Ah, the ever-tempestuous Middle East, where conflicts extend beyond the physical battlefield into the digital realm. Hacktivist groups and state-sponsored hackers are joining the fray, turning critical infrastructure into virtual battlegrounds. Disturbing reports emerge of compromised systems, painting a grim picture of the region's cybersecurity landscape.

In a scene straight out of a cyber thriller, a notorious threat actor group, known to frequent our weekly insights, has been making waves. They've allegedly breached a major gas station company, flaunting their access by sharing screenshots of control panels for petrol and diesel storage, along with temperature controls. As if that weren't enough, they've also flexed their digital muscles by showcasing videos of havoc wreaked upon a prominent energy provider's power grid.

The damage doesn't stop there. Reports detail the group's interference with transformers and electrical cables, prompting the affected company to scramble for hefty generators while parts of their network undergo a digital makeover. And it's not just the power grid feeling the heat; screenshots of access to water waste treatment plants have also made their way online. One can't help but wonder why these critical systems aren't tucked away behind the digital equivalent of a fortress wall – you know, the old 'air-gapping' trick.

Meanwhile, across the pond, America's favorite pipeline is making headlines once again. Fresh off the heels of a devastating ransomware attack in 2021, this vital artery supplying half of the east coast's oil finds itself in the crosshairs once more. A new ransomware gang, with a penchant for digital mischief, has managed to snag 2.9 GB of sensitive files. While they haven't pulled the trigger on encryption or disrupted operations (yet), the stolen loot includes contracts, employee emails, and even staff photographs – talk about a digital treasure trove.

But here's the kicker: despite the FBI's best efforts, the gang's spam-delivery infrastructure remains stubbornly operational. These 'Qakbot' affiliates seem unfazed by law enforcement's attempts to shut them down, continuing their nefarious activities like cyber cockroaches that just won't quit. It's a stark reminder that even in the face of adversity, the digital underworld persists, lurking in the shadows, ready to strike at a moment's notice.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Additional concern to those already worried about their safety.
https://breachaware.com/research/additional-concern-to-those-already-worried-about-their-safety
A total of 20 breaches were found and analysed resulting in 10,408,754 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Malindo Air, Kupi VIP, Stealer - RedLine 0352, Trident Crypto [2] and Stealer - Mixed Logs 0355.

At least their password hashing is up to scratch.
https://breachaware.com/research/at-least-their-password-hashing-is-up-to-scratch
A total of 20 breaches were found and analysed resulting in 3,005,349 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Dymocks, Dolly, XM, VN Game Forum and Clara Hair.

A leading Russian bank has experienced a major security incident.
https://breachaware.com/research/a-leading-russian-bank-has-experienced-a-major-security-incident
A total of 19 breaches were found and analysed resulting in 10,186,872 leaked accounts containing a total of 14 different data types. The breaches found publicly and freely available included Muzhiwan, Legendas.TV, Zipmex, SevenRooms and American Kennel Club.

Threat actors brought 20 Polish trains to a sudden standstill.
https://breachaware.com/research/threat-actors-brought-20-polish-trains-to-a-sudden-standstill
A total of 20 breaches were found and analysed resulting in 6,109,641 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included Duolingo, Games Planet, Vesi Cash, Stealer - 0337 Mixed Logs and Free-Lance.

Ah, the tangled web of government espionage and cybersecurity – it's like a digital spy novel unfolding in real-time. Governments worldwide have long relied on specialised firms to do their dirty work in the cyber realm, whether it's snooping on hostile countries, keeping tabs on journalists, or just poking around in the general public's digital knick-knacks. But what happens when these firms themselves become the target?

Picture this: a 14-year-old script kiddie, fuelled by energy drinks and teenage bravado, infiltrates a dodgy security company in Israel, snagging sophisticated hacking tools left and right. Or perhaps it's a more sinister group, lurking in the digital shadows, picking up intel from a security breach at the CIA – talk about a digital catch of the day. It's a precarious dance, a game of cat and mouse where the stakes couldn't be higher. Because let's face it, it's only a matter of time before someone with ill intentions gets their hands on something truly powerful, and suddenly we're looking at a teenager with a penchant for mayhem flipping switches on power grids.

And then there's doxing, that delightful pastime of unearthing someone's private info and tossing it into the digital wild. While some see it as a harmless prank, for others, it's a matter of life and death. But now, the game has taken a darker turn as hackers set their sights on uncovering the real IPs of hidden services lurking in the depths of the Tor network. These criminal marketplaces thought they were safe behind layers of encryption, but alas, no digital fortress is impenetrable. Just ask the marketplace that had its real IP leaked on a dark-web forum, prompting a hasty retreat into the digital shadows.

But wait, there's more! Even everyone's favourite end-to-end encrypted email provider isn't immune to scrutiny. Touting Swiss law and neutrality as their shield of protection, they failed to mention their rather cozy relationship with law enforcement. With nearly 6,000 data requests complied with in 2022 alone and a penchant for sharing info with the FBI, it seems privacy might not be as ironclad as advertised. Sure, the emails may be locked up tight, but metadata can still slip through the cracks, leaving a breadcrumb trail for anyone with the know-how to follow.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

A vulnerable API, results in 2.6 million user data exposed.
https://breachaware.com/research/a-vulnerable-api-results-in-millions-of-user-data-exposed
A total of 6 breaches were found and analysed resulting in 309,638 leaked accounts containing a total of 14 different data types. The breaches found publicly and freely available included EPL Diamond, DICO DF Furniture, Gezonderwinkelen, Zeosys Co., Ltd and Cars World.

AnonFiles are shut down by proxy provider.
https://breachaware.com/research/anonfiles-are-shut-down-by-proxy-provider
A total of 21 breaches were found and analysed resulting in 6,566,267 leaked accounts containing a total of 17 different data types. The breaches found publicly and freely available included Whoosh, Erectile Dysfunction Clinic, OCC Mundial, Tjori and Job Plus.

The "ultimate marketplace for selling your business" suffers a data breach.
https://breachaware.com/research/ultimate-marketplace-for-selling-your-business-suffers-a-data-breach
A total of 20 breaches were found and analysed resulting in 8,226,171 leaked accounts containing a total of 18 different data types. The breaches found publicly and freely available included Drive Sure, Guia TV Pro, Stalker, Propostuplenie and Podrygka.

If you're from the UK, that's a potential no 'opt out' option from surveillance.
https://breachaware.com/research/thats-a-potential-no-opt-out-option-from-surveillance
A total of 18 breaches were found and analysed resulting in 4,228,354 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Synevo, Helix, Zurich Insurance - Japan, Over Clock Zone and Agence Emploi Jeunes.

Well, well, well, looks like the ransomware gang ALPHV, also known as BlackCat or Noberus, is playing the cyber game with a new set of rules. They've decided to step up their game by offering an API – because hey, why not add a touch of convenience to cyber extortion, right?

Why the sudden switch to offering an API, you ask? Well, it seems there's a global trend of fewer victims coughing up the ransom dough, with even big names like Estée Lauder giving ransom negotiations the cold shoulder. Plus, those Tor sites where these cyber crooks dump their loot aren't exactly user-friendly, what with all the downtime and sluggish download speeds.

So, enter the API, the ultimate temptation for reluctant victims. By increasing the visibility of stolen data and making it oh-so-easy to access, ALPHV is basically saying, "Pay up or risk having your dirty laundry aired for all to see." They even threw in a Python crawler to sweeten the deal – because who doesn't love a helpful tool for their cyber shenanigans?

Now, what sets ALPHV apart from the cyber riff-raff is that it's the first ransomware of its kind written in Rust – a programming language that's like a Swiss army knife for malware, allowing for easy customisation across different operating systems. Since November 2021, this cyber menace has been wreaking havoc, with some experts dubbing it the heir to the infamous BlackMatter and Darkside ransomware legacies.

