Research Team Analysis

WEEKLY REVIEW FROM THE BREACHAWARE RESEARCH TEAM
Share this analysis

5,767,541 leaked accounts discovered by the BreachAware® Research Team last week.

23 May 2022

A total of 11 breaches were found and analysed resulting in 5,767,541 leaked accounts containing a total of 14 different data types. The breaches found publicly and freely available included GMX, Pride Room Mates, enparadigm, MysticArt Pictures and Living Nature. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

This week the Research Team found data from a wide range of industries including cryptocurrency companies, an entertainment channel, a gambling service, a sales software platform, retailers, an accommodation booking service, a product authentication app, a global trade fair events company and numerous more.

The first of this week’s highlights is an Indian based digital simulation and learning platform. They are recognised globally as a leading sales enablement with some impressive global clients. Their credentials were dumped online with a variety of datasets, including mobile phone numbers, names, and email addresses. Even though the company did not have passwords within the breach, the data exposed was ideal for criminals to impersonate and take over an account, then use the credentials for BEC (Business Email Compromise) attacks, with the aim to defraud their supply chain or sign off money internally.

Results from the FBI’s Internet Crime Report 2021, reported that “BEC accounted for roughly $2.4 billion USD in reported losses — an increase of 28% from the numbers reported in 2020.” (source: Zvelo).

We found banking location service, which has a map of all banks in the US tagged in a geolocation style, had their user base leaked online. IP addresses and email addresses were only half of the datasets. Also, a crypto based advertising company database dumped online, which quickly began to circulate around forums. The datasets included crypto balances as well as hashed MD5 passwords with email addresses.

In 2022, $3.1billion worth of crypto currency was bagged by thieves and the first month of 2022 saw over $1.3billion stolen (source Chainalysis).

DATA CATEGORIES DISCOVERED

Contact Data, Technical Data, Locational Data, Financial Data, Usage Data, Documentary Data, Socia-Demographic Data.

  • Key Statistics
  • Breaches Discovered
    11
  • ACCOUNTS DISCOVERED
    5,767,541
  • DATA TYPES DISCOVERED
    14