Weekly Summary

SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Share this analysis

8,990,513 leaked accounts discovered by the BreachAware® Research Team last week.

08 May 2023

A total of 10 breaches were found and analysed resulting in 8,990,513 leaked accounts containing a total of 18 different data types. The breaches found publicly and freely available included Sogaz, Manufacturers Association For Information Technology (MAIT), Ploschad Mira, Kickback and Sahibinden. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A notorious hacker group or hacker, no one really knows, has successfully targeted an Indian start-up furniture company. The company is located in Bangalore and offers the rental of furniture, flats and mobile phones to name few and raised over a hundred million dollars in funding back in June 2020. A huge amount of their user data has been dumped for free online and is now in circulation. The total dump is over 330 GB worth of SQL files. But don’t worry, the company has released a statement saying "We are working tirelessly to ensure the highest level of security." Of course, users caught up in the breach are now relaxed about the personal data being dumped online.

The first insurance company to operate in Russia that was founded in 1993 in Moscow has been breached. The breach is pretty extensive, with millions of unique email addresses exposed within the data along with the usual data types you would expect with insurance data.

A management software service offering online marketing, team collaboration and event planning has suffered a data breach. The software looks a bit like Microsoft Teams, where users can engage on different channels and tasks all within a sleek application. The data is from several years ago, but that doesn’t mean it isn’t important; users could still be using the same credentials to login. The kind of data supplied by the user for this software doesn’t tend to change the full name or date of birth, for example.


VULNERABILITY CHAT

A new hacker group has been causing the Pakistani government some trouble. They have managed to obtain a huge database of COVID-19 patients, which contains sensitive information about recovery, vaccine status, and other similar data types. The data appears to have been stolen straight off the government website. To make matters worse for the government, the hackers also posted the username and password for the admin server.

DDoS with a smile: there’s a DDoS service running adverts on hacking channels and dark-web forums offering very low rates starting at $60 a day. They claim to be able to take down any website and that their botnets can shut down 88% of services.


INFORMATION PRIVACY HEADLINES

The ECJ (European Court of Justice) has recently ruled "not every infringement of the GDPR gives rise, in itself, to a right of compensation." The ruling is in relation to the 'threshold of seriousness' above which non-material damages like stress or mental health deterioration could be conferred compensation.

The FTC (US Federal Trade Commission), for the 3rd time, is taking action against Meta by proposing a new 'blanket prohibition' on their collection and use of young users' personal data. The FTC has accused Meta of having "misled parents about their ability to control with whom their children communicated through its Messenger kids app."

DATA CATEGORIES DISCOVERED

Technical Data, Contact Data, Financial Data, Socia-Demographic Data, Usage Data, Documentary Data, Special Category, Behavioural Data.

  • Key Statistics
  • Breaches Discovered
    0
  • ACCOUNTS DISCOVERED
    0
  • DATA TYPES DISCOVERED
    0