fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hacker Leaks Payment Data From Defunct WeLeakInfo Breach Site

Hacker Leaks Payment Data From Defunct WeLeakInfo Breach Site

The now-defunct WeLeakInfo data breach site has suffered its own data breach after a threat actor leaked the service’s payment information and customer info.

WeLeakInfo was a website that offered paid subscriptions for searchable access to a database containing 12.5 billion user records stolen during data breaches. This data included email addresses, names, phone numbers, addresses, and in many cases, passwords.

Threat actors commonly used the site to conduct phishing campaigns, credential stuffing attacks, and potentially gain access to corporate networks.

In January 2020, an international law enforcement operation including the FBI, UK NCA, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland, allowed the FBI to seize the WeLeakInfo domain – effectively shutting down the site’s operation.

Seized WeLeakInfo.com domain

Also Read: In Case You Didn’t Know, ISO 27001 Requires Penetration Testing

Data breach seller suffers a data breach

Last Thursday, a threat actor released an archive of payment processing data used by WeLeakInfo when processing payments through Stripe.

The data was published on a popular hacking forum known as RaidForums, where other threat actors could download WeLeakInfo data by paying eight credits, a form of currency used on the forum, which is equal to about $2.54.

Forum post leaking WeLeakInfo data

One of the hacking forum administrators posted that they found their data listed in the dump from when they used the service.

The poster states they gained access to the WeLeakInfo payment processing data after the FBI allowed the ‘wli.design’ domain to expire. WeLeakInfo allegedly used this domain for payment-related emails from Stripe.

“The stripe account was taken over due to the FBI not securing all of the domains that WeLeakInfo owned, and as a result “wli.design” expired, the domain used by them for payment-related emails.”

“I was able to register this domain and then reset the password on their stripe account, giving me full access to all customer information for people that paid via stripe,” the threat actor explained in a post leaking the WeLeakInfo data.

Last weekend, cybersecurity intelligence firm Cyble shared samples of the stolen data with BleepingComputer and said there are approximately 10,000 unique customers listed in the data leak.

The leaked data includes screenshots from the Stripe WeLeakInfo account and spreadsheets containing invoices, successful payments, customer lists, and more.

The spreadsheets contain personal and corporate data, such as email addresses, names, billing addresses, last four digits and expiration dates of credit cards, IP addresses, order history, IP addresses, and phone numbers.

The screenshots in the data leak also indicate that WeLeakInfo had close to 24,000 payments and a NET sales amount of £92,000 since January 1st, 2019.

In addition to non-corporate users, the leaked data also included businesses that used the service.

Also Read: 4 Considerations In The PDPA Singapore Checklist: The Specifics

Most of these businesses are security companies that were likely using the data as part of proactive warning services for their customers to warn of exposed credentials and information.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us