A total of 8 breaches were found and analysed resulting in 25,350,997 leaked accounts containing a total of 15 different data types. The breaches found publicly and freely available included MGM Resorts (2), Yop Mail, State of Fiscal Service of Ukraine, Gaming Now and BandhoB. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

VPN companies continue to be targeted and data that has completed its commercial value to the cybercriminal is now publicly available. The data sets for VPN services are more sensitive and valuable such as email address, payment method, hashed passwords, and credit card numbers. The hacker got into the backup database and got all the data from there.

Another Indian-based data leak came from a tax report filling app. That may seem insignificant, but the number of sensitive datasets obtained because of the breach should not be underestimated. We’ve noted partial credit card information as well as hashed MD5 passwords, which is on the easier side to de-hash. More revealing and worrying for the end user is that the data included the admin login for the site.

The MGM Resorts hack impact continues with a new file circulating online containing a huge section of their customers' information. The file has over 24 million email addresses and is estimated to affect 30 million users. This is MGM Resort's second leak, previously there was an estimated 10.6 million users exposed to threat actors.

An interesting breach involved a disposable email address service. The objective of disposable email address is to avoid giving out your personal email address in order to protect it, whether for reasons of confidentiality or to avoid receiving spam.

Other industries impacted this week are tech, marketing, financial services, retail, hotel entertainment, gaming and Federal Government.