'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
FraudWatch annoy a well-known and well skilled threat actor.
17 April 2022A total of 12 breaches were found and analysed resulting in 15,278,874 leaked accounts containing a total of 12 different data types. The breaches found publicly and freely available included Hurb, Fraud Watch International, Bahigo, HighExp and Curtea Veche. Sign in to view the full
BreachAware
Breach Index which includes, where available, reference articles relating to
each breach.
SPOTLIGHT
Straight into what 'The Researchers' have quoted as 'the leak of the week' is the French health insurance company, EMOA Mutuelle du Var. Data associated with the health industry is always rich in data types. Typically with an insurance company, you would see date of birth, full name, account information, physical address, phone number but with this set of data we saw device information, username and IP addresses. Email address and passwords is a given. This breach has not been verified or acknowledged.
A question a team member asked, when is a breach worth recording? Even though the data recorded for the insurance company only amounted to 2.4mb of plain text data, any publicly available data needs to be assessed for risk management purposes, whether to the individual, the impact to the organisation and of course the supply chain.
The most notable breach the researchers identified is FraudWatch, an established threat hunting, intelligence and detection service. It is understood from the forums, FraudWatch took it upon themselves to annoy a well-known and well skilled threat actor. After engaging with said person online, they quickly became the victim of a security breach involving a range of their clients' personal information leaked with a promise of more to come. This incident proves that everyone is vulnerable, even those who are well established in the industry.
Moving on, a Turkish gambling site took a battering after suffering a data breach, The national identity card numbers were among some of the credentials which were included in this leak. We did note that the betting company HQ is in the Isle of Man, UK, where they have seen an increase a 30% increase gambling licenses for companies issued due to as quoted by the Isle of Man authorities, "proposed changes to regulation and structure in some jurisdictions."
Data Categories Discovered
Technical Data, Contact Data, Usage Data, Locational Data, Socia-Demographic Data, National Identifiers.
