fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hacker Leaks 386 Million User Records From 18 Companies For Free

Hacker Leaks 386 Million User Records From 18 Companies For Free

Hacker

A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches.

Since July 21st, a seller of data breaches known as ShinyHunters has begun leaking the databases for free on a hacker forum known for selling and sharing stolen data.

A partial list of databases posted to the forum
A partial list of databases posted to the forum

ShinyHunters has been involved in or responsible for a wide assortment of data breaches this past year, including Wattpad, Dave, Chatbooks, Promo.com, Mathway, HomeChef, and the breach of Microsoft private GitHub repository.

Databases stolen in data breaches usually are privately sold first, with prices ranging between $500 (Zoosk) to $100,000 (Wattpad). Once they are no longer profitable, threat actors commonly release them on hacker forums to increase their community reputation.

Of the databases released since July 21st, nine of them were already disclosed in some manner in the past.

The other nine, including Havenly, Indaba Music, Ivoy, Proctoru, Rewards1, Scentbird, and Vakinha, have not been previously disclosed.

Also read: Cost of GDPR Compliance for Singapore Companies

The full list of the 18 data breaches are listed below:

CompanyUser RecordsReported Breach DateKnown?
Appen.com5.8 MillionN/ANo
Chatbooks.com15.8 MillionMarch 26th, 2020Yes
Dave.com7 MillionJuly 2020 *Yes
Drizly.com2.4 MillionJuly 2020 *No
GGumim.co.kr2.3 MillionMarch 2020 *Yes
Havenly.com 1.3 MillionJune 2020 *No
Hurb.com20 MillionN/AYes
Indabamusic.com475 ThousandN/ANo
Ivoy.mx127 ThousandN/ANo
Mathway.com25.8 MillionJanuary 2020 *Yes
Proctoru.com444 ThousandN/ANo
Promo.com22 MillionJuly 2020Yes
Rewards1.com3 MillionJuly 2020 *No
Scentbird.com5.8 MillionN/ANo
Swvl.com4 MillionN/AYes
TrueFire.com602 ThousandN/AYes
Vakinha.com.br4.8 MillionN/ANo
Wattpad270 MillionJune 2020 *Yes
* Based on threat actor’s statements

From the samples seen of these databases, BleepingComputer has confirmed that the exposed email addresses correspond to accounts on the services.

The combined databases expose over 386 million user records. While a password is not included in every record, for example, promo.com, there is still a massive amount of information being disclosed that threat actors can use.

When BleepingComputer asked ShinyHunters why they dumped all of these databases, we were told that they were leaked for everyone’s benefit.

“I just thought: ‘I’ve made enough money now’ so I leaked for everyone’s benefit.”

“Obviously, some people are a little upset because they paid resellers a few days ago, but I don’t care,” ShinyHunters told BleepingComputer.

Are you a user of the listed services?

BleepingComputer has contacted each of the companies being offered for free by ShinyHunters, but have not heard back from any of them.

This lack of response is common when a data breach is reported, and usually weeks, if not months later, the company will report a data breach.

To be safe, if you are a user of one of the services listed above, I strongly advise you to change your password immediately on the site.

If you use the same password at other sites, you should also change the password at those sites to a unique and strong one that you only use for that site.

Using unique passwords prevents a data breach at one site from affecting you at other websites you use.

To assist you in keeping tracking of unique and strong passwords, I suggest you use a password manager application.

Also read: 12 brief explanation about the benefits of data protection for business success

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us