The total dump is over 330GB worth of SQL files...
08 May 2023BREACHAWARE HQ
A total of 10 breach events
were found and analysed resulting in 8,990,513 exposed accounts
containing a total of 18 different data types of personal datum
. The breaches found publicly and freely available included Sogaz, Manufacturers Association For Information Technology (MAIT), Ploschad Mira, Kickback and Sahibinden. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Technical Data, Contact Data, Financial Data, Socia-Demographic Data, Usage Data, Documentary Data, Special Category, Behavioural Data.
Data Breach Analysis
Sogaz is a major insurance provider in Russia, and a breach of this kind can place policyholders at risk of identity fraud, financial scams, or unauthorised access to insurance benefits. For the organisation, exposed account data may erode trust and invite regulatory scrutiny, especially given the sensitive nature of financial and health-related information insurers often hold.The Manufacturers Association for Information Technology (MAIT) is an Indian trade body that supports the IT hardware and electronics sector. Breaches involving such organisations may reveal personal or professional information of members and partners, potentially impacting collaborations, internal security, and future communications.
Ploschad Mira (a Russian online classifieds and content platform), Kickback (a gaming and esports community), and Sahibinden (a Turkish online marketplace for goods, property, and vehicles) all cater to large user bases in the digital services space. Data leaks from these platforms risk user profiling, phishing attacks, or account takeovers, especially when contact details, login credentials, or transaction records are involved.
Spotlight
A notorious hacker group or hacker, no one really knows, has successfully targeted an Indian start-up furniture company. The company is located in Bangalore and offers the rental of furniture, flats and mobile phones to name few and raised over a hundred million dollars in funding back in June 2020. A huge amount of their user data has been dumped for free online and is now in circulation. The total dump is over 330 GB worth of SQL files. But don’t worry, the company has released a statement saying "We are working tirelessly to ensure the highest level of security." Of course, users caught up in the breach are now relaxed about the personal data being dumped online.The first insurance company to operate in Russia that was founded in 1993 in Moscow has been breached. The breach is pretty extensive, with millions of unique email addresses exposed within the data along with the usual data types you would expect with insurance data.
A management software service offering online marketing, team collaboration and event planning has suffered a data breach. The software looks a bit like Microsoft Teams, where users can engage on different channels and tasks all within a sleek application. The data is from several years ago, but that doesn’t mean it isn’t important; users could still be using the same credentials to login. The kind of data supplied by the user for this software doesn’t tend to change the full name or date of birth, for example.
Vulnerability Chat
A new hacker group has been causing the Pakistani government some trouble. They have managed to obtain a huge database of COVID-19 patients, which contains sensitive information about recovery, vaccine status, and other similar data types. The data appears to have been stolen straight off the government website. To make matters worse for the government, the hackers also posted the username and password for the admin server.DDoS with a smile: there’s a DDoS service running adverts on hacking channels and dark-web forums offering very low rates starting at $60 a day. They claim to be able to take down any website and that their botnets can shut down 88% of services.
Information Privacy Headlines
The ECJ (European Court of Justice) has recently ruled "not every infringement of the GDPR gives rise, in itself, to a right of compensation." The ruling is in relation to the 'threshold of seriousness' above which non-material damages like stress or mental health deterioration could be conferred compensation.The FTC (US Federal Trade Commission), for the 3rd time, is taking action against Meta by proposing a new 'blanket prohibition' on their collection and use of young users' personal data. The FTC has accused Meta of having "misled parents about their ability to control with whom their children communicated through its Messenger kids app."
Smarter Privacy Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan