January 29, 2021 • RBS

Categories: Security News

Month of December, 2020

Malicious threat actors never stop, but neither do we. Risk Based Security’s Cyber Risk Analytics research team is dedicated to gathering the latest in data breach intelligence. Here is our round up of what we’ve seen.

Leaked Databases


A database was leaked on a popular dark web hacking forum allegedly stemming from The CSV file stolen from the Brazilian company included 40,138 user records with names, phone numbers, addresses, dates of birth, email addresses and encrypted passwords. Shockingly, the CSV also captured approximately 500 complete credit card details in cleartext. It is vital that organizations always ensure that credit card information is encrypted.

IM Jobs 

A massive 47 GB file was shared among hackers, allegedly from the Indian company, IM Jobs. Analyzing the file revealed more than 224 database tables in a single text file. It consisted of 4,286,860 user records with device data, social media profiles, names, education information, occupations and employers, salaries, dates of birth, phone numbers as well as approximately 1,500 hashed and cleartext passwords. Some emails and resumes were also deemed confidential.


With the recent increase in cryptocurrency prices, it’s no surprise that cryptocurrency companies continue to be targeted. Risk Based Security researchers observed databases leaked from numerous related sources such as CBANX exchange, trader and email opt-in lists, and most notably, the cryptocurrency wallet manufacturer Ledger. While occurring last June, the data was released in an unrestricted manner in December, posing a significant risk to affected users.

Home Refill 

Allegedly from the Brazilian company Home Refill, this shared database consisted of 196,414 user accounts with usernames, names, phone numbers, email addresses and hashed passwords with salts. It also included CPF numbers, the Brazilian equivalent of social security numbers. The breach has not yet been announced by the organization.

Ransomware Updates


The notorious Maze ransomware operators ceased operations last month, but their website dedicated to sharing their victims’ data had been operational up until now. The dark web onion site has now been taken down, and there is no indication of when, or if it will return. The ransomware operators had vowed to return though there has been no subsequent activity.

Threat Actor Updates


Last month, Risk Based Security reported on the third wave of database leaks from the well-known threat actor “ShinyHunters”. After leaking 17 databases and a whopping 129,406,564 user records, the leaks have concluded in November. ShinyHunters returned in 2021 with a number of new breached database leaks. Starting on January 17th, 2021, the threat actor has leaked 10 new databases.

RELATED: ShinyHunters Wave 3: One Hacker Exposes over 125 Million Credentials

Mycelium Security 

A new threat actor operating under the name “Mycelium Security ” surfaced in December, and subsequently leaked 4 databases. This includes 65,000 user records from the publicly traded company Koei Tecmo. The threat actor has taken credit for all of the hacks and leaked databases, and has also offered other compromised databases for sale.

Cyber Risk Analytics:
The standard and most comprehensive resource for data breach intelligence and risk ratings.

Read More Dark Web Roundup
December 2021
November 2021
October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
December 2020
November 2020
Our products
The Platform
Risk Based Intelligence
Learn more
Vulnerability Intelligence
Learn more
Cyber Risk Analytics
Threat Intelligence
Learn more
Risk Management
Learn more