

2. Search Have I Been PWned?

You can utilize the website Have I Been Pwned to determine whether your data has been exposed as a result of a breach. The free tool gathers data while searching the internet for database dumps.

3. Employ a password manager

The entire objective of password managers is to assist users with all aspects of password management. A built-in password generator is typically included with password managers, allowing you to create complicated, secure passwords right away. 

4. Make use of two-factor authentication

A hacker will have a much harder time gaining access thanks to the additional layer of security provided by two-factor authentication. 

You must confirm the login attempt after providing your normal information. Usually, to do this, you will get a text message with a random number that you must enter in order to access your account. By doing this, even someone who knows your email and password cannot access your accounts.  

In some circumstances, opening a new email account could be the best and safest choice. From social media to banking, disconnect all of the accounts from the compromised address and link them to a new one.  

Users ought to use more than one email account to achieve optimal security. Decentralizing your online presence and protecting your devices from cyber risks can be accomplished in large part by setting up distinct accounts for work, banking services, social networking, and newsletter subscriptions. Users must ensure they are aware of cybersecurity fundamentals because maintaining online safety takes more than just securing their email account.
Read more »
USA
Darkweb Data Breach FTC Have I Been Pwned Phishing Attacks Private Data USA

Owner of CafePress Penalized $500,000 for Hiding a Data Breach

 

CafePress's past owner Residual Pumpkin firm has been fined $500,000 by U.S. Federal Trade Commission (FTC) in their final order over a 2019 data breach that impacted 23 million customers.

CafePress is a US site that sells print-on-demand items like apparel, housewares, and kitchenware. Sellers can register on the website and upload their designs, and CafePress takes a percentage of every sale. 

Social Security numbers and password recovery responses were kept in plain text and for a longer period by the Residual Pumpkin firm. Additionally, the organization did not implement existing safeguards and react to security vulnerabilities. After several attacks on its servers, it attempted to hide the significant data breach carried on by its inadequate security protocols. 

A unanimous 5-0 vote accepted the FTC's order. The FTC has mandated that the corporations immediately implement multi-factor authentication of stored data and set an encryption key for all social security numbers, in addition to imposing fines on the businesses. 

As a result, the company's current owner PlanetArt, who acquired CafePress in 2020, has set up an alert system to notify all customers and vendors whose private information has been compromised.

Unknown attackers acquired access to files stored as SHA-1 hashes during a February 2019 breach of CafePress' servers, exploited, and later sold 23,205,290 CafePress users' personal information on the dark web. However, after receiving notifications via Troy Hunt's Have I Been Pwned service, several users became aware of the situation. The fact the users seemed to reset their passwords on checking in without being informed of the data breach was the only indication that something was wrong. 

Since some of its merchants' accounts had been hacked since at least January 2018, as per FTC's claim, CafePress was aware that it had vulnerabilities even before the 2019 incident.

Instead of letting users acknowledge the instances, CafePress terminated their accounts and assessed a $25 account closure fee to each of them. Before the 2019 security breach, the company's network was again affected by several malware infestations, and CafePress once again neglected to look into the attacks.
Read more »
Spyware
Anti Malware Tool Data Breach Have I Been Pwned RedLine Spyware

441K accounts Were Taken by RedLine Virus, according to Have I Been Pwned.

 

Have I Been Pwned may now search the RedLine data for 441,657 unique email addresses taken by RedLine. RedLine is viewed as right now the most generally utilized data-taking malware. It is conveyed through phishing efforts with pernicious connections, YouTube tricks, and warez/break locales. The RedLine malware, once introduced, will endeavor to take qualifications, treats, Visas, and auto-complete data put away in programs. 

The Have I Been Pwned information on data breach notice currently allows you to browse in the event that your email and secret phrase are one of 441,000 records taken in a data-taking effort utilizing RedLine malware. 

The illegally taken information is gathered into a file, called "logs," and transferred to a distant server from where the aggressor can later gather them. Aggressors utilize these logs to think twice about records or sell them on dull web criminal commercial centers for just $5 per log. 

