Point of View | Page 3

In a cyber twist reminiscent of a high-stakes thriller, Ukrainian activists are claiming to have performed a digital magic trick at the Russian Center for Space Hydro-Meteorology. The daring act allegedly involved breaking in and erasing a whopping two petabytes of data. If the Center had their cosmic ducks in a row with backups, they're in for a celestial restoration project that could take eons. The Planeta, as it's casually known, juggles the arrangement of aerospace data, including the management of military satellites, ground equipment like radars, and a plethora of stations monitoring everything from natural disasters to volcanic activity. The hackers, reportedly causing chaos across 280 servers, are giving the term "data wipeout" a cosmic spin. Despite the news being delivered by the Main Intelligence Directorate of Ukraine's Ministry of Defence, they're quick to deny any hands-on involvement, leaving the cyber curtain open for speculation.

Meanwhile, in the world of cybercrime, a member of the infamous Shiny Hunters crew has found themselves in a real-life courtroom drama. Sentenced to three years in the cyber slammer and slapped with a five-million-dollar damages bill, this former computer science whiz was nabbed by Moroccan authorities after the FBI sent out a digital wanted poster in May 2022. Through a plea deal that would make even seasoned negotiators nod in approval, the hacker avoided a potential 116-year prison stint for charges including electronic fraud and aggravated identity theft. The Shiny Hunters gang, known for its digital exploits in compromising over 60 companies, can now add the loss of one of its own to its criminal resume. Talk about poetic justice in the cyber realm.

As if we needed another plot twist in the cyber saga, "CyberKidnapping" is making headlines, featuring social engineering as the star of the show. In a recent American case, threat actors managed to get the upper hand by acquiring substantial information about a Chinese family with a 17-year-old son living in the U.S., while the rest of the family resided in China. Through a web of spoofed phone calls, these digital puppet masters convinced the family to fork over a hefty $80,000 for the supposed safe return of their son. The plot thickens as the young man is later discovered chilling in the mountains of Utah, having fallen victim to the cyber smoke and mirrors. Who needs Hollywood scripts when reality is writing its own cyber thriller?

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

'Best car insurance company of 2023' fell victim to a significant data breach.
https://breachaware.com/research/best-car-insurance-company-of-2023-fell-victim-to-a-significant-data-breach
A total of 29 breaches were found and analysed resulting in 62,500,213 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Naz.API, Elephant Insurance Services, Klarna [2] (URL Redirected), Stealer Log 0410 and Vecer.

Music event ticket sellers' entire user base is exposed.
https://breachaware.com/research/music-event-ticket-sellers-entire-user-base-is-exposed
A total of 19 breaches were found and analysed resulting in 6,238,564 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Hathway Cable & Datacom, GSM Forum, Stealer Log 0407, Atlas Bus and Live4Fun.

"The McFlurry Bandit" exposed McDonald’s Single Sign-On (SSO) services.
https://breachaware.com/research/the-mcflurry-bandit-exposed-mcdonalds-single-sign-on-services
A total of 36 breaches were found and analysed resulting in 8,839,927 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Alpha Bank, Kredit Plus, Stealer Log 0406, The ACE Card Club and RCZ Bike Shop.

Energy engineers from 100 countries have fallen victim to a breach.
https://breachaware.com/research/energy-engineers-from-100-countries-have-fallen-victim-to-a-breach
A total of 18 breaches were found and analysed resulting in 3,873,960 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Leader ID, Stealer Log 0403, iGlobe, Stealer Log 0404 and Pelayanan Denpasarkota.

International peace and security organisation finds itself at the centre of a breach.
https://breachaware.com/research/international-peace-and-security-organisation-finds-itself-at-the-centre-of-a-breach
A total of 27 breaches were found and analysed resulting in 2,791,859 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included Stealer Log 0402, Stealer Log 0400, Annuaire Sante, Stealer Log 0401 and X Ponential.

