This month we dove into the headline-grabbing theft of $243 million in crypto, a case solved by blockchain sleuth ZachXBT, who handed the intel to the Feds. But, in a move that proves cybercriminals never miss an opportunity for drama, another amusing episode has popped up. This time, photos circulated on social media show a rival hacker commandeering the screens of an exclusive club, broadcasting the message “Back to the lobby, Malone,” and—just for kicks—displaying what appeared to be Malone’s Social Security number on a neighbouring screen. No word on whether Malone is rethinking his life choices yet, but it's safe to say his day was ruined.

Meanwhile, the saga of Telegram has taken yet another sharp turn. Following the questionable arrest of CEO Pavel Durov earlier this month, Telegram's stance on working with law enforcement has been, well, fluid. To recap: Durov's private jet stopped to refuel in France, where he found himself scooped up by French authorities. Despite being in that odd legal grey area of international airspace (where customs checks don’t typically apply), someone tipped off the authorities. Durov was detained without formal charges, and after a few days of "investigation," he was released on a 5-million-euro bail under the condition he can’t leave France.

In the wake of this, Telegram made a controversial statement about cooperating with law enforcement, claiming they’d only share user data for terrorism-related cases. Fast forward a couple of weeks, and they've walked it back again. Their new Terms & Conditions now state:

“If Telegram receives a valid order from the relevant judicial authorities that confirms you're a suspect in a case involving criminal activities that violate the Telegram Terms of Service, we will perform a legal analysis of the request and may disclose your IP address and phone number to the relevant authorities. If any data is shared, we will include such occurrences in a quarterly transparency report published at: https://t.me/transparency.”

Why is Telegram suddenly playing ball with the powers that be? Well, it’s likely the platform’s long-standing role as a haven for free speech (and, let’s be real, cybercriminals) is rubbing big governments the wrong way. Now, with other social media platforms neatly falling in line, Telegram is feeling the pressure. Naturally, this has sparked a "great migration" to the next digital safe haven, as users and cybercriminals alike begin seeking refuge from prying eyes.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Threat actor merges 3.3 billion unique email addresses from public data breaches.
https://breachaware.com/research/threat-actor-merges-3-billion-unique-email-addresses-from-public-data-breaches
A total of 29 breaches were found and analysed resulting in 3,822,233 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included Central Tickets, Anonymous Spanish Data Archive, 2 Invoice, Tiendup and YPOK.

Blockchain detective speeds up arrest of two crypto thieves.
https://breachaware.com/research/blockchain-detective-speeds-up-arrest-of-two-crypto-thieves
A total of 35 breaches were found and analysed resulting in 7,110,820 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Sport 2000, Legendas.TV [2], Cash To You, Parking Pay and Brand New Tube [3]

We would rather “eat poop than pay a ransom.”
https://breachaware.com/research/we-would-rather-eat-poop-than-pay-a-ransom
A total of 23 breaches were found and analysed resulting in 10,466,698 leaked accounts containing a total of 30 different data types. The breaches found publicly and freely available included Lookiero, Tigo, DOJO, Grastin and OnlineGIBDD.

AI-powered property tech breach impacts US bank customers.
https://breachaware.com/research/ai-powered-property-tech-breach-impacts-us-bank-customers
A total of 27 breaches were found and analysed resulting in 36,605,520 leaked accounts containing a total of 32 different data types. The breaches found publicly and freely available included MindJolt, MyKukun, Factual, Passions Network and Dominos - Belgium.

Cuban Mobile Operator Data Breach Exposes Sensitive User Information
https://breachaware.com/research/cuban-mobile-operator-has-suffered-a-data-breach
A total of 26 breaches were found and analysed resulting in 33,301,424 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included ShopBack, JKAmaret, Allegedly Habibs, Talent Smart EQ [URL redirected] and Stealer Log 0480.