The "ultimate marketplace for selling your business" suffers a data breach.
14 August 2023BREACHAWARE HQ
A total of 20 breach events
were found and analysed resulting in 8,226,171 exposed accounts
containing a total of 18 different data types of personal datum
. The breaches found publicly and freely available included Drive Sure, Guia TV Pro, Stalker, Propostuplenie and Podrygka. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Financial Data, Technical Data, Socia-Demographic Data, Special Category, Usage Data, Documentary Data.
Data Breach Analysis
Drive Sure operates in the insurance sector, likely involving sensitive policyholder information such as personal identification, driving records, and payment details. Exposure of this data can lead to financial fraud, identity theft, and misuse of insurance benefits, impacting both customers and the company’s reputation.Guia TV Pro is a media and television guide service, where leaked data may include subscriber information, viewing preferences, and contact details. While this may seem less critical, such data can be exploited for targeted marketing scams or phishing attacks.
Stalker, presumably linked to entertainment or content streaming, likely held user accounts and subscription information. Compromise of such data puts users at risk of account takeover, unauthorised charges, and privacy violations.
Propostuplenie is related to education, possibly handling student or applicant information, academic records, and personal identifiers. The breach of educational data raises concerns around identity fraud and misuse of academic credentials.
Podrygka is a social networking or lifestyle platform, where personal communications, profiles, and private data may have been exposed. Such breaches can lead to social engineering attacks, harassment, or blackmail.
Spotlight
The largest marketplace for the sale of businesses in the UK has suffered a data breach. The company are "the ultimate marketplace for selling your business" according to their website. They started out in 2006 and now have over 5,000 locations across the UK and claim to have sold over £10.4 billion worth of businesses.Popular malware researchers have recently received, let's say, some interesting emails... The emails come from a domain run by the Bureau Of Alcohol, Tobacco, Firearms, and Explosives, which is a sub-section of the U.S. Department of Justice. The threat actor sent a screenshot with his emails as proof that he or she had compromised a government email address. The emails range from the usual online talk to remarks that the staff at the malware developer group should "take showers". The developers are currently keeping everyone entertained by posting it to their social media accounts. There’s a government official out there, and some are not aware his email account is being used to spam malware developers with emails reading "meow" and "scilly needs a shower."
Lolek, a bulletproof hosting provider has been shut down via a joint effort of the FBI and Europol. Bulletproof hosting has been targeted by law enforcement for many years. The providers of such hosting sites promise a no-log policy and normally have little to no rules on what their customers can host on their servers. From Distributing malware, cybercrime forums, and command and control servers. They would also ignore reports of criminality or their customers breaking copyright. Five individuals were arrested.
Vulnerability Chat
During a BlackHat security conference, Microsoft security researcher outlined the issues effecting the widely used industrial automation software CODESYS. "Threat actors could launch a 'Denial of Service' attack against a device using a vulnerable version of CODESYS to shut down industrial operations or exploit 'Remote Code Execution' vulnerabilities to deploy a backdoor to steal sensitive data, tamper with operations, or force a PLC to operate in a dangerous way."Synack Red security researchers have found holes in ScutisWeb software, used to monitor banking and ATM fleets. Threat actors could exploit the flaws to obtain data from the server, execute arbitrary commands and obtain encrypted admin passwords and decrypt them using a hardcoded key.
A Google security expert has discovered a security flaw in Intel's CPU's. Reportedly, billions of Intel processors are effected, which are used in private computers as well as in cloud servers. "This vulnerability enables users to access and steal data from other users who share the same computer. For instance, a malicious app could use the flaw to steal sensitive information."
Trellix researchers presented vulnerabilities with CyberPower and Dataprobe that are widely used in data centres. Trellix have warned the vulnerabilities could be exploited to power down a data centre, plant malware that could spread to customer machines or conduct espionage.
Information Privacy Headlines
The Police Service of Northern Ireland (PSNI) has apologised for mistakenly revealing details of all its 10,000 staff. NI's Police Federation said the breach could cause "incalculable damage". UC Berkeley researchers have found that hand and head motion data could be as good as fingerprints and facial scans at identifying users, raising a host of privacy concerns as headset adoption grows. Australian patients are being pushed to provide their personal data to Cornerstone Health's medical app and rewards program in order to access bulk billing from their GP, raising privacy concerns.Meanwhile, Iraq’s Ministry of Communications has lifted the ban on messaging service Telegram. The ban, which was originally placed due to data protection concerns, was lifted after the app provider communicated with the Iraqi government to “detect the parties that leaked citizens’ data.”
Smarter Privacy Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan