A total of 34 breaches were found and analysed resulting in 12,928,058 leaked accounts containing a total of 22 different data types. The breaches found publicly and freely available included Zacks, PayHere, Wildberries, Edim Doma and Cizim Okulu. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

South African mass marketing company, that was breached in May of this year, has seen the data hit the web. The company released a statement recently explaining which data types had been exposed along with the usual "take precautions" message. The company is very proud of its "diversified retail and consumer finance business" but unsurprisingly, that didn’t save them from this data breach.

A popular trading site based in America has been hit with a big data breach. The company prides itself on "professional grade research that combines quantitative models with insight" and has been running since 1988. At the beginning, they were providing a stock rating system for investors. Now with almost 9 million users, it ranges from in-depth analysis to information on the latest trends in the market as well as general news from crypto currencies to insurance. The breach happened in December 2022, and the company released a statement regarding the breach. Last week, the stolen data was dumped publicly. Obviously, the threat actor or actors had finished with the data.

A Russian culinary lifestyle website recently suffered a data breach. Think of your classic 'oh lets have a dinner party and these are my top recipes' website but in Russian. The site has thousands of contributors including articles written by Russian TV presenters.

VULNERABILITY CHAT

The admin of the infamous underground hacking forum Raidforums made a statement. The administrator who went by the name Omnipotent and was arrested in the UK last year signed his statement with his PGP keys, which is really the only way a member of an underground community can prove it. PGP keys are unique, and only an individual with access to his computer could use it to sign.

He mentions several things. Firstly, he commented on the news of the pompompurin arrest and then attempted suicide: "I have found myself in the same boat." He goes on to say users of raid forums are facing prosecution for the crimes they committed while on the forum. He also wishes the new admin of the up and coming forums good luck. But most importantly, he addresses the data breach that was dumped online a couple of weeks ago, which we have spoken about previously. He showed surprise at the data breach as well as doubt about how the hackers got into the admin panel. He mentioned he had spoken to the hackers in question and didn’t really trust what they said about how they acquired the data.

INFORMATION PRIVACY HEADLINES

The Swedish authority for privacy protection (IMY) has fined Spotify with a fine of approximately £4.25 million for violating transparency policies established by EU's GDPR. It is reported while users have a right to get access to all their data and information on the use of their data, Spotify did not fully comply with this obligation.

Belgium and Dutch vehicle licensing agencies are accusing TfL (Transport for London) debt collectors of breaching data protection laws over London's Ultra Low Emission Zone (ULEZ) fines. They claim the data used to identify dutch drivers and send them penalties may have been unlawfully obtained.