A new hitch in the Bluetooth protocol is making iOS, Android, Linux, and Mac users do the vulnerability two-step. The researcher who stumbled upon this digital dance has chosen to keep the proof of concept under wraps, opting for a behind-the-scenes chat with the manufacturers. This exploit waltzes its way into the operating systems mentioned, convincing them to welcome an unauthorised individual via Bluetooth, turning your device into a potential puppet on the hacker's string. Until the code sees the light of day, it's a waiting game. Remember, folks, keep that Bluetooth switch off when not in use – consider it a digital lockdown for your devices. It's just another nudge to stay vigilant.

In the realm of booming cryptocurrencies, malware vendors are unveiling their latest party tricks. Their updates flaunt the ability to scour a victim's computer for popular crypto wallets. As we gear up for the new year, the research team is coming face-to-face with malware capabilities that are nothing short of spine-chilling. The A-list of stealer logs is up for sale, and these bad boys aren't being handed out for free. Balancing risk and convenience is an art form in the digital age. The research team is eyeing multiple devices to safeguard personal use applications like online banking, crypto wallets, and casual web surfing. It's like crafting a digital security masterpiece.

In a cinematic twist, the U.S. Justice Department has disrupted a ransomware gang that's been wreaking havoc globally for the past 18 months. The gang's tor network-operated ransomware site got the official "seized" stamp from the authorities. The victim list includes networks intricately linked with or supporting critical U.S. infrastructure. The ransomware gang's website now proudly displays a "seizure banner," showcasing the various law enforcement agencies that tag-teamed to take it down. However, in a plot twist worthy of a cyber thriller, a respected cybersecurity group exchanged messages with the gang, who claim they've simply changed locations. The FBI, ever the hero, has whipped up a decryption tool to restore the computers of the 500 or so victims. Cue collective sighs of relief from the ransomware-stricken masses.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Let's hope none of these innocent animals are subject to identity theft.
https://breachaware.com/research/lets-hope-none-of-these-innocent-animals-are-subject-to-identity-theft
A total of 24 breaches were found and analysed resulting in 5,543,572 leaked accounts containing a total of 15 different data types. The breaches found publicly and freely available included Pleer, Foam Store, Clash of Olympus, Ramailo and Jivo.

Enthusiasts of inflatable and balloon fetish entertainment fell victim to a cyber breach.
https://breachaware.com/research/enthusiasts-of-inflatable-and-balloon-fetish-entertainment-fell-victim-to-a-cyber-breach
A total of 7 breaches were found and analysed resulting in 145,841 leaked accounts containing a total of 19 different data types. The breaches found publicly and freely available included Reserved, Stealer Log 0399, Camel Grinding Wheels, Instituto Universatario De Tecnologia De Administracion Industrial and InflateVids.

New twist reveals threat actor has meticulously de-hashed 12 million passwords.
https://breachaware.com/research/new-twist-reveals-threat-actor-has-meticulously-de-hashed-12-million-passwords
A total of 24 breaches were found and analysed resulting in 15,864,178 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Fotolog, Stealer Log 0398, Stealer Log 0396, Home Center and Stealer Log 0394.

Shocking incident involving a pinnacle cybersecurity entity underscores the severity of the situation.
https://breachaware.com/research/shocking-incident-involving-a-pinnacle-cybersecurity-entity-underscores-the-severity-of-the-situation
A total of 31 breaches were found and analysed resulting in 11,573,930 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Kassy, Stealer Log 0388, Postgre Pro, Neznaika and Ikea Israel.

Google's latest IP protection feature for Chrome is like the superhero cape for your online privacy, swooping in to save the day. It's their way of saying, "Hey, we may have ditched 'don't be evil,' but we're still here for you." The feature promises to shield users from cross-site tracking, the internet's version of someone following you around the grocery store and noting every item in your cart.

Now, Google's grand plan involves routing all your data through their servers with a two-hop proxy. Picture it like a relay race where the first baton pass is to a Google server and the second is to a CDN. It's like a secret agent operation, only instead of spies, it's your data taking on a covert mission. But, hold your horses, if the CDN has a secret alliance with Google or is part of the Alphabet family (which, surprise, owns Google), there might be some data collection shenanigans going on.

In the anti-abuse section of their proposal, Google says you'll need to be logged in for this magic to happen. They claim the proxy won't play detective and connect your traffic to a user account. Well, that's reassuring, coming from the folks who've turned data-selling into an art form. The implementation of this feature is like waiting for the grand finale of a magic show – let's see if the disappearing act actually works.

And now, let's mosey on over to the farm where even cows are caught up in the whirlwind of IoT devices. In the good old days, cows would leisurely graze, blissfully unaware of the digital era. Fast forward to today, farmers are outfitting them with smart collars. However, a team of researchers has found some chinks in the cows' digital armour. They've reverse-engineered the wireless protocol, playing a high-stakes game of cow-themed espionage. If these smart collars were part of the internet at large, it would be a moo-ving argument for beefing up security. Just imagine a cow facing a ransomware attack – udder chaos!

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

US nuclear research facility has been compromised.
https://breachaware.com/research/us-nuclear-research-facility-has-been-compromised
A total of 13 breaches were found and analysed resulting in 1,873,089 leaked accounts containing a total of 19 different data types. The breaches found publicly and freely available included MPL Esports Update [URL Redirected], Stealer Log 0383, Ace Online (Israel), Stealer Log 0384 and Stealer Log 0386.

Next-gen smart home tech company warned "I may release the entire breach for free."
https://breachaware.com/research/next-gen-smart-home-tech-company-warned-i-may-release-the-entire-breach-for-free
A total of 28 breaches were found and analysed resulting in 146,769,692 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Dubsmash (2), Reverb Nation, Work 5, Wobi and Medical Company Nauka.

“The battle for Omegle has been lost, but the war against the Internet rages on."
https://breachaware.com/research/the-battle-for-omegle-has-been-lost-but-the-war-against-the-internet-rages-on
A total of 32 breaches were found and analysed resulting in 3,371,685 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Stealer Log 0377, Stealer Log 0378, iD Tech, My Book Qatar and Utel Universad.

Unsuspecting government, police, and military recipients will be receiving a fresh wave of links to believable phishing sites.
https://breachaware.com/research/unsuspecting-government-police-and-military-recipients-will-be-receiving-a-fresh-wave-of-links-to-believable-phishing-sites
A total of 17 breaches were found and analysed resulting in 3,775,020 leaked accounts containing a total of 22 different data types. The breaches found publicly and freely available included Stealer Log 0375, Stealer Log 0372, Stealer Log 0374, Stealer Log 0373 and 585Gold.

Ah, the ever-tempestuous Middle East, where conflicts extend beyond the physical battlefield into the digital realm. Hacktivist groups and state-sponsored hackers are joining the fray, turning critical infrastructure into virtual battlegrounds. Disturbing reports emerge of compromised systems, painting a grim picture of the region's cybersecurity landscape.

In a scene straight out of a cyber thriller, a notorious threat actor group, known to frequent our weekly insights, has been making waves. They've allegedly breached a major gas station company, flaunting their access by sharing screenshots of control panels for petrol and diesel storage, along with temperature controls. As if that weren't enough, they've also flexed their digital muscles by showcasing videos of havoc wreaked upon a prominent energy provider's power grid.

The damage doesn't stop there. Reports detail the group's interference with transformers and electrical cables, prompting the affected company to scramble for hefty generators while parts of their network undergo a digital makeover. And it's not just the power grid feeling the heat; screenshots of access to water waste treatment plants have also made their way online. One can't help but wonder why these critical systems aren't tucked away behind the digital equivalent of a fortress wall – you know, the old 'air-gapping' trick.

Meanwhile, across the pond, America's favorite pipeline is making headlines once again. Fresh off the heels of a devastating ransomware attack in 2021, this vital artery supplying half of the east coast's oil finds itself in the crosshairs once more. A new ransomware gang, with a penchant for digital mischief, has managed to snag 2.9 GB of sensitive files. While they haven't pulled the trigger on encryption or disrupted operations (yet), the stolen loot includes contracts, employee emails, and even staff photographs – talk about a digital treasure trove.

But here's the kicker: despite the FBI's best efforts, the gang's spam-delivery infrastructure remains stubbornly operational. These 'Qakbot' affiliates seem unfazed by law enforcement's attempts to shut them down, continuing their nefarious activities like cyber cockroaches that just won't quit. It's a stark reminder that even in the face of adversity, the digital underworld persists, lurking in the shadows, ready to strike at a moment's notice.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

He hired out various criminal gangs to fire bomb and brick houses.
https://breachaware.com/research/he-hired-out-various-criminal-gangs-to-fire-bomb-and-brick-houses
A total of 32 breaches were found and analysed resulting in 21,344,925 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included CDEK, Appen [2], Stealer Log 0369, PokerStars and Stealer - Meta 0359.

Former Navy IT manager stole PII from over nine thousand service men and women.
https://breachaware.com/research/former-navy-it-manager-stole-pii-from-over-nine-thousand-service-men-and-women
A total of 26 breaches were found and analysed resulting in 67,367,045 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Apollo [2], Hurb [2], TaiLieu, TigerAir Taiwan and Lamoda.

The STEM camp company still remains quiet on the breached data.
https://breachaware.com/research/the-stem-camp-company-still-remains-quiet-on-the-breached-data
A total of 23 breaches were found and analysed resulting in 1,710,241 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Zarina, Ministero della Giustizia, Reg Me, Stealer - RedLine 0336 and University of La Guajira.

Threat actor says the compromised charity has been stealing and laundering money for years.
https://breachaware.com/research/threat-actor-says-the-compromised-charity-has-been-stealing-and-laundering-money-for-years
A total of 41 breaches were found and analysed resulting in 38,464,662 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Evite, Viva Air (3), Craft Rise, La Poste Mobile and Stealer - Mixed Logs 0349.

Leaked voice recordings reveal customers and staff exchanging security questions.
https://breachaware.com/research/leaked-voice-recordings-reveal-customers-and-staff-exchanging-security-questions
A total of 17 breaches were found and analysed resulting in 2,028,772 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Sphero, Cyber Photo, Comp and Save, Cover King and ICT Billet.

Ah, the ever-tempestuous Middle East, where conflicts extend beyond the physical battlefield into the digital realm. Hacktivist groups and state-sponsored hackers are joining the fray, turning critical infrastructure into virtual battlegrounds. Disturbing reports emerge of compromised systems, painting a grim picture of the region's cybersecurity landscape.

In a scene straight out of a cyber thriller, a notorious threat actor group, known to frequent our weekly insights, has been making waves. They've allegedly breached a major gas station company, flaunting their access by sharing screenshots of control panels for petrol and diesel storage, along with temperature controls. As if that weren't enough, they've also flexed their digital muscles by showcasing videos of havoc wreaked upon a prominent energy provider's power grid.

The damage doesn't stop there. Reports detail the group's interference with transformers and electrical cables, prompting the affected company to scramble for hefty generators while parts of their network undergo a digital makeover. And it's not just the power grid feeling the heat; screenshots of access to water waste treatment plants have also made their way online. One can't help but wonder why these critical systems aren't tucked away behind the digital equivalent of a fortress wall – you know, the old 'air-gapping' trick.

Meanwhile, across the pond, America's favourite pipeline is making headlines once again. Fresh off the heels of a devastating ransomware attack in 2021, this vital artery supplying half of the east coast's oil finds itself in the crosshairs once more. A new ransomware gang, with a penchant for digital mischief, has managed to snag 2.9 GB of sensitive files. While they haven't pulled the trigger on encryption or disrupted operations (yet), the stolen loot includes contracts, employee emails, and even staff photographs – talk about a digital treasure trove.

But here's the kicker: despite the FBI's best efforts, the gang's spam-delivery infrastructure remains stubbornly operational. These 'Qakbot' affiliates seem unfazed by law enforcement's attempts to shut them down, continuing their nefarious activities like cyber cockroaches that just won't quit. It's a stark reminder that even in the face of adversity, the digital underworld persists, lurking in the shadows, ready to strike at a moment's notice.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Additional concern to those already worried about their safety.
https://breachaware.com/research/additional-concern-to-those-already-worried-about-their-safety
A total of 20 breaches were found and analysed resulting in 10,408,754 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Malindo Air, Kupi VIP, Stealer - RedLine 0352, Trident Crypto [2] and Stealer - Mixed Logs 0355.

At least their password hashing is up to scratch.
https://breachaware.com/research/at-least-their-password-hashing-is-up-to-scratch
A total of 20 breaches were found and analysed resulting in 3,005,349 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Dymocks, Dolly, XM, VN Game Forum and Clara Hair.

A leading Russian bank has experienced a major security incident.
https://breachaware.com/research/a-leading-russian-bank-has-experienced-a-major-security-incident
A total of 19 breaches were found and analysed resulting in 10,186,872 leaked accounts containing a total of 14 different data types. The breaches found publicly and freely available included Muzhiwan, Legendas.TV, Zipmex, SevenRooms and American Kennel Club.

Threat actors brought 20 Polish trains to a sudden standstill.
https://breachaware.com/research/threat-actors-brought-20-polish-trains-to-a-sudden-standstill
A total of 20 breaches were found and analysed resulting in 6,109,641 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included Duolingo, Games Planet, Vesi Cash, Stealer - 0337 Mixed Logs and Free-Lance.

Ah, the tangled web of government espionage and cybersecurity – it's like a digital spy novel unfolding in real-time. Governments worldwide have long relied on specialised firms to do their dirty work in the cyber realm, whether it's snooping on hostile countries, keeping tabs on journalists, or just poking around in the general public's digital knick-knacks. But what happens when these firms themselves become the target?

Picture this: a 14-year-old script kiddie, fuelled by energy drinks and teenage bravado, infiltrates a dodgy security company in Israel, snagging sophisticated hacking tools left and right. Or perhaps it's a more sinister group, lurking in the digital shadows, picking up intel from a security breach at the CIA – talk about a digital catch of the day. It's a precarious dance, a game of cat and mouse where the stakes couldn't be higher. Because let's face it, it's only a matter of time before someone with ill intentions gets their hands on something truly powerful, and suddenly we're looking at a teenager with a penchant for mayhem flipping switches on power grids.

And then there's doxing, that delightful pastime of unearthing someone's private info and tossing it into the digital wild. While some see it as a harmless prank, for others, it's a matter of life and death. But now, the game has taken a darker turn as hackers set their sights on uncovering the real IPs of hidden services lurking in the depths of the Tor network. These criminal marketplaces thought they were safe behind layers of encryption, but alas, no digital fortress is impenetrable. Just ask the marketplace that had its real IP leaked on a dark-web forum, prompting a hasty retreat into the digital shadows.

But wait, there's more! Even everyone's favourite end-to-end encrypted email provider isn't immune to scrutiny. Touting Swiss law and neutrality as their shield of protection, they failed to mention their rather cozy relationship with law enforcement. With nearly 6,000 data requests complied with in 2022 alone and a penchant for sharing info with the FBI, it seems privacy might not be as ironclad as advertised. Sure, the emails may be locked up tight, but metadata can still slip through the cracks, leaving a breadcrumb trail for anyone with the know-how to follow.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

A vulnerable API, results in 2.6 million user data exposed.
https://breachaware.com/research/a-vulnerable-api-results-in-millions-of-user-data-exposed
A total of 6 breaches were found and analysed resulting in 309,638 leaked accounts containing a total of 14 different data types. The breaches found publicly and freely available included EPL Diamond, DICO DF Furniture, Gezonderwinkelen, Zeosys Co., Ltd and Cars World.

AnonFiles are shut down by proxy provider.
https://breachaware.com/research/anonfiles-are-shut-down-by-proxy-provider
A total of 21 breaches were found and analysed resulting in 6,566,267 leaked accounts containing a total of 17 different data types. The breaches found publicly and freely available included Whoosh, Erectile Dysfunction Clinic, OCC Mundial, Tjori and Job Plus.

The "ultimate marketplace for selling your business" suffers a data breach.
https://breachaware.com/research/ultimate-marketplace-for-selling-your-business-suffers-a-data-breach
A total of 20 breaches were found and analysed resulting in 8,226,171 leaked accounts containing a total of 18 different data types. The breaches found publicly and freely available included Drive Sure, Guia TV Pro, Stalker, Propostuplenie and Podrygka.

