A total of 16 breaches were found and analysed resulting in 530,458 leaked accounts containing a total of 27 different data types. The breaches found publicly and freely available included Stealer - Mixed Logs 0286, Stealer - Mixed Logs 0287, Bitaksi (2), Rina and Stealer - Mixed Logs 0292. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

An online marketplace that sells usernames for social media platforms as well as gaming networks has been breached. There are a few ethical issues that come up when high value usernames are bought and sold. For instance, a lot of the original people who created a four-letter twitter handle don’t want to part with their username as it is seen as special and could be valuable.

This naturally attracts the attention of threat actors and scammers, who then target these individuals via means of harassment, targeted phishing campaigns or straight up coercion. There have been some reports of individuals being harassed for months to part with their Instagram username. These can be sold for thousands of dollars online. The passwords in the data were hashed to a high standard however IP addresses were exposed along with the names of half a million users.

Data from a political party in Turkey has been leaked too. The hackers who posted the data added a small text file explaining the reason for the attack. They have a lot to say, but here are their top two reasons for the attack:

1. killing thousands of innocent people all over Turkey with torture in their death cells,
2. persecuting people in the name of the fake Islamic army.

If it's true then this seems like a noble motive however here at BreachAware we do not condone cyber attacks for any reason. A lot of different types of data about the users who were registered on the website were exposed, including biometric data about their blood group.

VULNERABILITY CHAT

A recent video was posted online demonstrating a user bypassing 2FA on telegrams. Posing a serious threat to users, the hacker in the video uses some type of script to login to a victim's account. This means your account can be accessed even if you set up 2FA and attach your email.

Then, a cyber security company has taken a dig at one of the top ransomware gangs on the market, saying the reliability of their service has declined and they have appeared negligent in managing their service. The gang responded on their onion domain in the section of there site where they post ransomed data.

The title of the section was the name of the company in question with two sentences attached, first explaining that they cyber security company had scraped meaningless data from there site. The other sentence, read like this "Poppy, would you like to go to a restaurant with me? you sexy? <3" Underneath this there were several pictures of the lady named Poppy, she is the CEO of the company who made comments about the gang.

INFORMATION PRIVACY HEADLINES

OpenAI and their popular tool ChatGPT continues to make the headlines. Following pressure from Spain, the European Data Protection has decided to launch a task force dedicated to cooperation and exchange of information on possible enforcement actions across Europe. Meanwhile Italy's Garante are looking for OPenAI to conduct an information campaign across multiple media platforms to inform people how they use personal data to train AI.

Jersey's government has been publicly criticised for the third time for being too dismissive of the person who asked for their information, taking too long to respond, incorrectly redacting details, and being unable to locate all the information required.

Anne King, the JOIC's (Jersey office of the Information Commissioner) Operations Director said if the breach had happened at a private business, a "significant fine" would have been handed down. However, under Jersey's law, financial penalties cannot be imposed on government and instead the Chief Officer of the department in question "apologised to the customer personally."