Weekly Summary

SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Share this analysis

4,071,980 leaked accounts discovered by the BreachAware® Research Team last week.

10 April 2023

A total of 38 breaches were found and analysed resulting in 4,071,980 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Go2Pub, Next Cash, Ucraft, Stealer - RedLine 0280 and Zingr. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A crypto pyramid scheme with half a million members, which offers, yes you’ve guessed right, amazing monetary gain for inviting friends and family to join the scheme has been compromised. Of course no ones wins here apart from the scammers at the top running the operation, the unlucky people who sign up get scammed and then there credentials get leaked online. The site is aimed at social media influencers and promises a $10 reward for anyone signing up to the scheme via a unique link given to each influencer.

An iOS application that claims to “keep your WhatsApp files safe and clean” has suffered a security breach. A quick look at the website makes us question how legitimate this site is. There is no explanation as to how the application interacts with your whatsapp account. It doesn’t feel like a good idea to allow a 3rd party application to interact with your end to end encryption messaging app.

VULNERABILITY CHAT

There has been chat of a serious vulnerability with a popular cloud hosting service that offers services such as domains, bots and dedicated servers. The anonymous individual(s) have described the vulnerability in great detail and reported the bug to the company in question. Frustrated with the time taken to fix the bug, they went on to say the company “deserves to be punished”.

From what we gather if someone bought access to one of their dedicated servers, they could over-ride the DCHP server and be able to add as many IP addresses as they like from the thousands they offer from that subnet. This means a threat actor could create a huge amount of IP address’s which could be used for a range of malicious activities.

INFORMATION PRIVACY HEADLINES

Canada's privacy watchdog is investigating OpenAI, ChatGPT after a receiving a complaint alleging "the collection, use and disclosure of personal information without consent" according to privacy commissioner Philippe Defresne. While in the UK, the information commissioner has said TikTok have done "very little, if anything" to stop underage users and subsequently fined them £12.7m for processing the data of 1.4 million children under 13 who were using the platform without parental consent.

Tesla's anti-theft video recording function 'sentry mode' continues to cause worry across the globe. Following disputes from China to the Netherlands, German consumer group vzbv filed a lawsuit against Tesla for failing to mention in advertising that the recordings risk infringing local data privacy laws. In related news, according to interviews by Reuters with former Tesla employees, between 2019-2022 employees shared, via an internal messaging system, videos and images recorded by customers' cars, some of which were described as highly invasive and sensitive.

DATA CATEGORIES DISCOVERED

Special Category, Technical Data, Contact Data, Financial Data, Socia-Demographic Data, Locational Data, Behavioural Data, Usage Data, Documentary Data.

  • Key Statistics
  • Breaches Discovered
    0
  • ACCOUNTS DISCOVERED
    0
  • DATA TYPES DISCOVERED
    0