Share this analysis

Global leader in cyber security has been attacked with a sophisticated trojan.

05 June 2023
BREACHAWARE HQ
Italy Breach Exposure Monitoring

A total of 8 breach events were found and analysed resulting in 11,884,976 exposed accounts containing a total of 8 different data types of personal datum . The breaches found publicly and freely available included Instant Checkmate, Sports Bull, Forex EU, Iran Laptop Parts and BMMI Shops. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Categories of Personal Data Discovered

Contact Data, Financial Data, Technical Data.

Data Breach Analysis

Instant Checkmate is a people search service in the U.S., known for aggregating public records such as addresses, phone numbers, and criminal histories. A breach here could compound existing privacy concerns by making already-sensitive data even more accessible to bad actors. It raises particular risks for targeted harassment, identity fraud, or impersonation scams, especially when the data is combined with other leaks.

Sports Bull, a Japanese sports news platform, likely held user information tied to subscriptions, app use, or reader engagement. While breaches from media sites may seem less serious at face value, compromised accounts can provide attackers with email-password pairs usable in credential stuffing attempts, especially if users reused passwords elsewhere.

Forex EU represents the financial and trading space, which is inherently high-risk when it comes to data compromise. Exposed details from platforms like this could include investment-related communications or user preferences that enable fraudsters to design targeted scams around trading advice, fake platforms, or account access attempts.

Iran Laptop Parts and BMMI Shops, both operating in retail (with the former focusing on tech hardware and the latter as a regional e-commerce business in the Gulf), highlight the commercial risk exposure. These entities may hold customer addresses, purchase histories, and payment-related metadata, all of which can be used to impersonate support services or conduct phishing attacks mimicking past orders.

Spotlight

A historic Italian company was breached back in 2021 and its data has finally been posted publicly and freely on various hacking forums. Back in 1961 they were manufacturing components and accessories for the optical industry. Jump forward 36 years; they had bought Ray-Ban and listed on the New York Stock Exchange. In 2021, one of their partner companies confirmed that they had suffered a data breach. Personal information about their millions of customers ranges from full names to other more sensitive data types.

A popular business to business e-commerce site with six offices around the world, from Australia to the Netherlands, has been hit with a data breach. The company claims to be a global provider of cloud based B2B APIs for e-commerce. While looking past the stylish website, they have an impressive set of customers in all sectors of business including healthcare and oil & gas. The data is in circulation publicly, and who knows what another threat actor could do armed with this data!

Vulnerability Chat

A global leader in cyber security has been attacked with a extremely sophisticated trojan that infected medium to senior level employees using Apple mobile devices. The attack used vulnerabilities in the iOS operating system via an invisible Imessage which was sent to the employees in question. The Trojan then relayed information back to a command server, data such as geo location, microphone recording, and photos. However, even though the attack was carried out in discreet manner, it was detected by their monitoring and analysis security management software. Due to the nature of iOS, there is no software which can remove infections like this so the devices will need a factory reset.

An infamous torrenting site has closed shop. The site has been running since 2008 and originally started off serving the Bulgarian people, but it quickly began catering to the wider world. The site mainly provided high-quality films and videos but also contained video games, music, and software. The site has been described as a "notorious market" by the US trade representative and has also been targeted by Bulgarian law enforcement. The staff administration released a statement on May 31st, explaining several reasons why the site could not go on. "The past 2 years have been very difficult for us; some of the people in our team died due to COVID complications" and "the power price increase in data centres in Europe hit us pretty hard. Inflation makes our daily expenses impossible to bare."

Information Privacy Headlines

On the eve of the EU GDPR's 5th anniversary (described in a statement by Vera Jourova and Didier Reynders as "future-proof") the UK Information Commissioner's Office (ICO) published new guidance for businesses on responding to subject access requests (SARs). This comes after the ICO received over 15,000 complaints related to SARs from April 2022 to March 2023.

The Data Protection Officers from INTERPOL's National Central Bureaus (NCBs) are meeting in Singapore to discuss, amongst other things, the growth of data volumes and sources, and the corresponding increase in vulnerabilities for misuse and exploitation. According to INTERPOL, they are the only international organisation with a global network of mandatorily appointed data protection officers.

Smarter Privacy Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan

  • Key Stats
  • BREACH EVENTS
    0
  • EXPOSED ACCOUNTS
    0
  • EXPOSED DATUM TYPES
    0