And they're not just twiddling their thumbs, folks. ALPHV goes the extra mile to maximise their ransom haul, with tricks up their digital sleeves like deleting volume shadow copies, shutting down processes and services, and even putting the kibosh on virtual machines.

Their hit list reads like a who's who of cyber targets, with recent exploits including a whopping 7TB data heist from Barts Health NHS Trust and a cameo on Reddit's victim roster during the infamous Reddit blackout. According to the Health Sector Cybersecurity Coordination Centre's (HC3) report, these cyber baddies have a particular penchant for healthcare targets, and it looks like they're just getting started. Brace yourselves, folks – the cyber storm is far from over.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Tokyo based insurance companys' breached data makes it way into public circulation.
https://breachaware.com/research/tokyo-based-insurance-companys-breached-data-makes-it-way-into-public-circulation
A total of 11 breaches were found and analysed resulting in 7,785,424 leaked accounts containing a total of 15 different data types. The breaches found publicly and freely available included Gemini [2], Exvagos, Stealer - BradMax 0325, Debbie Sells Columbia and American Express.

How much data do you need to buy a car these days?
https://breachaware.com/research/how-much-data-do-you-need-to-buy-a-car-these-days
A total of 45 breaches were found and analysed resulting in 21,048,388 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Clear Voice Surveys, Nova Poshta, RenewBuy, Seat and My Canada Payday.

He has three charges, the third, CSAM, was unexpected.
https://breachaware.com/research/he-has-three-charges-the-third-csam-was-unexpected
A total of 5 breaches were found and analysed resulting in 7,143,477 leaked accounts containing a total of 12 different data types. The breaches found publicly and freely available included Forex Depositor Database, Turk Telekom, OnGab, Bitimen and Condor Airlines.

"Fast and honest" legal funding company has suffered a data breach.
https://breachaware.com/research/fast-and-honest-legal-funding-company-has-suffered-a-data-breach
A total of 41 breaches were found and analysed resulting in 128,269,951 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Canva [2], Truth Finder, Boat Owners Database - USA, Coin Gecko and Gelbeseiten.

Unusually the data is still in circulation and it doesn’t seem that the bank has notified its users.
https://breachaware.com/research/unusually-the-data-is-still-in-circulation-and-it-doesnt-seem-that-the-bank-has-notified-its-users
A total of 9 breaches were found and analysed resulting in 20,774,389 leaked accounts containing a total of 31 different data types. The breaches found publicly and freely available included Exactis, Stealer - Mixed Logs 0316, Cal Racing, Stealer - Mixed Logs 0317 and Nomer.

It seems like the ransomware gang CL0P is on a world tour of chaos this month, hitting companies left, right, and centre. But it looks like Uncle Sam isn't about to sit back and watch the show – the United States government has slapped a hefty $10,000,000 bounty on the heads of anyone even remotely associated with these cyber troublemakers. Talk about putting a price on digital mayhem!

Meanwhile, in the ever-fascinating world of cyber back alleys, the infamous doxing site Doxbin is making headlines again with yet another change of ownership. It's been a wild ride for Doxbin, with ownership swapping hands like a hot potato over the past couple of years. But despite the drama, this digital treasure trove of personal information is still standing tall, boasting over 95,000 public pastes and a whopping 100,000 registered users. With a history dating back to 2011, this site has seen it all – and it's not going anywhere anytime soon. Perhaps its strict rules against illegal activity and harassment are what's keeping law enforcement at bay.

And if that wasn't enough digital drama for you, hold onto your keyboards, because a massive American boating database has just sailed into the online spotlight. With millions of unique accounts and juicy datasets ranging from boat types to ownership details and even physical addresses, this database is a goldmine for thieves and scammers alike. As we speak, a member of our crack team is digging deep into the data, uncovering the secrets lurking beneath the surface. It's like a cyber ocean of possibilities – just watch out for the sharks!

