Hackers have posted the source code and private keys to the dark web.
15 May 2023BREACHAWARE HQ
A total of 8 breach events
were found and analysed resulting in 1,294,601 exposed accounts
containing a total of 16 different data types of personal datum
. The breaches found publicly and freely available included Jewel Scent, Gato Preto, Le Coq Sportif, Stealer - Mixed Logs 0302 and Store Pas Cher. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Socia-Demographic Data, Contact Data, Technical Data, Usage Data, Documentary Data, Locational Data, Financial Data.
Data Breach Analysis
Jewel Scent, known for combining home fragrance products with hidden jewellery rewards, operates in a niche but active e-commerce space. A breach here could impact loyal customers who engage frequently with the platform, potentially exposing transactional data and enabling targeted scams.Gato Preto, a home decor and furnishings retailer popular in Europe, likely holds customer contact and purchase information. Exposure of this data may lead to phishing campaigns or fraudulent delivery communications that could trick customers into revealing further sensitive information.
Le Coq Sportif, a French sportswear brand, represents the apparel and retail industry. If account credentials, delivery addresses, or payment details were leaked, customers might face risks ranging from account takeover on shopping platforms to fraudulent charges.
Store Pas Cher (French for “Cheap Store”) suggests another online retail entity, potentially focused on discounts or budget-conscious goods. Smaller retailers often lack advanced cybersecurity defences, making them common breach targets and increasing the risk of widespread personal data exposure.
Lastly, the inclusion of a Stealer - Mixed Logs breach points to infostealer malware extracting login credentials and browser data from infected devices. This type of breach is not tied to a specific service but can compromise access to multiple online accounts across both personal and professional domains.
Spotlight
An American bath product and candle company has suffered a significant data breach, it may have seemed they waxed there money on a nice sleek website instead of a their security. Founded in 2013 with the goal of creating high quality, clean burning candles and bath products, the company also operates an affiliate program and wholesale discount program.As well as a traditional furniture store based in Vancouver, with its own warehouse and distribution centre, also recently suffered a data breach. The company started in 2005 and has been growing from strength to strength. Unfortunately for the company and its customers, their entire user-base has been dumped online and is now in circulation.
Vulnerability Chat
The world's leading gaming brand is back in the news again after threat actors gained access to their servers and stole a large amount of data. However, things have gotten a lot worse for the company in question, hackers have posted the source code and private keys to the dark web. This poses a serious risk for owners of the hardware as threat actors can disguise malware as a firmware update, a classic trojan horse. Which would foil the security mechanisms that are in place. Software like Digi Certificate will think the firmware update is actually signed by the company.Information Privacy Headlines
A hospital doctor in England, described as a "stalker" accessed and shared highly sensitive information about a women and her children despite the doctor not being involved in her care. A representative from a health data privacy group described the situation as "a systematic problem" and warned "if you're registered with the NHS in England, this could happen to you."Google has been accused of breaking EU data privacy rules after it was discovered they are retaining personal information of job candidates dated as far back as 2011, according to an article by Fortune. Google's internal gHire database is said to contain profiles of people in the EU and UK with names, phone numbers, email addresses and so on.
Smarter Privacy Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan