Share this analysis

Bitcoin Queen Falls, Discord Breached, and the Air Force Fumbles Data.

06 October 2025
BREACHAWARE HQ
Queen

A total of 15 breach events were found and analysed resulting in 7,314,425 exposed accounts containing a total of 40 different data types of personal datum. The breaches found publicly and freely available included Duna TV, ULP 0033, Stealer Log 0542, Tries Digital Indonesia and Crypto Emails 500k. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Categories of Personal Data Discovered

Contact, Digital Behaviour, Geolocation, Finance, Commerce, Technology, Unstructured, Career, Sociodemographic, Academic, National Identifiers, Human Behaviour, Audio and Visual, Communication Logs, Health and Environment.

Data Breach Impact

This series of breaches paints a clear picture of how traditional media, regional enterprises, and crypto-related ecosystems are converging within the same exposure landscape. The inclusion of Duna TV signals that broadcasters and media outlets, often custodians of subscriber and employee data, are increasingly part of the breach narrative, exposing users to impersonation and social engineering attempts through trusted communication channels. Tries Digital Indonesia highlights the growing vulnerability of regional digital businesses, where rapid digital transformation sometimes outpaces security maturity. Meanwhile, Crypto Emails 500k and Stealer Log 0542 underline how the crypto community remains a lucrative target: wallet details, exchange credentials, and communications within that space continue to be harvested and reused in phishing, credential stuffing, and investment fraud. The breadth of 40 personal data types in these leaks reflects a concerning expansion of what’s being compromised, from standard PII to behavioural, transactional, and platform-specific identifiers.

For the organisations tied to these breaches, the implications are multifaceted. Media entities like Duna TV face the dual challenge of protecting both internal operations and public-facing channels from reputational damage that can erode audience trust. Regional companies and crypto-affiliated services are also under pressure to demonstrate stronger governance over user data as regulatory frameworks across Asia and the EU become more aggressive. The recurrence of ULP and stealer log exposures suggests that a significant portion of global data loss is now driven not by high-profile hacks, but by persistent, low-visibility compromises of endpoints and developer systems. For these organisations, the path forward lies in raising visibility across digital ecosystems, investing in secure configuration and monitoring of seemingly peripheral platforms, and ensuring that security practices evolve as fast as their digital expansion does.

Cyber Spotlight

The UK’s Metropolitan Police are popping champagne corks this week after wrapping up a five-year investigation that could’ve easily been a Netflix true-crime special. The star of the show? Zhimin Qian, a.k.a. the “Bitcoin Queen” or, if you prefer drama, the “Wealth Goddess.” Between 2014 and 2017, Qian scammed more than 128,000 people across China, promising investors “guaranteed” returns of 100% to 300%. (Spoiler: if anyone ever guarantees triple your money, they’re not your financial advisor, they’re your future defendant.)

When her empire of lies started to crumble, Qian bolted to the UK with fake documents. But in 2018, her digital dynasty came crashing down when she was arrested and eventually convicted. The Met seized 61,000 Bitcoin, worth around £5.6 billion today, yes, billion, with a “B.” That’s more than the GDP of some entire countries. She’s now enjoying a six-year, eight-month all-inclusive stay at His Majesty’s finest correctional establishment. Sadly for her, no private keys are accepted as currency.

Meanwhile, Discord is having what can only be described as a terrible week. The platform confirmed a security incident involving its third-party support provider, Zendesk, on September 20th. Hackers got into the system and walked away with a fairly juicy data set, usernames, emails, last four digits of credit cards, IP addresses, and even messages between users and support. Yes, including those oh-so-secure government ID photos uploaded for age verification. (Turns out, “trust and safety” teams might not be as safe as the name implies.)

Discord insists it’s only a “limited number of users,” but when a company with hundreds of millions of accounts says that, “limited” can still mean “a small city.” The culprits might be the Scattered Lapsus$ Hunters, though some researchers aren’t so sure. VX Underground said an entirely different financially motivated crew slid into their DMs claiming responsibility. Translation: no one knows who did it, but someone’s bragging rights are about to get revoked.

