'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Following up on this month’s eyebrow raising transaction from Bybit, the world’s second largest crypto exchange, we now have confirmation from blockchain Sherlock Holmes himself, ZachXBT. Yes, folks, it was a "security incident." (And by "incident," we mean the biggest crypto heist in history.)
Turns out our old friends from North Korea’s Lapsus$ crew, yes, the same folks keeping Rocket Man’s missile budget healthy, managed to swipe $1.5 billion in Ethereum. How? Simple. They finessed a phishing site so convincing, the CEO probably thought he was just doing his usual cold to hot wallet shuffle. Except this time, instead of transferring funds to the actual exchange, he generously wired them to a wallet owned by Kim Jong-un’s piggy bank.
You really have to admire the craft. This wasn’t your run of the mill phishing email saying, “Dear sir, urgent action required.” Nope. This was months of prep, insider level details, and a portal so identical even his password manager probably applauded.
Biggest crypto heist ever. And honestly? At this point, North Korea might as well list “professional crypto thief” as its top GDP contributor.
UK vs. Apple ADP: The Fight to Make Everyone Less Safe.
The British government, in its ongoing quest to protect literally no one, has been demanding Apple disable Advanced Data Protection (ADP), because, you know, “think of the children.”
Of course, if you have even a speck of common sense, you'll realise that criminals, spies, and hackers aren’t exactly sitting around using iCloud backups. No, the only people this really affects are regular folks who want their family photos, private messages, and embarrassing karaoke videos kept under wraps without having to earn a PhD in encryption.
Meanwhile, journalists in war zones, activists under oppressive regimes, and basically anyone doing something important with sensitive data? Yeah, they're the ones getting hung out to dry. But hey, who needs privacy when you’ve got performative legislation that makes no one safer?
Cheers to the UK government for protecting democracy by undermining it.
Amazon’s "Just Walk Out" Stores: Surprise! It’s Just People.
Ah yes, Amazon’s “Just Walk Out” stores, the tech marvel where AI magically tracks your every move so you can grab your snacks and leave without fuss. Except… plot twist! The "AI" was actually 1,000 humans in India watching us like we’re contestants on Big Brother: Grocery Edition.
That’s right, behind the scenes of what you thought was cutting edge machine learning, there were real people manually tagging videos and making sure Karen didn’t "accidentally" leave with five unpaid rotisserie chickens.
Amazon, of course, denied it. “They’re just helping train the AI!” they claimed. Sure. And I’m just helping my dog “learn” by doing his taxes.
Either way, Amazon’s now ditching the whole operation in favour of the classic barcode scanners, which beep with all the joy of a 2003 checkout lane. So the dream of a robot-run grocery utopia has officially been downgraded to humans with price guns.
Progress.
TL;DR of the Month:
- North Korea’s got $1.5 billion of Ethereum and probably a new theme park on the way.
- The UK wants to fight crime by making sure your private data is up for grabs.
- Amazon’s AI is actually just Dave from Delhi watching you buy Doritos.
Catch you next month, where I’m sure someone else will accidentally wire their life savings to North Korea and Facebook will declare Python a biohazard.
Scan Any Domain for Free https://breachaware.com/scan
https://breachaware.com/research/feds-take-down-major-cybercrime-hubs
A total of 15 breaches were found and analysed resulting in 3,010,005 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Strong Current, Email Data Pro, Stealer Log 0506, Lapor GO and International Olympiad Foundation.
OpenAI Hack? Hacker Claims Access to 20M Accounts
https://breachaware.com/research/hacker-claims-20m-openai-stolen-credentials
A total of 12 breaches were found and analysed resulting in 18,201,867 leaked accounts containing a total of 27 different data types. The breaches found publicly and freely available included ULP 0001, Corporation.de, Buddy Loan, ULP 0002 and Stealer Log 0507.
Doxbin Drama, Another Day, Another Leak
https://breachaware.com/research/doxbin-drama-another-day-another-leak
A total of 24 breaches were found and analysed resulting in 23,332,681 leaked accounts containing a total of 36 different data types. The breaches found publicly and freely available included Indian DataBase Package, Stealer Log 0508, Chess, LinkedIn (Executive Profiles) and Traderie.
UK’s Snooper’s Charter Strikes Again, Apple Backs Down.
https://breachaware.com/research/uk-snoopers-charter-strikes-again-apple-backs-down
A total of 15 breaches were found and analysed resulting in 2,096,737 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Mexican Citzen Database, Tout, SweClockers, Q-Depot and Autogedal.
