Research Team Analysis

WEEKLY REVIEW FROM THE BREACHAWARE RESEARCH TEAM
Share this analysis

8,350,259 leaked accounts discovered by the BreachAware® Research Team last week.

10 April 2022

A total of 8 breaches were found and analysed resulting in 8,350,259 leaked accounts containing a total of 11 different data types. The breaches found publicly and freely available included DatPiff, Royal Enfield, Turnover IT, Systematica Consulting and AKPR. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

COMMENTARY

When searching for publicly available compromised data, there are numerous sites that just re-post old data and come across as quite 'scary' but fortunately our researchers have learnt and gained experience over time on what is real and what is surfing the hactivist wave.

We did have a record set last week with the researchers noting a domain that was registered on the 26th March but was compromised before the 30th! Under four days! There were some unique elements about it as it was a Russian domain but it demonstrated the amount of increased activity going on in the 'cyber battle' due to the invasion of Ukraine.

Nestle has been targeted again, a very small breach by a different hacking group, but that is two weeks in a row now for Nestle. Their supply chain is truly global and far reaching.

Virtual MacOSX details with VNS login credentials were also posted on a popular underground forum. Virtual MacOSX, also known as vmOSX, is a Canadian web hosting service.

One of the best sources of rich data types for cyber criminals is recruitment companies and we noticed a well known French portal for companies looking for freelance IT and IS Specialists, dumped on a forum. These sort of data breaches go beyond the usual data types exposed (email address, password and username), they include the likes of dates of birth, account information, payment types, physical location, phone numbers, experience, etc. Those data types offer opportunities for account takeover, phishing, spam and fraud.

For organisations the risks could extend to threat of misdirection, ransomware and vulnerability exposure. Combined the impact to your people’s wellbeing, finance and employment could be considerable with a direct impact to your organisation.

DATA CATEGORIES DISCOVERED

Financial Data, Contact Data, Socia-Demographic Data, Locational Data, Technical Data, Social Relationships Data, Usage Data.

  • Key Statistics
  • Breaches Discovered
    8
  • ACCOUNTS DISCOVERED
    8,350,259
  • DATA TYPES DISCOVERED
    11