[BreachExchange] Dark Web Roundup: January 2021

Destry Winant destry at riskbasedsecurity.com
Tue Feb 23 10:42:03 EST 2021 

https://www.riskbasedsecurity.com/2021/02/19/dark-web-roundup-january-2021/

Month of January, 2021

Malicious threat actors never stop, but neither do we. Risk Based
Security’s Cyber Risk Analytics research team is dedicated to gathering the
latest in data breach intelligence. Here is our round up of what we’ve seen
at the start of this year.

Leaked Databases

DRIVESURE

A trove of sensitive personal data was dumped on a dark web hacking forum
on January 4th, following a December 2020 incident. The leaked files
contained nearly 28 GB of stolen information, ranging from user credentials
to in-depth car details and service history. Users are at an increased risk
of insurance scams as names, addresses, and other personally identifying
information were compromised. Risk Based Security researchers have
published a full detailed report on the incident with an analysis of
affected customer email address domains.

WAPPALYZER

In April 2020, popular service provider Wappalyzer disclosed a
highly-publicized breach. However, it wasn’t until January 18th, 2021 that
the data was publicly leaked on a dark web hacking forum. Risk Based
Security researchers analyzed the database and found 18,510 user records
with email addresses, tokens, IP addresses, billing addresses as well as
accountholder metadata. While not all records contain billing addresses,
the total number of impacted users is slightly higher than the count
provided by Wappalyzer.

BOURSE DES VOLS

The French travel company exposed financial and user data in a recent hack.
The breach occurred on January 11th and the user database of website “bdv.fr”
was shared on a dark web hacking forum on January 16th. It contained
approximately 1.5 million user records and included email addresses, phone
numbers, dates of birth, flights taken or booked, and partial credit card
data.

MMG FUSION

The healthcare related technology provider was recently compromised and had
numerous databases leaked, including approximately 15 million user records
with patient information and user credentials containing 10,738 bcrypt
hashed passwords. According to the threat actor who shared it on January
13th, the breach occurred on December 20th, 2020. The databases include
patients’ personal information such as names and addresses, as well as
appointment information or dates visited. Healthcare information is highly
sought after by hackers for its value on the black market, and third-party
service providers are a popular target.

Ransomware Updates

REVIL

As one of the most prolific ransomware operators, the team behind REvil
announced last year that they would hold auctions for pilfered data. Those
auctions are still available on their dark web website which is dedicated
to sharing compromised databases and updates. REvil attacks still seem to
be occurring. Their victims’ data has been auctioned from anywhere between
tens to hundreds of thousands of dollars.

Threat Actor Updates

POMPOMPURIN

A new threat actor has emerged on a dark web hacking forum and has made
quite an entrance by leaking 9 databases from January and February.
Allegedly it was the same actor that pilfered and posted the databases.
Together, the databases are responsible for more than 20 million user
records and include airlines, energy companies, and healthcare related
organizations. The threat actor is actively sharing compromised databases
and seems to target vulnerable websites.

LINGS CARS

An account operating under the name of “lingscarsdotcom” leaked a
compilation of 26 compromised databases, allegedly hacked by the threat
actor themselves the week of January 13th. Most of the databases appear to
be forums or gaming related websites, and include 1.6 million user records
in total. The threat actor appears to be impersonating an infamous car
dealership website.

SHINYHUNTERS

The notorious threat actor/s ShinyHunters continued their campaign by
leaking numerous compromised databases, including Wappalyzer and a large
database from Bonobos. The leaked databases do not appear to be hacked by
ShinyHunters, and are understood to have been given out publicly as a form
of retribution against other compromised database dealers.

Cyber Risk Analytics:
The standard and most comprehensive resource for data breach intelligence
and risk ratings.

Learn More <https://www.cyberriskanalytics.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210223/31a94b2d/attachment.html>

More information about the BreachExchange mailing list