RedLine is a trojan that may be purchased individually or as part of a membership-based on underground forums. This spyware collects information from applications such as saved accreditations, autocomplete data, and Mastercard information. When executing on an objective system, a framework inventory is taken to include details such as the username, location information, equipment setup, and information about installed security programming. Later versions of RedLine included the ability to accept digital currency. This malware can transfer and download records, execute orders, and occasionally send back data about the infected PC. FTP and IM customers are also clearly identified by this family, and this malware can transfer and download records, execute orders, and occasionally send back data about the infected PC. 

Bob Diachenko, a security researcher, discovered a site with over 6 million RedLine logs from August and September 2021 last weekend. This server was most likely utilized by the threat actor to store stolen data, although it was not effectively secured. The server is still accessible, according to Diachenko, but it does not appear to be used by threat actors because the amount of logs has not increased. 

Diachenko shared the data with Troy Hunt, who added it to his Have I Been Pwned service to make it simpler for others to check if a hacker got their data in the exposed RedLine malware operation. 

Have I Been Pwned assuming an organization you have a record with, has experienced an information break it's conceivable your email might have been pwned; presented to cybercriminals haveibeenpwned.com(link is outside) is a site that checks assuming a record has been compromised 

RedLine is attempting to steal cryptocurrency wallets, you should transfer any tokens you hold to another wallet and reset the passwords for all accounts used on the machine, including work VPN and email accounts, as well as other personal accounts.

Ultimately, if your email address appears in the RedLine data, you should run an antivirus scan on your computer to detect and remove any malware.
Read more »
Have I Been Pwned
Carding Mafia Credit Card Credit Card Hacking Forum Data Breach Have I Been Pwned

Credit Card Hacking Forum Compromised 300,000 User Accounts Due To A Data Breach

 

As per the information provided by the website ‘Have I Been Pwned’, Carding Mafia, a credit card stealing and trading platform that exposed nearly 300,000 user accounts, has indeed been compromised. However, Motherboard indicates that there was no indication that its consumers were warned on either the Carding Mafia Forum or its community telegram channel. According to forum data, Carding Mafia has more than 500,000 users. 

The breach potentially released 297,744 users' e-mail addresses, IP addresses, usernames, and hashed credentials. The authenticity of stolen data was verified by the founder of Have I Been Pwned, Troy Hunt. Hunt has stated that the carding site identifies e-mail addresses leaked through the 'forgot password' feature although it declined to identify and use any other random e-mail addresses. The carding website cautioned that when anonymous e-mails are submitted, a notification pops up which reads, “you have not entered an email address that we recognize” as per the Motherboard. 

The data reportedly hacked from this carding facility was 990 GB in the size of 660,000 artworks and 130,000 threads, according to the screenshots shared by Motherboard. The accused hacker presented the database through their inbox for free. Researchers noticed some months ago that too many cybercrime payments were being shifted to private message applications, to prevent alerting officials and security researchers that typically warn of compromised organizations. 

It is not unusual for hackers to post the stolen data publicly on popular hacking forums to gain "street cred" or a reputation. One can use this credibility to claim data or even request premium prices. Hackers find it harder to individually sell hacked information and use data brokers to divide over-generous fees. 

Hacker on hacker Cybercrime is a common way to stifle competitiveness by offering similar services to rival gangs. It may also be a simple way to get the gigabytes of compromised data free of charge or to boost the credibility of the hacker. Although IP information could encourage law enforcement agencies to identify the whereabouts of cybercriminals, as most criminals use VPN services to hide their real internet addresses. In order to register for hacking websites, hackers also use untraceable email addresses from vendors including Mailinator. However, new hackers are likely to be mistaken by logging into their actual IP addresses or by using real email addresses on the carding hacking pages. 

Meanwhile, Ilia Kolochenko, Founder and Chief Architect at ImmuniWeb, says: “Most of the compromised accounts have fake data and IPs from anonymous VPNs or proxies that are not likely to bring much actionable evidence to law enforcement agencies for investigation. Moreover, even the Western law enforcement agencies are currently underequipped to investigate and prosecute cybercrime on a large scale and will probably not initiate investigatory operations after the leak.”
Read more »
Subscribe to: Posts (Atom)