This attracts the attention of threat actors and scammers.

A total of 16 breach events were found and analysed resulting in 530,458 exposed accounts containing a total of 27 different data types of personal datum . The breaches found publicly and freely available included Stealer - Mixed Logs 0286, Stealer - Mixed Logs 0287, Bitaksi (2), Rina and Stealer - Mixed Logs 0292. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Analysis

Several of the breaches are linked to “Stealer - Mixed Logs” variants, which typically involve data collected through malware designed to capture login credentials, payment information, and other personal identifiers directly from infected devices. This kind of exposure is especially dangerous as it can lead to identity theft, unauthorised account access, and financial fraud, affecting both individuals and organisations relying on secure data handling.

Bitaksi, a ride-hailing service, operates in the transportation sector where user data often includes sensitive details such as location history, payment methods, and personal identification. Breaches in this domain can undermine user trust and pose safety risks, while also exposing the company to regulatory and reputational damage.

Rina, depending on its sector, likely involves services where personal or professional data is stored, making the breach a potential threat to client confidentiality and organisational integrity.

Spotlight

An online marketplace that sells usernames for social media platforms as well as gaming networks has been breached. There are a few ethical issues that come up when high value usernames are bought and sold. For instance, a lot of the original people who created a four-letter twitter handle don’t want to part with their username as it is seen as special and could be valuable.

This naturally attracts the attention of threat actors and scammers, who then target these individuals via means of harassment, targeted phishing campaigns or straight up coercion. There have been some reports of individuals being harassed for months to part with their Instagram username. These can be sold for thousands of dollars online. The passwords in the data were hashed to a high standard however IP addresses were exposed along with the names of half a million users.

Data from a political party in Turkey has been leaked too. The hackers who posted the data added a small text file explaining the reason for the attack. They have a lot to say, but here are their top two reasons for the attack:

1. killing thousands of innocent people all over Turkey with torture in their death cells,
2. persecuting people in the name of the fake Islamic army.

If it's true then this seems like a noble motive however here at BreachAware we do not condone cyber attacks for any reason. A lot of different types of data about the users who were registered on the website were exposed, including biometric data about their blood group.

Vulnerability Chat

A recent video was posted online demonstrating a user bypassing 2FA on telegrams. Posing a serious threat to users, the hacker in the video uses some type of script to login to a victim's account. This means your account can be accessed even if you set up 2FA and attach your email.

Then, a cyber security company has taken a dig at one of the top ransomware gangs on the market, saying the reliability of their service has declined and they have appeared negligent in managing their service. The gang responded on their onion domain in the section of there site where they post ransomed data.

The title of the section was the name of the company in question with two sentences attached, first explaining that they cyber security company had scraped meaningless data from there site. The other sentence, read like this "Poppy, would you like to go to a restaurant with me? you sexy?