A total of 5 breaches were found and analysed resulting in 7,143,477 leaked accounts containing a total of 12 different data types. The breaches found publicly and freely available included Forex Depositor Database, Turk Telekom, OnGab, Bitimen and Condor Airlines. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

In shocking news that rocked the underground hacking community and surprised onlookers and cyber security researchers, an infamous threat actor has been charged with possession of CSAM material. Conor Fitzpatrick, aka Pompompourin, who was an administrator for the notorious BreachForums, has been charged and is awaiting sentence on November 17, 2023, in the USA. He has three charges, the first two of which are unsurprisingly due to the nature of the forum he was running and his activities online, but the third CSAM was unexpected.

All three carry heavy prison sentences and hefty fines ranging from 10 to 20 years and $250,000 in fines. It will be interesting to see what happens on November 17, when he's sentenced. This is what happens when young people spend too much time on the internet and watch too much porn.

While we’re on the subject of shady underground forums, Diogo Santos Coelho, the administrator of RaidForums which was taken down by law enforcement two years ago, is fighting extradition to the USA, where he is facing 52 years in prison. His lawyers are arguing it would violate his human rights.

As for breaches, a Canadian payday loan company that promises borrowing up to Canadian $1500 "in as little as 15 minutes" as long as they give up a small section of their soul or pay heavy interest rates, has suffered a data breach. Those poor users have had their personal information dumped with a wider range of datasets than usual.

VULNERABILITY CHAT

Two apps on the Google Play Store with over 1.5 million downloads have been removed because they contained Chinese spyware. Both of these apps were created by a developer called Wang Tom. These apps were masquerading as a file recovery tool and file manager. Under each app, in the data safety and permissions sections, they claimed not to collect any data.

However, after an unlucky victim installed one of these apps, the app started running in the background, gathering any data it can get its hot little hands on, and then sent it back to servers in China. A range of data gets sent back, including real-time user location, lists of contacts, and all accounts connected to the device, such as email and social media. This information, although disturbing, isn’t anything new. Android users should be very careful what they install because these apps appear to be innocent.

INFORMATION PRIVACY HEADLINES

The Federal Trade Commission (FTC) has sent a letter to OpenAI, the owners of ChatGPT, asking them how they mitigate the risk of "generating statements about real individuals that are false, misleading, disparaging or harmful." CEO, Sam Altman responded on twitter saying the FTC's approach "does not help build trust" but also said they will work with the FTC.