Dark Web Roundup: December 2020
January 29, 2021 • RBS
Month of December, 2020
Malicious threat actors never stop, but neither do we. Risk Based Security’s Cyber Risk Analytics research team is dedicated to gathering the latest in data breach intelligence. Here is our round up of what we’ve seen.
A database was leaked on a popular dark web hacking forum allegedly stemming from Genco.com.br. The CSV file stolen from the Brazilian company included 40,138 user records with names, phone numbers, addresses, dates of birth, email addresses and encrypted passwords. Shockingly, the CSV also captured approximately 500 complete credit card details in cleartext. It is vital that organizations always ensure that credit card information is encrypted.
A massive 47 GB file was shared among hackers, allegedly from the Indian company, IM Jobs. Analyzing the file revealed more than 224 database tables in a single text file. It consisted of 4,286,860 user records with device data, social media profiles, names, education information, occupations and employers, salaries, dates of birth, phone numbers as well as approximately 1,500 hashed and cleartext passwords. Some emails and resumes were also deemed confidential.
With the recent increase in cryptocurrency prices, it’s no surprise that cryptocurrency companies continue to be targeted. Risk Based Security researchers observed databases leaked from numerous related sources such as CBANX exchange, trader and email opt-in lists, and most notably, the cryptocurrency wallet manufacturer Ledger. While occurring last June, the data was released in an unrestricted manner in December, posing a significant risk to affected users.
Allegedly from the Brazilian company Home Refill, this shared database consisted of 196,414 user accounts with usernames, names, phone numbers, email addresses and hashed passwords with salts. It also included CPF numbers, the Brazilian equivalent of social security numbers. The breach has not yet been announced by the organization.
The notorious Maze ransomware operators ceased operations last month, but their website dedicated to sharing their victims’ data had been operational up until now. The dark web onion site has now been taken down, and there is no indication of when, or if it will return. The ransomware operators had vowed to return though there has been no subsequent activity.
Threat Actor Updates
Last month, Risk Based Security reported on the third wave of database leaks from the well-known threat actor “ShinyHunters”. After leaking 17 databases and a whopping 129,406,564 user records, the leaks have concluded in November. ShinyHunters returned in 2021 with a number of new breached database leaks. Starting on January 17th, 2021, the threat actor has leaked 10 new databases.
A new threat actor operating under the name “Mycelium Security ” surfaced in December, and subsequently leaked 4 databases. This includes 65,000 user records from the publicly traded company Koei Tecmo. The threat actor has taken credit for all of the hacks and leaked databases, and has also offered other compromised databases for sale.
Cyber Risk Analytics:
The standard and most comprehensive resource for data breach intelligence and risk ratings.