'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
The scam is aimed at social media influencers.
10 April 2023BREACHAWARE HQ
A total of 38 breach events were found and analysed resulting in 4,071,980 exposed accounts containing a total of 24 different data types of personal datum . The breaches found publicly and freely available included Go2Pub, Next Cash, Ucraft, Stealer - RedLine 0280 and Zingr. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Special Category, Technical Data, Contact Data, Financial Data, Socia-Demographic Data, Locational Data, Behavioural Data, Usage Data, Documentary Data.
Data Breach Analysis
Go2Pub operates in the digital advertising space, where breaches can compromise advertising strategies, client data, and financial transactions. Exposure here risks not only individual user data but also the integrity of advertising campaigns and business operations.Next Cash, likely related to financial or payment services, faces heightened risks when customer data is exposed, including potential fraud, identity theft, and financial losses for both users and the institution.
Ucraft, a website builder platform, handles user information related to site creation and management. A breach in this sector can jeopardise the data of businesses and individuals relying on the platform, affecting their digital presence and potentially leaking sensitive business information.
The inclusion of Stealers indicates data stolen through malware infections, usually containing login credentials, payment details, and personal identifiers. Such data greatly increases the risk of account takeovers, fraudulent activity, and broader cyberattacks.
Zingr, a social networking service, involves personal profiles and communication data. Breaches here can lead to privacy violations, social engineering risks, and exploitation of personal connections.
Spotlight
A crypto pyramid scheme with half a million members, which offers, yes you’ve guessed right, amazing monetary gain for inviting friends and family to join the scheme has been compromised. Of course no ones wins here apart from the scammers at the top running the operation, the unlucky people who sign up get scammed and then there credentials get leaked online. The site is aimed at social media influencers and promises a $10 reward for anyone signing up to the scheme via a unique link given to each influencer.An iOS application that claims to “keep your WhatsApp files safe and clean” has suffered a security breach. A quick look at the website makes us question how legitimate this site is. There is no explanation as to how the application interacts with your whatsapp account. It doesn’t feel like a good idea to allow a 3rd party application to interact with your end to end encryption messaging app.
Vulnerability Chat
There has been chat of a serious vulnerability with a popular cloud hosting service that offers services such as domains, bots and dedicated servers. The anonymous individual(s) have described the vulnerability in great detail and reported the bug to the company in question. Frustrated with the time taken to fix the bug, they went on to say the company “deserves to be punished”.From what we gather if someone bought access to one of their dedicated servers, they could over-ride the DCHP server and be able to add as many IP addresses as they like from the thousands they offer from that subnet. This means a threat actor could create a huge amount of IP address’s which could be used for a range of malicious activities.
Information Privacy Headlines
Canada's privacy watchdog is investigating OpenAI, ChatGPT after a receiving a complaint alleging "the collection, use and disclosure of personal information without consent" according to privacy commissioner Philippe Defresne. While in the UK, the information commissioner has said TikTok have done "very little, if anything" to stop underage users and subsequently fined them £12.7m for processing the data of 1.4 million children under 13 who were using the platform without parental consent.Tesla's anti-theft video recording function 'sentry mode' continues to cause worry across the globe. Following disputes from China to the Netherlands, German consumer group vzbv filed a lawsuit against Tesla for failing to mention in advertising that the recordings risk infringing local data privacy laws. In related news, according to interviews by Reuters with former Tesla employees, between 2019-2022 employees shared, via an internal messaging system, videos and images recorded by customers' cars, some of which were described as highly invasive and sensitive.
Smarter Privacy Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan