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

A staggering array of data types leaked.
https://breachaware.com/research/a-staggering-array-of-data-types-leaked
A total of 30 breaches were found and analysed resulting in 2,590,682 leaked accounts containing a total of 22 different data types. The breaches found publicly and freely available included Vita Express, Top Say, JD Group, Astron Game Club and Day Without Turnstiles.

But unsurprisingly, that didn’t save them from this data breach.
https://breachaware.com/research/but-unsurprisingly-that-didnt-save-them-from-this-data-breach
A total of 34 breaches were found and analysed resulting in 12,928,058 leaked accounts containing a total of 22 different data types. The breaches found publicly and freely available included Zacks, PayHere, Wildberries, Edim Doma and Cizim Okulu.

British publishers' advertising research tool has recently suffered a data breach.
https://breachaware.com/research/british-publishers-advertising-research-tool-has-recently-suffered-a-data-breach
A total of 17 breaches were found and analysed resulting in 80,089,084 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Luxottica, Polish credentials, Red Volcano, Raid Forums and Bella Clear.

Global leader in cyber security has been attacked with a sophisticated trojan.
https://breachaware.com/research/global-leader-in-cyber-security-has-been-attacked-with-a-sophisticated-trojan
A total of 8 breaches were found and analysed resulting in 11,884,976 leaked accounts containing a total of 8 different data types. The breaches found publicly and freely available included Instant Checkmate, Sports Bull, Forex EU, Iran Laptop Parts and BMMI Shops.

Ah, the ever-evolving landscape of the dark web – a digital underworld where forums rise and fall like shadows in the night. With the demise of Breach Forums earlier this year, it seems a surge of new dark web forums has sprung up like mushrooms after a rainstorm. As new users flood these digital dens, eager to carve out their cyber identities, we're witnessing a resurrection of historic breach data. It's like a digital archaeological dig, unearthing ancient treasures from the depths of cyberspace. Take, for example, an Australian visual communication platform that suffered a breach back in 2019, exposing over 130 million unique email addresses and various datasets. It's a reminder that in the ever-expanding digital universe, the past has a way of resurfacing when you least expect it. And with hackers needing a new home, these underground forums are the digital watering holes where they gather to share their spoils and swap cyber tales.

Speaking of cyber tales, remember that infamous Russian ransomware gang member who got his 15 minutes of fame courtesy of the FBI? Well, it seems he's decided to leave his mark in true cyberpunk fashion by signing a photo of himself posted on the FBI's wanted page and sending it to a popular underground malware collection channel. Talk about making a statement – from Russia with love, indeed.

But it's not just cyber criminals making headlines – our friendly neighboorhood government types are back at it again, waving the banner of "public protection" while encroaching on our digital freedoms. The governor of Montana has decided to ban TikTok, citing concerns about personal data falling into the clutches of the Chinese Communist Party. Come January 2024, the people of Montana will have to bid farewell to their favourite dance routines and cat videos, unless they're willing to jump through VPN hoops. Cue the lawsuits, with parent company ByteDance leading the charge, citing violations of constitutional rights and assorted federal laws. It's a digital showdown in the Wild West of cyberspace, where the lines between protection and censorship blur like pixels on a screen.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

It was a "great resource for stalkers!"
https://breachaware.com/research/it-was-a-great-resource-for-stalkers
A total of 37 breaches were found and analysed resulting in 5,982,905 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included Escapada Rural, Oxfam - Australia, Stealer - Mixed Logs 0304, Stealer - Mixed Logs 0239 and Institute of Chartered Accountants, India.

Over a terabyte of customer data, along with various sensitive documents, were stolen.
https://breachaware.com/research/over-a-terabyte-of-customer-data-along-with-various-sensitive-documents-were-stolen
A total of 20 breaches were found and analysed resulting in 2,551,645 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included RentoMojo, QIP IM, Annex Trades, United States Postal Service and Eternity Modern.

