A total of 19 breaches were found and analysed resulting in 3,485,877 leaked accounts containing a total of 14 different data types. The breaches found publicly and freely available included Eskimi, Euro Gunz, Sosedi, Rencanamu (URL redirected) and Klarna (URL Redirected). Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Another possible blow for privacy advocates in the UK as Conservative MP John Penrose proposes an amendment to the “Online Safety” Bill which aims to rate social media posts with a "truth score" https://reclaimthenet.org/uk-lawmaker-truth-scores/. In the future people may soon be selling social media profiles with hacked truth scores for crypto currencies on the darkweb or in hacking community. On the plus side, it could make for some interesting datasets in the future.

One data breach everyone's talking about this week is Nickelodeon's NeoPets, which has been breached for the second time (the company has confirmed an investigation is underway)! The site was breached back in 2014, but now a user on a popular hacking forum is selling back end access to the user database along with source code. The user seems pretty confident that the back door into the site won’t be found and he's selling the knowhow for the small price of four bitcoin (around $95,000 at current price of BTC).

An adverting platform which uses big data and digital media has been breached. The company pride themselves on there geo location targeting ability, as well as foot fall recognition. The company itself it registered in Sweden with offices around the world from Nigeria to Lithuania. While marketing seems to be their strong point obviously security isn’t, recently a couple of large files containing over 1 million unique email addresses, usernames and hashed passwords was posted to a popular hacking channel.

An interesting little breach which has been circulation is an iPhone unlocking site which has a had a data breach resulting in a variety of datasets along with email address, IMEI and hashed MD5 passwords being dumped online. We don’t need see datasets such as IMEI numbers (international mobile equipment identity) regularly, this could be a good dataset for OSINT or threat actors to target individuals and companies.

Unsurprisingly a member of the team picked up another university data breach, this time from India, this one was smaller than usual but contained several datasets including names, social media accounts and email addresses.