Weekly Summary

Share this analysis

6,566,267 leaked accounts discovered by the BreachAware® Research Team last week.

21 August 2023

A total of 21 breaches were found and analysed resulting in 6,566,267 leaked accounts containing a total of 17 different data types. The breaches found publicly and freely available included Whoosh, Erectile Dysfunction Clinic, OCC Mundial, Tjori and Job Plus. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.


AnonFiles, the free file hosting site used by people around the world (and also abused by what seems to be a lot of cybercriminals), has shut down. The administrator took over the domain two years ago and released a statement last week giving the reasons for the site's closure. "We have auto-banned the contents of hundreds of thousands of files. We banned file names and also banned specific usage patterns connected to abusive material, to the point where we did not care if we accidentally deleted thousands of false positives in this process. Even after all this high-volume abuse, it will not stop. This is not the kind of work we imagine when acquiring, and recently our proxy provider shut us down."

It sounds like a bit of a nightmare, however there are many more free file hosting sites out there, so the great migration will already be underway. There are plenty of sites that have huge archives of legal and illegal data on AnonFiles. In particular, a ransomware gang has had to scramble to sort this out. They were circulating their victims stolen data using AnonFiles, and now they'll need to find a new home and relink the files.

A well-known cybercriminal wanted internationally by various law enforcement agencies has posted on X (formerly known as Twitter), offering their pen-testing services to businesses. The person said they would be "quite satisfied with $100-$300k." The individual is known to be an affiliate of the infamous ransomware gang Lockbit and a leader of a national hazard agency.


We steal, You deal! That’s right, the Raccoon Stealer has returned. Last week the group announced on a cybercrime forum that they were in the process of testing the beta of Version 2. The user on the forum named 'Raccoon Stealer' gave some information about what cybercriminals could expect. There’s a new UI and a brand new back end, and their customers who are currently trying it out are "mostly happy" apart from several "minor issues".

The data that Version 2 can exfiltrate includes the usual data types such as browser passwords, saved credit card information, and personal files saved on the victim's computer. However, the stealer also checks and targets cryptocurrency wallets and web browser extensions, including MetaMask, TronLink, BinanceChain, Ronin, Exodus, Atomic, JaxxLiberty, Binance, Coinomi, Electrum, Electrum-LTC, and ElectronCash. That’s all pretty scary stuff for the numerous people who will be using these extensions in their browsers without thinking of the dangers of doing so.


70% of participants of the Australian Community Attitudes to Privacy Survey (ACAPS) conducted by the Office of Australian Information Commissioner (OAIC) deemed privacy as "extremely" or "very" important. Almost half of respondents had experienced a data breach in the preceding year with 75% of those affected experiencing resultant harm.

Meanwhile the Information Commissioner's Office (ICO) in the UK have published the first draft of its guidance on the use of biometric data and technologies, noting "this guidance is not intended to be a comprehensive guide to compliance when using biometric data. Where the guidance refers to principles already addressed in our guidance, we provide links to the relevant further reading."


Socia-Demographic Data, Contact Data, Technical Data, National Identifiers, Usage Data, Documentary Data.

  • Key Statistics
  • Breaches Discovered