Dark Web Roundup: January 2021
February 19, 2021 • RBS
Month of January, 2021
Malicious threat actors never stop, but neither do we. Risk Based Security’s Cyber Risk Analytics research team is dedicated to gathering the latest in data breach intelligence. Here is our round up of what we’ve seen at the start of this year.
A trove of sensitive personal data was dumped on a dark web hacking forum on January 4th, following a December 2020 incident. The leaked files contained nearly 28 GB of stolen information, ranging from user credentials to in-depth car details and service history. Users are at an increased risk of insurance scams as names, addresses, and other personally identifying information were compromised. Risk Based Security researchers have published a full detailed report on the incident with an analysis of affected customer email address domains.
In April 2020, popular service provider Wappalyzer disclosed a highly-publicized breach. However, it wasn’t until January 18th, 2021 that the data was publicly leaked on a dark web hacking forum. Risk Based Security researchers analyzed the database and found 18,510 user records with email addresses, tokens, IP addresses, billing addresses as well as accountholder metadata. While not all records contain billing addresses, the total number of impacted users is slightly higher than the count provided by Wappalyzer.
Bourse Des Vols
The French travel company exposed financial and user data in a recent hack. The breach occurred on January 11th and the user database of website “bdv.fr” was shared on a dark web hacking forum on January 16th. It contained approximately 1.5 million user records and included email addresses, phone numbers, dates of birth, flights taken or booked, and partial credit card data.
The healthcare related technology provider was recently compromised and had numerous databases leaked, including approximately 15 million user records with patient information and user credentials containing 10,738 bcrypt hashed passwords. According to the threat actor who shared it on January 13th, the breach occurred on December 20th, 2020. The databases include patients’ personal information such as names and addresses, as well as appointment information or dates visited. Healthcare information is highly sought after by hackers for its value on the black market, and third-party service providers are a popular target.
As one of the most prolific ransomware operators, the team behind REvil announced last year that they would hold auctions for pilfered data. Those auctions are still available on their dark web website which is dedicated to sharing compromised databases and updates. REvil attacks still seem to be occurring. Their victims’ data has been auctioned from anywhere between tens to hundreds of thousands of dollars.
Threat Actor Updates
A new threat actor has emerged on a dark web hacking forum and has made quite an entrance by leaking 9 databases from January and February. Allegedly it was the same actor that pilfered and posted the databases. Together, the databases are responsible for more than 20 million user records and include airlines, energy companies, and healthcare related organizations. The threat actor is actively sharing compromised databases and seems to target vulnerable websites.
An account operating under the name of “lingscarsdotcom” leaked a compilation of 26 compromised databases, allegedly hacked by the threat actor themselves the week of January 13th. Most of the databases appear to be forums or gaming related websites, and include 1.6 million user records in total. The threat actor appears to be impersonating an infamous car dealership website.
The notorious threat actor/s ShinyHunters continued their campaign by leaking numerous compromised databases, including Wappalyzer and a large database from Bonobos. The leaked databases do not appear to be hacked by ShinyHunters, and are understood to have been given out publicly as a form of retribution against other compromised database dealers.
Cyber Risk Analytics:
The standard and most comprehensive resource for data breach intelligence and risk ratings.