Share this analysis

Immigration tracking site data disclosed.

26 December 2022
BREACHAWARE HQ
Immigration Breach Exposure Monitoring

A total of 20 breaches were found and analysed resulting in 15,942,325 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Baihe, Katapult, Level Travel, Ferret Check and Trackitt. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Categories of Personal Data Discovered

Communications Data, Socia-Demographic Data, Contact Data, Technical Data, Financial Data, National Identifiers, Behavioural Data, Transactional Data, Social Relationships Data.

Data Breach Analysis

Baihe, a prominent dating platform in China, handles highly sensitive personal and relationship data. Exposure here could lead to significant privacy violations and emotional distress for users, as well as reputational damage for the platform.

Katapult operates in the financial sector, providing lease-to-own financing. Data leaks involving this company may include financial and credit information, posing risks of identity theft and financial fraud that could affect both customers and lenders.

Level Travel, a travel booking service, manages customer itineraries, payment details, and personal preferences. Breached data could disrupt travel plans, lead to fraud, and diminish customer trust in travel providers.

Ferret Check is involved in background screening services, meaning exposed data could include detailed personal histories and verification details. Such leaks can undermine the integrity of employment screening and impact individuals’ professional reputations.

Trackitt is an online community focused on tracking various personal and public data, likely including user-generated content and personal information. Exposure here risks user privacy and could facilitate targeted scams or identity theft.

Spotlight

A data breach came after an administrator account was sold online, allowing a threat actor to scrape data. The website in question is an immigration tracking site where users can upload the progress of their visa applications for several western countries including the United Kingdom, Canada, and more. Over 420K email addresses along with IP addresses and account information were disclosed.

A 3rd party partner of a mainstream music streaming platform who suffered a data breach back in 2019 is probably not feeling very festive at the moment. Threat actors managed to take a snapshot of the streaming service users and they confirmed their data was exposed a month ago. The 'snap' contains over 257 million users and exposed a massive amount of data including Santa's physical address and links to his country specific playlists. Data types such as device information and browser fingerprints are just a couple to mention.

And finally, an adult websites' user base that was for sale in July of this year is now freely available on various forums and channels. Data types include hashed SHA1 passwords and over 200K unique email addresses.

Smarter Privacy Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan

  • Key Stats
  • BREACH EVENTS
    0
  • EXPOSED ACCOUNTS
    0
  • EXPOSED DATUM TYPES
    0