If you're from the UK, that's a potential no 'opt out' option from surveillance.
https://breachaware.com/research/thats-a-potential-no-opt-out-option-from-surveillance
A total of 18 breaches were found and analysed resulting in 4,228,354 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Synevo, Helix, Zurich Insurance - Japan, Over Clock Zone and Agence Emploi Jeunes.

Well, well, well, looks like the ransomware gang ALPHV, also known as BlackCat or Noberus, is playing the cyber game with a new set of rules. They've decided to step up their game by offering an API – because hey, why not add a touch of convenience to cyber extortion, right?

Why the sudden switch to offering an API, you ask? Well, it seems there's a global trend of fewer victims coughing up the ransom dough, with even big names like Estée Lauder giving ransom negotiations the cold shoulder. Plus, those Tor sites where these cyber crooks dump their loot aren't exactly user-friendly, what with all the downtime and sluggish download speeds.

So, enter the API, the ultimate temptation for reluctant victims. By increasing the visibility of stolen data and making it oh-so-easy to access, ALPHV is basically saying, "Pay up or risk having your dirty laundry aired for all to see." They even threw in a Python crawler to sweeten the deal – because who doesn't love a helpful tool for their cyber shenanigans?

Now, what sets ALPHV apart from the cyber riff-raff is that it's the first ransomware of its kind written in Rust – a programming language that's like a Swiss army knife for malware, allowing for easy customisation across different operating systems. Since November 2021, this cyber menace has been wreaking havoc, with some experts dubbing it the heir to the infamous BlackMatter and Darkside ransomware legacies.

And they're not just twiddling their thumbs, folks. ALPHV goes the extra mile to maximise their ransom haul, with tricks up their digital sleeves like deleting volume shadow copies, shutting down processes and services, and even putting the kibosh on virtual machines.

Their hit list reads like a who's who of cyber targets, with recent exploits including a whopping 7TB data heist from Barts Health NHS Trust and a cameo on Reddit's victim roster during the infamous Reddit blackout. According to the Health Sector Cybersecurity Coordination Centre's (HC3) report, these cyber baddies have a particular penchant for healthcare targets, and it looks like they're just getting started. Brace yourselves, folks – the cyber storm is far from over.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Tokyo based insurance companys' breached data makes it way into public circulation.
https://breachaware.com/research/tokyo-based-insurance-companys-breached-data-makes-it-way-into-public-circulation
A total of 11 breaches were found and analysed resulting in 7,785,424 leaked accounts containing a total of 15 different data types. The breaches found publicly and freely available included Gemini [2], Exvagos, Stealer - BradMax 0325, Debbie Sells Columbia and American Express.

How much data do you need to buy a car these days?
https://breachaware.com/research/how-much-data-do-you-need-to-buy-a-car-these-days
A total of 45 breaches were found and analysed resulting in 21,048,388 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Clear Voice Surveys, Nova Poshta, RenewBuy, Seat and My Canada Payday.

He has three charges, the third, CSAM, was unexpected.
https://breachaware.com/research/he-has-three-charges-the-third-csam-was-unexpected
A total of 5 breaches were found and analysed resulting in 7,143,477 leaked accounts containing a total of 12 different data types. The breaches found publicly and freely available included Forex Depositor Database, Turk Telekom, OnGab, Bitimen and Condor Airlines.

"Fast and honest" legal funding company has suffered a data breach.
https://breachaware.com/research/fast-and-honest-legal-funding-company-has-suffered-a-data-breach
A total of 41 breaches were found and analysed resulting in 128,269,951 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Canva [2], Truth Finder, Boat Owners Database - USA, Coin Gecko and Gelbeseiten.

Unusually the data is still in circulation and it doesn’t seem that the bank has notified its users.
https://breachaware.com/research/unusually-the-data-is-still-in-circulation-and-it-doesnt-seem-that-the-bank-has-notified-its-users
A total of 9 breaches were found and analysed resulting in 20,774,389 leaked accounts containing a total of 31 different data types. The breaches found publicly and freely available included Exactis, Stealer - Mixed Logs 0316, Cal Racing, Stealer - Mixed Logs 0317 and Nomer.