Gold mine for threat actors to liberate people of their crypto assets leaked.
31 October 2022A total of 18 breach events
were found and analysed resulting in 8,432,754 exposed accounts
containing a total of 20 different data types of personal datum
. The breaches found publicly and freely available included Red Doorz (Update), Thousands of Emails, Buenos Aires Government, HH and Starbucks Rewards. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Communications Data, Socia-Demographic Data, Contact Data, Social Relationships Data, Technical Data, Transactional Data, Financial Data, Locational Data, Special Category, Behavioural Data.
Data Breach Analysis
Red Doorz, a hospitality platform, suffered an update breach which could expose sensitive customer information including booking details, payment data, and personal identifiers. Such exposure compromises user privacy and may lead to fraudulent bookings or financial theft. It also damages consumer trust in the brand, potentially impacting future business.The breach involving Thousands of Emails suggests mass exposure of email accounts, increasing vulnerability to phishing campaigns and social engineering attacks. For users, this can lead to compromised email security, unauthorised access to personal or professional accounts, and identity theft.
A breach involving the Buenos Aires Government is particularly concerning given the sensitivity and breadth of data typically held by government entities. Exposure here could affect public employees, citizens, and social programs, leading to identity fraud and erosion of public trust in governmental data security.
HH, potentially a job or service platform, and Starbucks Rewards, a widely used customer loyalty program, also featured in these breaches. The impact on HH users could include exposure of employment-related information, putting individuals at risk of job-related fraud or misuse of professional credentials. For Starbucks Rewards, leaked data may allow fraudsters to exploit rewards accounts, leading to financial losses and customer dissatisfaction.
Collectively, these breaches reveal a wide range of personal data types being exposed. This diversity increases the potential impact on victims and complicates the response required by organisations. Beyond individual risk, organisations face reputational damage, regulatory penalties, and operational disruption.
The public availability of these breaches underscores the urgent need for improved cybersecurity frameworks. Organisations must prioritise securing user data through encryption, regular audits, and timely breach notifications. For individuals, vigilance in monitoring accounts and using strong authentication methods is essential to reduce harm.
In conclusion, these 18 breach events affecting over 8 million accounts highlight persistent vulnerabilities across sectors. The risks extend from personal privacy violations to broader organisational and societal impacts, making robust data protection a shared priority.
Spotlight
A company that provides crypto currency tax software has very recently suffered a data breach. This is a type of software which can monitor thousands of transactions so traders can have their taxes neatly packaged up ready for the IRS or HMRC to sift through. The company has been running since 2017 and has helped its customers organise and track 2.5 billion transactions. The file was dumped on a popular hacking forum, 60,000 unique email addresses along with various datasets including browser finger printing, device information, as well as IP addresses were in the breached data. Those three datasets will be a gold mine for hackers and threat actors to use to liberate people of their crypto assets.A staff member of a well known hacking forum has made some comments showing their frustration of threat intelligence companies who are are scraping their site. “Every day I remove bots, spiders and scrapers from the forum.” But in a funny turn of events the site is now offering threat intelligence companies a paid annual fee to scrape to there hearts content.
And finally, almost a year later, additional data from Singapore based hotel company and hospitality brand operating in Southeast Asia has been dumped online.