SQL injection vulnerability causes consumer advocacy organisation breach.
08 August 2022A total of 7 breaches
were found and analysed resulting in 1,988,189 leaked accounts
containing a total of 17 different data types
. The breaches found publicly and freely available included 670 Websites (Anonymous), 360 Icons, Kari, Public Citizen and OpeningOdds. Sign in to view the full
BreachAware
Breach Index which includes, where available, reference articles relating to
each breach.
SPOTLIGHT
An American consumer advocacy organisation has suffered a data breach after an SQL injection vulnerability was found. The company, founded in 1971, has over 500,000 members and now unfortunately has several of their files in circulation on the darker side of the internet. A range of data types were in the breach for example partial credit card information, as well as names and physical addresses. So far there has been no comment from the organisation in question.
The recent news that the 911 residential proxy service closed up shop has had threat actors and cyber criminals scrambling to find an alternative. 911 has been a proxy service for the past 7 years, a few days ago, they posted on their site "We regret to inform you that we have permanently shut down 911 and all its services" and that a hacker had broken into their system and essentially trashed the back end, making a recovery impossible.
Cybercriminals love proxies. Being able to route your traffic near to the location of your target to make purchases on their bank cards without triggering anything suspicious has definitely made things easier. In the past year, the other two big proxy services, VIP72 and Luxsocks have also shut down, and now that 911 is gone, clean, fast proxies are in high demand.
A member of the team noted that the a file sharing platform/application, which markets itself as a free flexible file sharing web app and was breached several years ago, is now doing the rounds as a free download on the dark web. Names, hashed SHA-256 passwords and over 2.5 million email addresses are among a few of the datasets in the breach.
DATA CATEGORIES DISCOVERED
Contact Data, Technical Data, Socia-Demographic Data, Financial Data, Locational Data, Communications Data.