fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Wattpad data breach exposes account info for millions of users

Wattpad data breach exposes account info for millions of users

Wattpad data breach exposes account info for millions of users
Wattpad data breach exposes account info for millions of users

An allegedly stolen Wattpad database containing 270 million records were being sold in private sales for over $100,000. Now it is being offered for free on hacker forums.

Watthpad is a web site that allows members to publish user-generated stories on a variety of different topics. The site is immensely popular and is ranked as the the 150th most visited site worldwide.

Since July 7th, BleepingComputer has been tracking the rumored private sale of a Wattpad database containing over 200 million records.

In an anonymous tip, BleepingComputer was told that this database was being sold by Shiny Hunters, a group known for selling company databases acquired in data breaches.

At the time, Cyber intelligence firm Cyble told BleepingComputer that this database was being sold for ten bitcoins, or almost $100,000 at the time.

BleepingComputer contacted Shiny Hunters about this breach, and at first, they were concerned about how we knew about the sale, and then later denied having anything to do with it.

A few sample records of this database seen by BleepingComputer contain user names, names, hashed passwords, email addresses, and general geographic location.

BleepingComputer contacted the users in this sample, and one user confirmed with BleepingComputer that the listed information was accurate.

BleepingComputer was told by Kiel Hume, Director of PR & Communications at Wattpad, that they are working with external security consultants to investigate the potential breach.

“We continue to investigate the information you’ve shared and its potential origins. At this time we’ve enlisted external security consultants to aid our investigation. We take the security of our users and their data extremely seriously, and our teams will be working around the clock to uncover any new information.”

Update 7/14/20 4:08 PM EST: Hume sent BleepingComputer an updated statement saying that Wattpad is working to contain and remediate the breach, but that no financial information, phone numbers, stories, or private messages were accessed during the incident.

We are aware of reports that some user data has been accessed without authorization. We are urgently working to investigate, contain, and remediate the issue with the assistance of external security consultants.

From our investigation, to date, we can confirm that no financial information, stories, private messages, or phone numbers were accessed during this incident. Wattpad does not process financial information through our impacted servers, and active Wattpad users’ passwords are salted and cryptographically hashed. 

We are committed to maintaining the trust that our users have placed in us to ensure the safety and security of the Wattpad community.

Also read: How to Register Data Protection Officer (DPO) in ACRA Bizfile+

Wattpad database now free on a hacker forum

While the database was previously being sold for the high price of $100,000, the database is now being offered for free and claims to contain 271 million users.

Today, a new user was registered on a hacker forum using the name and photo of ZDNet reporter Catalin Cimpanu and began offering this alleged database for free.

Cimpanu, who is a former reporter at BleepingComputer, is likely being impersonated due to his recent article about the hack of Vinny Troia’s NightLion security firm, who claims to be revealing the identity of Shiny Hunters and other data breach sellers this week.

The user offering this database claims that 145 million passwords are hashed with bcrypt, and the other 44 million are hashed with SHA256.

This mixture of hashing methods was used in the samples seen by BleepingComputer.

The number of users reported to be in this stolen database conflicts with the reported 80 million total users on Wattpad in 2019.

BleepingComputer has not independently verified this database’s authenticity other than the limited samples shared with us last week.

We have once again reached out to Wattpad for further comment.

This is a developing story.

Also read: 5 ways on how to destroy documents securely to prevent data breach

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us