A total of 7 breaches were found and analysed resulting in 55,971,246 leaked accounts containing a total of 10 different data types. The breaches found publicly and freely available included US Blowout 2019, IDC Games, Qiwi, Vedantu and 3S. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

One of Russia's largest e-wallet companies suffered a data breach. The company reaches into Ukraine and as well as Kazakhstan with 47 million registered users and supports 20 different payment methods. Earlier in the year, their site was hit by a ransomware attack.

It has been reported by a well known threat actor in the community that a hosting site which prides themselves on their anonymity and reliability has sent an email to all of their active customers accidentally. Sending a carbon copy rather than a blind copy resulting in the full names and email address of there entire user-base. The threat actor posted that s/he had received an email, but s/he was not letting slip their real name.

On the subject of client lists, a cyber security company that is well known in the industry has had their entire client list dumped online. Names, mobile phone numbers, and email addresses, as well as companies.

A new VPN has launched, advertising themselves on a variety of unsavoury forums and channels. They seem to be reachable from their own onion site. We're always very sceptical about VPNs unless they have very good reputation. The problem with being in this industry is that the paranoia is ramped so high that the phrase "this is why we can’t have nice things" is echoed by members of the team when any new technology or software is securitised.