Hackers have posted the source code and private keys to the dark web.
https://breachaware.com/research/hackers-have-posted-the-source-code-and-private-keys-to-the-dark-web
A total of 8 breaches were found and analysed resulting in 1,294,601 leaked accounts containing a total of 16 different data types. The breaches found publicly and freely available included Jewel Scent, Gato Preto, Le Coq Sportif, Stealer - Mixed Logs 0302 and Store Pas Cher.

The total dump is over 330GB worth of SQL files...
https://breachaware.com/research/the-total-dump-is-over-330gb-worth-of-sql-files
A total of 10 breaches were found and analysed resulting in 8,990,513 leaked accounts containing a total of 18 different data types. The breaches found publicly and freely available included Sogaz, Manufacturers Association For Information Technology (MAIT), Ploschad Mira, Kickback and Sahibinden.

They offer over 1 million PPT templates with some pretty snazzy designs...
https://breachaware.com/research/they-offer-over-1-million-ppt-templates-with-some-pretty-snazzy-designs
A total of 21 breaches were found and analysed resulting in 10,517,319 leaked accounts containing a total of 19 different data types. The breaches found publicly and freely available included Moscow Electronic School, Paystand, Slide Team, Pitzi and ScrumDo.

The age-old dance between privacy and security continues, with governments around the globe tightening their grip on the digital realm under the guise of protecting the public. The latest act in this cyber saga? The Restrict Act, currently waltzing its way through Congress, threatening to criminalise American citizens who dare to use virtual private networks to access government-banned applications. Talk about a digital iron fist – offenders could find themselves facing serious jail time if caught.

And it's not just Uncle Sam getting in on the action – Russia has thrown its hat into the anti-VPN ring with a slick video funded by the Ministry of Digital Development, Communications, and Mass Media. They're sounding the alarm bells about the supposed dangers of VPNs, warning citizens that their personal data – from financial info to passwords – could be ripe for the picking by cyber baddies thanks to leaks from VPN companies. It's a classic case of fear-mongering in the name of security.

Meanwhile, countries like Iran are taking things a step further by banning certain VPN protocols left and right. Wire-guard? Forget about it. And don't even think about using anything other than v2ray if you want to fly under the radar. It's a digital cat-and-mouse game where the stakes couldn't be higher.

But the crackdown on VPNs isn't just happening in far-flung corners of the globe – last week, the National Operations Department in Sweden decided to pay a visit to the Mullvad VPN office in Gothenburg, armed with a search warrant and ready to seize computers with customer data. The only problem? Mullvad doesn't hold any customer data to begin with. Talk about a swing and a miss. It seems like this global effort to stamp out internet anonymity and freedom is in full swing, but as long as there are folks fighting for digital rights, the fight isn't over yet.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

The EU inadvertently branched out into the distribution of malware.
https://breachaware.com/research/the-eu-inadvertently-branched-out-into-the-distribution-of-malware
A total of 16 breaches were found and analysed resulting in 2,990,393 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Viva Air (2), Stealer - Mixed logs 0296, OGUsers (2022 Breach), Pure Cars and Doll Beauty.

This attracts the attention of threat actors and scammers.
https://breachaware.com/research/this-attracts-the-attention-of-threat-actors-and-scammers
A total of 16 breaches were found and analysed resulting in 530,458 leaked accounts containing a total of 27 different data types. The breaches found publicly and freely available included Stealer - Mixed Logs 0286, Stealer - Mixed Logs 0287, Bitaksi (2), Rina and Stealer - Mixed Logs 0292.

The scam is aimed at social media influencers.
https://breachaware.com/research/the-scam-is-aimed-at-social-media-influencers
A total of 38 breaches were found and analysed resulting in 4,071,980 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Go2Pub, Next Cash, Ucraft, Stealer - RedLine 0280 and Zingr.

