Research Team Analysis

WEEKLY REVIEW FROM THE BREACHAWARE RESEARCH TEAM
Share this analysis

44,960,407 leaked accounts discovered by the BreachAware® Research Team last week.

22 August 2022

A total of 11 breaches were found and analysed resulting in 44,960,407 leaked accounts containing a total of 14 different data types. The breaches found publicly and freely available included Apex SMS, Launch SMS, Book Crossing, Wired Bucks and Avtoto. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

First up, Wiredbucks who market themselves as a social media influencer site where you invite your friends and get rich quick. In reality, none of those things actually happen. It's a data harvesting website that offers a free phone if you give up your credit card details. With over 900k users signed-up, the admins of the site must have thought it was going rather well until a SQL dump of their site appeared on a popular underground forum several days ago, which was then quickly de-hashed by some other members of the hacking community. There are now 900,000 wired-bucks user email addresses and plain text passwords in circulation.

A London court has rejected the U.S. government's attempt to keep the operator and administrator of the marketplace RaidForums in prison while he awaits an extradition hearing. Raid Forums was one of the top hacking forums, which offered a great place for threat actors to hand out and gave a solid platform for the sale of stolen and public data to the underground community. It was shut down and seized by the US law enforcement last year.

And finally, a bulk SMS marketing service, which was breached several years ago (2019) has just made an appearance online, publicly and freely available. The site in question advertises a bulk SMS service and portrays itself as legitimate, saying its services could be used for reminders to minimise missed appointments for the service industry or "sending engaging marketing campaigns."

We don’t know if it's just us, but we've have never received 'engaging marketing' via SMS. However they do, we think they are more of bulk SMS spam company with the infrastructure to send out tens of thousands of SMS messages a day. A range of datasets were disclosed in the breach, and a whopping 26 million unique email addresses and mobile phone numbers were also included, along with IP addresses.

DATA CATEGORIES DISCOVERED

Contact Data, Technical Data, Special Category, Socia-Demographic Data, Locational Data, Social Relationships Data.

  • Key Statistics
  • Breaches Discovered
    11
  • ACCOUNTS DISCOVERED
    44,960,407
  • DATA TYPES DISCOVERED
    14