Research Team Analysis

WEEKLY REVIEW FROM THE BREACHAWARE RESEARCH TEAM
Share this analysis

3,811,101 leaked accounts discovered by the BreachAware® Research Team last week.

24 April 2022

A total of 12 breaches were found and analysed resulting in 3,811,101 leaked accounts containing a total of 18 different data types. The breaches found publicly and freely available included Lakh, RIA Novosti, JDM Style Tuning, tipobet365 and Porno Board. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

COMMENTARY

An interesting week for the Research Team as they were doing some ad-hoc research for Season 2 BBC Podcast 'The Lazarus Heist'. This is a story of a hacking ring attempting to steal a billion dollars. Check out Season 1, it's a good listen.

Back to breached data, the team saw a bank in Mumbai, which is running a scholarship for children facing “extreme hardship” have a fairly large data breach. The leak consisted of a wide variety of datasets including a lot of personal information salary etc. as well as large amount of physical addresses and names. Hackers don't care who you are.

A member of the team also came across a user distributing 40 million personal mobile numbers, with 4 million associated email addresses. The data file discovered had a filename known as Lakh. We have not been able to verify the source of the breach yet, as soon we do we'll update this description.

Another gambling site which is based on an offshore tax haven in the Dutch Caribbean had been breached. As mentioned, betting companies are rich in datasets including mobile numbers and IP addresses.

Another interesting breach with more than the usual conversations on a forum is FDCServers.net., described as a 'web hosting server solutions for bandwidth intensive applications, websites, media, gaming or e-commerce platforms'. Data types included names, usernames, passwords and phone numbers. This is not a large breach but the team was drawn to the negative chat surrounding this company.

The team also noted that the .ru domains continue to be dumped, and a plethora of industry sectors' domains exposed such as education, adult websites, health, animal, IT, government and financial services.

DATA CATEGORIES DISCOVERED

Financial Data, Communications Data, Technical Data, Contact Data, Socia-Demographic Data, Usage Data, Locational Data, Social Relationships Data.

  • Key Statistics
  • Breaches Discovered
    12
  • ACCOUNTS DISCOVERED
    3,811,101
  • DATA TYPES DISCOVERED
    18