'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
He has three charges, the third, CSAM, was unexpected.
17 July 2023BREACHAWARE HQ
A total of 5 breach events were found and analysed resulting in 7,143,477 exposed accounts containing a total of 12 different data types of personal datum . The breaches found publicly and freely available included Forex Depositor Database, Turk Telekom, OnGab, Bitimen and Condor Airlines. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data, Socia-Demographic Data, Social Relationships Data.
Data Breach Analysis
The Forex Depositor Database likely contained financial and contact information tied to high-risk investment or trading activity. This kind of dataset is especially attractive to threat actors seeking to target individuals with tailored investment scams, phishing attacks, or fraudulent broker offers.Turk Telekom, a major telecommunications provider in Turkey, represents a critical infrastructure service. Exposure of customer information from such a provider, can have far-reaching consequences, from SIM-swapping attacks to targeted surveillance or fraud within the region.
OnGab, associated with alternative social media platforms, may include user accounts and related content data. Breaches involving such platforms can be sensitive due to the political or ideological associations of users, raising concerns not only about identity theft but also harassment or reputational risks.
Bitimen, depending on the context, may relate to tech or crypto services. Breaches involving blockchain or crypto-related platforms typically attract high-value targeting, as users often hold or transact in digital assets, making them prime targets for credential stuffing and impersonation.
Finally, Condor Airlines, a European airline, emphasises the risks present in the aviation sector. Exposed records may include travel itineraries, loyalty account data, and passport or ID numbers, data points that are particularly valuable on dark web marketplaces or for use in social engineering.
Spotlight
In shocking news that rocked the underground hacking community and surprised onlookers and cyber security researchers, an infamous threat actor has been charged with possession of CSAM material. Conor Fitzpatrick, aka Pompompourin, who was an administrator for the notorious BreachForums, has been charged and is awaiting sentence on November 17, 2023, in the USA. He has three charges, the first two of which are unsurprisingly due to the nature of the forum he was running and his activities online, but the third CSAM was unexpected.All three carry heavy prison sentences and hefty fines ranging from 10 to 20 years and $250,000 in fines. It will be interesting to see what happens on November 17, when he's sentenced. This is what happens when young people spend too much time on the internet and watch too much porn.
While we’re on the subject of shady underground forums, Diogo Santos Coelho, the administrator of RaidForums which was taken down by law enforcement two years ago, is fighting extradition to the USA, where he is facing 52 years in prison. His lawyers are arguing it would violate his human rights.
As for breaches, a Canadian payday loan company that promises borrowing up to Canadian $1500 "in as little as 15 minutes" as long as they give up a small section of their soul or pay heavy interest rates, has suffered a data breach. Those poor users have had their personal information dumped with a wider range of datasets than usual.
Vulnerability Chat
Two apps on the Google Play Store with over 1.5 million downloads have been removed because they contained Chinese spyware. Both of these apps were created by a developer called Wang Tom. These apps were masquerading as a file recovery tool and file manager. Under each app, in the data safety and permissions sections, they claimed not to collect any data.However, after an unlucky victim installed one of these apps, the app started running in the background, gathering any data it can get its hot little hands on, and then sent it back to servers in China. A range of data gets sent back, including real-time user location, lists of contacts, and all accounts connected to the device, such as email and social media. This information, although disturbing, isn’t anything new. Android users should be very careful what they install because these apps appear to be innocent.
Information Privacy Headlines
The Federal Trade Commission (FTC) has sent a letter to OpenAI, the owners of ChatGPT, asking them how they mitigate the risk of "generating statements about real individuals that are false, misleading, disparaging or harmful." CEO, Sam Altman responded on twitter saying the FTC's approach "does not help build trust" but also said they will work with the FTC.Smarter Privacy Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan
