'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Sokoban, Coinsbit.io and others fall victim of data leaks.
11 October 2020BREACHAWARE HQ
A total of 7 breach events were found and analysed resulting in 32,260 exposed accounts containing a total of 5 different data types of personal datum . The breaches found publicly and freely available included Sokoban, Coinsbit.io, Heavy Truck Forums, EDP Group (Specimen) and Oklahoma Government. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data, Socia-Demographic Data.
Data Breach Analysis
These breaches affected entities across a variety of sectors, including video game communities (Sokoban), cryptocurrency trading platforms (Coinsbit.io), industrial transport forums (Heavy Truck Forums), the energy sector (EDP Group – Specimen), and government infrastructure (Oklahoma Government). While individually modest in scope, collectively these breaches paint a revealing picture of the persistent and widely distributed risks present across digital infrastructure today.Sectors Involved: A Convergence of Vulnerable Targets
The affected entities are not homogeneous in function or scope, they represent a wide spread of economic and civic activity, from hobbyist communities to critical public services. Each breach carries its own unique risks and implications.Sokoban is best known as a classic Japanese puzzle game, but the breach here likely refers to either a community forum, fan site, or a small game developer platform associated with the Sokoban brand. These kinds of niche or legacy platforms often escape robust cybersecurity scrutiny, partly because they operate on outdated content management systems or lack the funding and personnel to maintain strong defence practices.
The exposed data in such breaches often includes usernames, emails, and passwords, potentially in plaintext or using weak hashes. While these platforms may seem trivial compared to critical infrastructure, the accounts can still be harvested for credential stuffing attacks, especially given that many users reuse passwords across more sensitive platforms. Moreover, smaller communities may not be aware their data has been exposed, allowing misuse to go undetected for longer periods.
Coinsbit.io, a far more sensitive inclusion in this list is Coinsbit.io, a cryptocurrency exchange. The potential exposure here can be considerably more damaging, depending on what data types were leaked. Even absent financial data, if account credentials, 2FA configurations, or IP logs were part of the breach, this could present a serious threat to user funds and the broader crypto ecosystem.
Coinsbit is a relatively high-profile exchange with hundreds of listed assets and a user base extending across multiple countries. If credentials were compromised, malicious actors could target users' wallets, initiate phishing schemes, or probe for vulnerabilities in the exchange's API. This breach underscores the chronic volatility in the crypto space, not just in token value, but in platform security as well.
Additionally, depending on Coinsbit's jurisdiction of operation, this kind of breach may require disclosure to regulatory bodies or trigger investigations into whether KYC/AML (Know Your Customer / Anti-Money Laundering) safeguards were properly upheld. Trust in exchanges is a cornerstone of the decentralised economy; once eroded, it can be difficult to rebuild.
Heavy Truck Forums, catering to trucking professionals might appear low-risk at first glance, but this breach speaks to broader concerns about the security of trade and industry-focused communities. These forums often contain a mixture of personal data (usernames, contact info), employment-related discussions, and potentially sensitive operational details such as maintenance tips, regulatory compliance strategies, or even GPS systems and logistics.
The trucking industry is a critical component of national and international supply chains. If forums like these are used by fleet managers, drivers, or service providers, the exposure of user data could allow threat actors to craft targeted phishing campaigns or impersonation attacks. In a worst-case scenario, attackers could use information from these forums to interfere with operations or extract more privileged access to transportation systems.
EDP Group (Specimen) - The listing of EDP Group (Specimen) suggests that this breach may involve a partial or sample leak, often shared as proof of compromise by attackers prior to selling or publishing full datasets. EDP Group (Energias de Portugal) is a major European energy utility with operations across Europe, Latin America, and North America.
A breach at an energy company of this size and scope carries serious implications. Even a "specimen" leak could suggest larger infiltration, and given the strategic importance of energy infrastructure, especially in the context of European energy politics, this could be viewed as a probe or precursor to a more targeted cyberattack. It is not uncommon for state-sponsored actors to test entry points in critical infrastructure by releasing portions of data as a warning or negotiation tactic.
If operational data, employee credentials, or internal communications were exposed, EDP may face not only financial risk but also reputational damage and geopolitical scrutiny.
Oklahoma Government, data exposures from U.S. state-level government agencies often contain particularly sensitive information: internal communications, employee or citizen records, and details tied to state services like public safety, transportation, or welfare. Breaches involving state-level systems are increasingly becoming a target for ransomware gangs and other adversarial actors.
The publicly and freely available nature of this breach may indicate an unpatched vulnerability or a misconfigured storage system (such as a public S3 bucket). If this breach includes staff emails or system credentials, it could lead to further lateral movement within state systems, jeopardising everything from DMV operations to public records management. While the number of leaked accounts in this case appears relatively small, government systems often operate in interconnected silos; a breach in one department could potentially be leveraged to compromise others.
Moreover, the exposure of government employee data, even at the municipal or state level, can raise questions of digital sovereignty and accountability. In an era where public trust in institutions is already under strain, cyber breaches only deepen the concern.
The Nature of the Leaked Data
Individually, each of the data points may appear minor. But together, they create a mosaic that can be weaponised for identity impersonation, targeted fraud, or phishing. Particularly in the case of exchanges or government systems, even limited exposure can lead to cascading effects across networks, platforms, and user bases.Observations on Scope, Access, and Availability
Though none of these breaches has been reported as “active” in the sense of ongoing exploitation, their free and public availability radically changes the threat environment. Once information is openly accessible, it cannot be “unleaked,” and it immediately enters into circulation across both legitimate security research communities and criminal networks.The fact that these leaks were not hidden behind paywalls or exclusive channels also implies that security failures occurred not just in breach prevention, but in breach containment. Whether due to outdated server protections, CMS vulnerabilities, or human error, the result is the same: another layer of sensitive data entering the public sphere with no controls or monitoring.
Patterns and Perspectives
This multi-breach event exemplifies the diversity and decentralisation of cybersecurity exposure. Whether hobbyist websites or critical infrastructure players, every organisation, no matter its size or visibility, now functions within a shared threat landscape. There is no longer any such thing as a “low-value” target when breached data can be recombined, cross-referenced, and used to infiltrate other systems.These cases also reflect broader tensions in how we handle the afterlife of data. Long-dead forums, small web services, or partial leak specimens can still be relevant years later when incorporated into machine-learning models for spam filtering, fraud detection, or surveillance.
Finally, the juxtaposition of industries here, from online games to petroleum, from trucking forums to crypto exchanges, highlights a core truth: the internet has flattened the attack surface, and no organisation can rely solely on obscurity or specialisation to avoid risk.