Over in the U.S., the Air Force is currently investigating what they’re calling a “privacy-related issue” with Microsoft SharePoint, which sounds suspiciously like “someone clicked the wrong link.” The incident has caused some serious service disruptions, including restricted access to mission files and classified materials. You know, the stuff you don’t want in the hands of anyone outside the Pentagon. No further details yet, but somewhere out there, a sysadmin is sweating bullets and praying this ends up being logged as “user error.”

Vulnerability Chat

Oracle is racing to patch a serious zero-day vulnerability in its E-Business Suite, issuing an emergency fix and an urgent warning to customers. While Oracle hasn’t named names, many in the security community suspect the Cl0p ransomware gang may already be exploiting the flaw.

The patch comes after Google’s Threat Intelligence Group (GTIG) and Mandiant revealed that executives at several organisations using Oracle’s E-Business Suite have been hit with extortion emails claiming their sensitive data had been stolen. Oracle has since confirmed that some customers did receive such messages and said its investigation suggests attackers may have leveraged previously known vulnerabilities. Earlier this year, the company also acknowledged a separate incident where hackers stole data from a legacy cloud system.

In other security news, networking hardware maker DrayTek has issued a warning about a serious flaw affecting multiple Vigor router models. The bug could let remote, unauthenticated attackers run arbitrary code. DrayTek advises users to disable remote WebUI or SSL VPN access, or lock them down using ACLs or VLANs, to minimise exposure. The catch? The WebUI remains accessible on the local network, leaving systems open to internal threats.

Game engine giant Unity has also uncovered a security flaw that’s been quietly lurking for nearly a decade. The company is urging developers to update all Unity versions from 2017.1 onward, warning that unpatched games or applications could be vulnerable.

And finally, QNAP has published an advisory about a vulnerability in its NetBak Replicator utility. While the flaw requires local access to exploit, it poses a real risk in shared environments or as a stepping stone for privilege escalation. QNAP recommends users apply the latest security update as soon as possible.

10 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Smartbedded; Meteobridge
- Samsung; Mobile Devices
- Juniper; ScreenOS
- Jenkins; Jenkins
- GNU; GNU Bash
- Adminer; Adminer
- Cisco; IOS and IOS XE
- Fortra; GoAnywhere MFT
- Libraesva; Email Security Gateway
- Sudo; Sudo

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,002 vulnerabilities during the last week, making the 2025 total 36,168. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

Senator Ted Cruz has blocked a bill that aimed to give every American the same data privacy protections currently afforded to federal lawmakers and public officials. The legislation, introduced by Senator Ron Wyden, would have extended existing bipartisan rules, which prevent data brokers from selling or trading personal information about government officials and their families, to cover all U.S. residents.

Meanwhile, cybersecurity firm ESET has uncovered two Android spyware campaigns targeting people interested in secure messaging apps like Signal and ToTok. The malware spreads through fake websites and social engineering tactics, with evidence suggesting that the campaigns are aimed primarily at residents of the United Arab Emirates.

A separate investigation by Zimperium’s zLabs team has raised red flags about free VPN apps. After reviewing 800 Android and iOS VPNs, researchers found that more than 65% displayed risky behaviors, including APIs that can take screenshots of a user’s interface without permission. According to the researchers, this effectively gives some VPN providers a “surveillance vector” that extends far beyond monitoring network traffic.

And in the blockchain space, Cardano-backed privacy project Midnight has announced a new partnership with Google Cloud. The collaboration aims to push the boundaries of zero-knowledge technology and help build what the team calls “the next generation of digital systems.”

Smarter Protection Starts with Awareness
Data Breach Exposure Scan, Check Any Domain for Free https://breachaware.com/scan

  • Key Stats
  • BREACH EVENTS
    0
  • EXPOSED ACCOUNTS
    0
  • EXPOSED DATUM TYPES
    0