Turns out our old friends from North Korea’s Lapsus$ crew, yes, the same folks keeping Rocket Man’s missile budget healthy, managed to swipe $1.5 billion in Ethereum. How? Simple. They finessed a phishing site so convincing, the CEO probably thought he was just doing his usual cold to hot wallet shuffle. Except this time, instead of transferring funds to the actual exchange, he generously wired them to a wallet owned by Kim Jong-un’s piggy bank.
You really have to admire the craft. This wasn’t your run of the mill phishing email saying, “Dear sir, urgent action required.” Nope. This was months of prep, insider level details, and a portal so identical even his password manager probably applauded.
Biggest crypto heist ever. And honestly? At this point, North Korea might as well list “professional crypto thief” as its top GDP contributor.
UK vs. Apple ADP: The Fight to Make Everyone Less Safe.
The British government, in its ongoing quest to protect literally no one, has been demanding Apple disable Advanced Data Protection (ADP), because, you know, “think of the children.”
Of course, if you have even a speck of common sense, you'll realise that criminals, spies, and hackers aren’t exactly sitting around using iCloud backups. No, the only people this really affects are regular folks who want their family photos, private messages, and embarrassing karaoke videos kept under wraps without having to earn a PhD in encryption.
Meanwhile, journalists in war zones, activists under oppressive regimes, and basically anyone doing something important with sensitive data? Yeah, they're the ones getting hung out to dry. But hey, who needs privacy when you’ve got performative legislation that makes no one safer?
Cheers to the UK government for protecting democracy by undermining it.
Amazon’s "Just Walk Out" Stores: Surprise! It’s Just People.
Ah yes, Amazon’s “Just Walk Out” stores, the tech marvel where AI magically tracks your every move so you can grab your snacks and leave without fuss. Except… plot twist! The "AI" was actually 1,000 humans in India watching us like we’re contestants on Big Brother: Grocery Edition.
That’s right, behind the scenes of what you thought was cutting edge machine learning, there were real people manually tagging videos and making sure Karen didn’t "accidentally" leave with five unpaid rotisserie chickens.
Amazon, of course, denied it. “They’re just helping train the AI!” they claimed. Sure. And I’m just helping my dog “learn” by doing his taxes.
Either way, Amazon’s now ditching the whole operation in favour of the classic barcode scanners, which beep with all the joy of a 2003 checkout lane. So the dream of a robot-run grocery utopia has officially been downgraded to humans with price guns.
Progress.
TL;DR of the Month:
- North Korea’s got $1.5 billion of Ethereum and probably a new theme park on the way.
- The UK wants to fight crime by making sure your private data is up for grabs.
- Amazon’s AI is actually just Dave from Delhi watching you buy Doritos.
Catch you next month, where I’m sure someone else will accidentally wire their life savings to North Korea and Facebook will declare Python a biohazard.
Scan Any Domain for Free https://breachaware.com/scan
Data Breach, Vulnerability & Privacy Research this Month
Feds Take Down Major Cybercrime Hubs.https://breachaware.com/research/feds-take-down-major-cybercrime-hubs
A total of 15 breaches were found and analysed resulting in 3,010,005 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Strong Current, Email Data Pro, Stealer Log 0506, Lapor GO and International Olympiad Foundation.
OpenAI Hack? Hacker Claims Access to 20M Accounts
https://breachaware.com/research/hacker-claims-20m-openai-stolen-credentials
A total of 12 breaches were found and analysed resulting in 18,201,867 leaked accounts containing a total of 27 different data types. The breaches found publicly and freely available included ULP 0001, Corporation.de, Buddy Loan, ULP 0002 and Stealer Log 0507.
Doxbin Drama, Another Day, Another Leak
https://breachaware.com/research/doxbin-drama-another-day-another-leak
A total of 24 breaches were found and analysed resulting in 23,332,681 leaked accounts containing a total of 36 different data types. The breaches found publicly and freely available included Indian DataBase Package, Stealer Log 0508, Chess, LinkedIn (Executive Profiles) and Traderie.
UK’s Snooper’s Charter Strikes Again, Apple Backs Down.
https://breachaware.com/research/uk-snoopers-charter-strikes-again-apple-backs-down
A total of 15 breaches were found and analysed resulting in 2,096,737 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Mexican Citzen Database, Tout, SweClockers, Q-Depot and Autogedal.
