Share this analysis

Conservative MP proposes an amendment to the “Online Safety” Bill.

25 July 2022
BREACHAWARE HQ
Conservative

A total of 19 breach events were found and analysed resulting in 3,485,877 exposed accounts containing a total of 14 different data types of personal datum . The breaches found publicly and freely available included Eskimi, Euro Gunz, Sosedi, Rencanamu (URL redirected) and Klarna (URL Redirected). Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Categories of Personal Data Discovered

Contact Data, Technical Data, Usage Data, Communications Data, Socia-Demographic Data, Social Relationships Data, Financial Data.

Data Breach Analysis

Eskimi, a mobile-first social media and advertising platform popular in emerging markets, was one of the breached sources. Given its nature, the exposure likely impacted personal profiles and user interaction data, raising concerns over identity misuse and social engineering risks.

Euro Gunz, tied to the legacy online multiplayer game Gunz: The Duel, and Sosedi, a Russian social platform, were also impacted. Breaches from such platforms typically involve login credentials and user communication records, which can be repurposed for attacks on more sensitive services through credential reuse.

The inclusion of Klarna (via a URL redirection), a major fintech firm known for buy-now-pay-later services, adds a noteworthy element. While not a direct data leak from Klarna's core systems, any exposure tied to its infrastructure raises brand risk and regulatory scrutiny, especially in the financial space.

Rencanamu, a career development platform, also appeared in the breach list. Exposure from such platforms can lead to the misuse of employment histories, resumes, or professional contact details.

Spotlight

Another possible blow for privacy advocates in the UK as Conservative MP John Penrose proposes an amendment to the “Online Safety” Bill which aims to rate social media posts with a "truth score" https://reclaimthenet.org/uk-lawmaker-truth-scores/. In the future people may soon be selling social media profiles with hacked truth scores for crypto currencies on the darkweb or in hacking community. On the plus side, it could make for some interesting datasets in the future.

One data breach everyone's talking about this week is Nickelodeon's NeoPets, which has been breached for the second time (the company has confirmed an investigation is underway)! The site was breached back in 2014, but now a user on a popular hacking forum is selling back end access to the user database along with source code. The user seems pretty confident that the back door into the site won’t be found and he's selling the knowhow for the small price of four bitcoin (around $95,000 at current price of BTC).

An adverting platform which uses big data and digital media has been breached. The company pride themselves on there geo location targeting ability, as well as foot fall recognition. The company itself it registered in Sweden with offices around the world from Nigeria to Lithuania. While marketing seems to be their strong point obviously security isn’t, recently a couple of large files containing over 1 million unique email addresses, usernames and hashed passwords was posted to a popular hacking channel.

An interesting little breach which has been circulation is an iPhone unlocking site which has a had a data breach resulting in a variety of datasets along with email address, IMEI and hashed MD5 passwords being dumped online. We don’t need see datasets such as IMEI numbers (international mobile equipment identity) regularly, this could be a good dataset for OSINT or threat actors to target individuals and companies.

Unsurprisingly a member of the team picked up another university data breach, this time from India, this one was smaller than usual but contained several datasets including names, social media accounts and email addresses.

  • Key Stats
  • BREACH EVENTS
    0
  • EXPOSED ACCOUNTS
    0
  • EXPOSED DATUM TYPES
    0