Weekly Summary

SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Share this analysis

2,551,645 leaked accounts discovered by the BreachAware® Research Team last week.

22 May 2023

A total of 20 breaches were found and analysed resulting in 2,551,645 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included RentoMojo, QIP IM, Annex Trades, United States Postal Service and Eternity Modern. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

The backend of an Italian motorcycle company website has been posted to a dark web forum. Although on the smaller side of things, the data contains a large amount of different types of data about its users. The Italian company has been growing rapidly, from running a shop on the high street to selling online and now having its own eBay store. They pride themselves on being a "real shop created by enthusiasts for enthusiasts!"

An online clothing site based in Mumbai, India that caters mostly to women's clothes and lingerie has suffered a data breach. As well as a website, they also have an app available on iOS and Android, boasting over ten million downloads on the store. The data is currently for sale on a popular hacking platform, so we haven’t been able to analyse the whole breach; however, a sample has been posted publicly. It includes the core data types that one would expect, we’re not sure when we’ll see the whole data breach shared publicly, it could be a matter of days or years. There doesn’t appear to be any comment from the company in question regarding the breach.

Following a ransomware attack an Indonesian bank told its customers that the interruptions to its service were from maintenance. However, it turns out that around 1.5 terabytes of customer data, along with various other sensitive documents, were stolen.

VULNERABILITY CHAT

A Russian ransomware gang member who has been linked to several ransomware gangs and their tactics of encrypting victims devices has been named, along with pictures of him posted to the FBI wanted list. He is wanted for a whole host of crimes, such as intentional damage to a protected computer and computer intrusion. Apparently, the FBI issued a $10 million reward for his arrest. We doubt that will happen given that he's a Russian national, unless he makes the mistake of boarding a plane to a destination outside Russia.

What appears to be a blunder from the French authorities or the shape of things to come has seen the telegram URL link blocked by ISPs (Internet service providers). The URL t.me, which is used to direct users to Telegram, was blocked last week across France. The authorities were trying to block a certain telegram channel that was sharing child abuse material. However, they gave an order to block the entire telegram by accident. The URL was blocked for several hours last Saturday.

INFORMATION PRIVACY HEADLINES

Sports data, concerning how player data is collected and shared took centre stage at the first FIFPRO Player IQ Tech Experience. David Murphy, Deputy Commissioner of the Irish Data Protection Commission said it was eye-opening to learn the extent to which footballers are surveilled when it comes to collecting their data. The event highlighted the need for professional footballer to have more control on how their data is collected and used.

Looks like Facebook (Meta) is to be fined more than £650 million and ordered to suspend data transfers to the US following the much talked about mishandling of user information. The fine could be a record for the EU's general data protection regulation which is currently held by Amazon who were punished 2021.

DATA CATEGORIES DISCOVERED

Technical Data, Contact Data, Locational Data, Special Category, Socia-Demographic Data, National Identifiers, Social Relationships Data, Financial Data, Documentary Data.

  • Key Statistics
  • Breaches Discovered
    0
  • ACCOUNTS DISCOVERED
    0
  • DATA TYPES DISCOVERED
    0