Research Team Analysis

WEEKLY REVIEW FROM THE BREACHAWARE RESEARCH TEAM
Share this analysis

2,125,845 leaked accounts discovered by the BreachAware® Research Team last week.

29 August 2022

A total of 10 breaches were found and analysed resulting in 2,125,845 leaked accounts containing a total of 11 different data types. The breaches found publicly and freely available included Kino Kong, Hjedd, Scam, Premium Invites and Diablo Golf. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

A member of the team picked up a small data breach from a major retail trade site which started in Bulgaria and has now turned into one of the largest online shopping platforms in Central and Eastern Europe. There’s been no comment from the company in question regarding the breach. Over 85k unique email addresses and hashed MD5 passwords are in circulation.

A handicap golfing-app which allows users to share their scores from the latest golfing weekend has suffered a data breach. The app has been downloaded over 50k times on Android alone. User email addresses and hashed SHA1 passwords are now in circulation.

In July, the Lockbit Ransomware gang gained unauthorised access to a section of the entrust.com’s network - they have taken responsibility for the attack. Entrust is one of the fastest growing certificate authorities, with clients such as US government, Mastercard and NXP. They take great pride in their secure payment solutions and trusted infrastructure, Entrust haven’t revealed what kind of documents and information the Ransomware gang obtained.

Last Friday, the gang started leaking their information, most probably because they didn’t recieve the ransom. However, soon after they started, the Lockbit onion site (dark web site) went offline after a barrage of DDOSing. A Lockbit member claimed that the site was receiving 400 requests a second from over a thousand servers. At the end of each HTTPS request was the message "DELETE_ENTRUSTCOM_MOTHERF**KERS."

When your clients include suits and government agencies, you must always behave in a prim and proper way, now hacking back is illegal in the States and entrust have not commented on the situation. However we can understand why people would try and take some kind of revenge if their information was leaked online. My research team have taken to steps to minimise data leaks by wearing tin foil hats and only reading your signal messages in the dark standing on our heads.

DATA CATEGORIES DISCOVERED

Contact Data, Locational Data, Technical Data, Socia-Demographic Data.

  • Key Statistics
  • Breaches Discovered
    10
  • ACCOUNTS DISCOVERED
    2,125,845
  • DATA TYPES DISCOVERED
    11