Whopping 16 million users were affected by data breach.
14 November 2022BREACHAWARE HQ
A total of 16 breaches were found and analysed resulting in 10,182,392 leaked accounts containing a total of 17 different data types. The breaches found publicly and freely available included Aptoide (3), Pay System Tech, Azazie, Full Tilt and Yappy Media. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data, Socia-Demographic Data, Financial Data, Locational Data.
Data Breach Analysis
Aptoide, an alternative Android app store, and Azazie, a bridal and formalwear retailer, both operate in the e-commerce space, potentially putting customers’ purchasing histories and account access at risk. Pay System Tech, involved in payment processing, highlights the potential exposure of sensitive financial data, which could have direct implications for both individuals and businesses relying on its services.In the entertainment and gaming sector, platforms like Full Tilt (an online poker service) and Yappy Media demonstrate how user data from leisure-related apps continues to be a lucrative target. These types of breaches can lead to identity misuse, phishing attempts, and further credential stuffing attacks, especially when login information is reused across systems.
The risks extend beyond individual users. Organisations whose employees were impacted could face exposure through compromised corporate logins or endpoints, increasing the threat of internal breaches or business email compromise. The wide range of data types found in these incidents further broadens the potential for downstream exploitation.
Spotlight
A company that offers solutions to optimise non cash payments for carriers across Asia, the Americas and eastern Europe has been breached. It happened back in May and a whopping 16 million users were affected with partial credit card information and payment histories leaked.Another company whose data was breached back in mid-2019 has seen its data come back into circulation this week on various platforms where data is exchanged or traded in the underground community. With over 700k users in the breached data, there’s lots of plenty of useful data for threat actors including mobile phone numbers, email addresses, and physical addresses.
And finally, one that's been covered heavily by the media. Medibank was hit by a ransomware gang that threatened to drop more data if the demand of $10million wasn’t met. So far, they have dropped a reasonable amount of sample data, which includes over 2 million email addresses along with various datasets including names, physical addresses, dates of birth and Medicare numbers. We've also noticed, the ransomware site has gone offline, perhaps being DDOS by a friend of medibank?
Smarter Privacy Starts with Awareness
Scan Any Domain for Free https://breachaware.com/scan