Research Team Analysis

WEEKLY REVIEW FROM THE BREACHAWARE RESEARCH TEAM
Share this analysis

3,255,511 leaked accounts discovered by the BreachAware® Research Team last week.

18 July 2022

A total of 11 breaches were found and analysed resulting in 3,255,511 leaked accounts containing a total of 8 different data types. The breaches found publicly and freely available included TNA Flix, Minube, Football Guys, Allo Internet and Capital Games Forum. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

Within the past couple of weeks we've noticed a big surge in the number of identity cards in circulation online, from driving licences to passports. I know we should all be fans of KYC (know your customer) and AML (anti money laundering) for the obvious reason that it helps cut down on crime. However, it is very concerning that in the attempt to flush out the criminals, KYC could be actually assisting them.

KYC is used for a variety of different things for example crypto currency exchanges, but when these sites are hacked, they are dumped onto the internet, ready for another threat actor to commit identity fraud and potentially use the information to sign up via online KYC tools in another person's name. Is there a need for an equivalent to PCI DSS (safeguarding cardholder data online) for KYC?

An Indonesian online college and career preparation platform was found by the team. There's no comment from the company in question regarding a data breach, but a member of the team picked up a file containing 400k email addresses and dehashed passwords. It's always worrying when we don’t see a comment from a company acknowledging that there's been a data leak/breach because there’s a very high chance that these 400k users won’t know that this information is floating around the internet.

If you're feeling festive, there's a small data breach originating from a Swiss eco Christmas tree site, with plenty of datasets to get into, ranging from mobile numbers to physical addresses, employees' names and email addresses, and hashed Bcrypt passwords. The Swiss tend to be meticulous about rules and security, but maybe not so much this time.

DATA CATEGORIES DISCOVERED

Contact Data, Technical Data, Usage Data.

  • Key Statistics
  • Breaches Discovered
    11
  • ACCOUNTS DISCOVERED
    3,255,511
  • DATA TYPES DISCOVERED
    8