Canadian occupational health and safety website has its user base dumped online.
https://breachaware.com/research/canadian-occupational-health-and-safety-website-has-its-user-base-dumped-online
A total of 13 breaches were found and analysed resulting in 2,648,550 leaked accounts containing a total of 18 different data types. The breaches found publicly and freely available included GG Corp, Stealer - RedLine 0276, Poker Coaching, Tiktok and Stealer - RedLine 0275.

The emergence of the bootkit "Blacklotus" marks a chilling development in the realm of cyber threats. Originally offered for sale on various hacking forums last year for a modest $5,000, this bootkit's capabilities have proven to be as formidable as advertised. It's a game-changer, being the first of its kind to bypass even the most secure UEFI boot configurations, effortlessly slipping past a fully updated Windows 11 system with UEFI secure boot enabled. With the finesse of a digital ninja, Blacklotus sidesteps antivirus scanners and renders OS security software like Windows Defender powerless.

Once nestled in a victim's system, Blacklotus goes into stealth mode, hiding its files on the EFI system partition and operating as an HTTP downloader, ready to fetch additional payloads at the beck and call of the threat actor. The laundry list of its capabilities reads like a cyber dystopian nightmare – it's a sobering reminder of the ever-evolving sophistication of cyber threats lurking in the digital shadows.

Meanwhile, the demise of the underground forum BreachForums has sent shockwaves through the cyber underworld, leaving threat actors and script kiddies alike in a state of mourning. Led by the enigmatic admin Pompompurin, BreachForums was a digital haven for nefarious activities, boasting a bustling community of 300 thousand accounts in its short lifespan. Pompompurin took the operation seriously, even pulling off a brazen hack of the FBI in 2021 for a bit of trollish fun.

But alas, the long arm of the law caught up with Pompompurin, who was apprehended by the FBI in New York State. In a bid to preserve the forum's legacy, Pompompurin had arranged with their second-in-command, Baphoment, for a seamless transition in case of arrest. However, with Pompompurin behind bars, Baphoment made the tough call to shutter the forum, citing the newfound uncertainty of safety in the digital underworld.

Yet, amidst the chaos, Baphoment remains a beacon of resilience, hinting at the possibility of a new community rising from the ashes of BreachForums. With a vow to learn from past mistakes and fortify against future threats, Baphoment's vision for a safer, more resilient digital haven offers a glimmer of hope in an otherwise turbulent cyber landscape.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Bank categorically denied the breach and investigation.
https://breachaware.com/research/bank-categorically-denied-the-breach-and-investigation
A total of 32 breaches were found and analysed resulting in 13,280,831 leaked accounts containing a total of 19 different data types. The breaches found publicly and freely available included Gemo Test, Stealer - Mixed Logs 0272, Stealer - Mixed Logs 0268, Stealer - Mixed Logs 0265 and Foodora.

Threat actors exfiltrate a large SQL database of COVID records.
https://breachaware.com/research/threat-actors-exfiltrate-a-large-sql-database-of-covid-records
A total of 20 breaches were found and analysed resulting in 6,204,700 leaked accounts containing a total of 19 different data types. The breaches found publicly and freely available included SberSpasibo, HDFC Bank, Stealer - Mixed Logs 0253, Okanagan College and Stealer - RedLine 0260.

Bank customers complain of phishing attacks via Twitter.
https://breachaware.com/research/bank-customers-complain-of-phishing-attacks-via-witter
A total of 11 breaches were found and analysed resulting in 9,356,800 leaked accounts containing a total of 17 different data types. The breaches found publicly and freely available included US Gamblers, Zen Mobile, Arteza, Stealer - Mixed Logs 0250 and Mobile Legends: Bang Bang.

Video game publisher based in the US suffered a data leak.
https://breachaware.com/research/video-game-publisher-based-in-the-us-suffered-a-data-leak
A total of 33 breaches were found and analysed resulting in 2,068,944 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Kiwi Taxi [2], TaxNet USA, Athletics Federation of India, Stealer - Meta 0239 and B Tech.