A total of 9 breaches were found and analysed resulting in 20,774,389 leaked accounts containing a total of 31 different data types. The breaches found publicly and freely available included Exactis, Stealer - Mixed Logs 0316, Cal Racing, Stealer - Mixed Logs 0317 and Nomer. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A well known global bank suffered a data breach several months ago, unusually the data is still in circulation for no cost. Normally, after a couple of months, links to data posted to hosting websites are taken down or replaced by fresh stolen data. But not this time. The data affects thousands of customers and it doesn’t seem that the bank has notified its users of the data breach.

The underground forum wars are raging; we’ve spoken about them a couple of times here already. However, more information has come to light. An up-and-coming forum that only launched two months ago has just suffered a data breach and had a SQL file of their site dumped on a popular hacking forum. The forum has definitely stood the test of time and has been operating in the community for years. The dump is consistent with the usual datasets, including 2.5K unique accounts.

Its more apparent than ever for threat actors and script kiddies to be using good OpSec. When signing up for sites like these. For instance, BreachForums, which was hacked a couple of weeks ago and whose SQL file was also dumped online, showed that 30% of users signed up and regularly visited the site using the original IP rather than using Tor or a VPN.

VULNERABILITY CHAT

Wordpress plugin 'Ultimate Member' which is active on over 200K WordPress sites, is reported to be being exploited through an unpatched vulnerability which allows unauthenticated attackers to create new user accounts with administrative privileges and take over the sites.

Software security updates are in full swing with Apple, Google, Microsoft as well as VMWare, Cisco, Fortinet and MOVEit products all providing patches for bugs being used in real-life attacks.

INFORMATION PRIVACY HEADLINES

Interesting stats coming out of the USA this month: the US Senate committee on the judiciary had a meeting with heads of the NSA, FBI, CIA, and DOJ. It was revealed last May that the FBI conducted over 278,000 warrantless searches on United States citizens, accessing phone calls, text messages, and e-mails. Only 19,000 were valid. The Senate Committee believes the remaining were violations of the 4th Amendment.

A reboot of a website that specialises in the distribution of classified government and military documents from around the world is back. The admin of the site took "a long pause". But now the site is back online with a fresh UI and plenty more data to download. Most of the data is free; however, there is a marketplace section for those who want premium government and military intel.

Amnesty International's Rasha Abdul-Rahim has said it's "a blatant attempt not only to shield big tech from scrutiny but to also silence individuals and organisations that stand up for the right to privacy and data protection." He was referring to Irish Parliaments proposed amendment to a bill that would allow the Irish Data Protection Commission (DPC) to label all matter before it as confidential.