A total of 10 breaches were found and analysed resulting in 12,009,525 leaked accounts containing a total of 12 different data types. The breaches found publicly and freely available included Strip Chat, Omaze, Ministry of Corporate Affairs, Government of India, Rostelecom and preen.me. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Another week and another set of leaks. Whilst we've not seen household company names, there is a constant stream of data breaches coming out of the cyber sphere at the moment.

The first breach we’re going to talk about today is a a fundraising platform, it's a large platform which raises money for a range of charity's. Unfortunately for them two large SQL databases with their users appeared on a hacking forum. There's been no comment from the company yet, no doubt their 'security incident response plan' is in full swing (wink). Over two Million email address’s, hashed passwords and physical address’s are just several of the datasets a member of the team discovered after inspecting the data.

A data breach which is doing the rounds is a Tel Aviv based marketing platform that connects "social media influencers" to big company names and brands. The company was hit with a ransomware attack in mid-June of 2020, the data was originally for sale on the dark web and now has obviously served its purpose to the ransomware gang in question as it has been dumped online. The data contained a variety of data types, ranging from biometric data, such as eye colour, to a list of all the social media platforms used by the influencers, as well as their email addresses.

Finally, a member of the team brought to my attention a website called FinSuite that had been breached and threat actors are currently selling their database. FinSuite says they offer business solutions for IFA, RIA, and stock brokers. A member of the team did pick up a free sample of the data, and after quick analysis, some of the data sets which stood out to us were partial credit card information such as account number and bank name, as well as physical address and dates of birth.