U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Chris Vickery announced a 1.37 billion records data leak to disclose on Monday

The popular security researcher Chris Vickery announced that he will shortly reveal the source of a massive data leak. Which is the source? The popular cyber security expert Chris Vickery from security firm MacKeeper announced that he will shortly reveal the source of a huge data breach impacting individuals. 1.4 billion identity leak story incoming […]

Chris Vickery announced a 1.37 billion records data leak to disclose on Monday

The popular security researcher Chris Vickery announced that he will shortly reveal the source of a massive data leak. Which is the source?

The popular cyber security expert Chris Vickery from security firm MacKeeper announced that he will shortly reveal the source of a huge data breach impacting individuals.

data leak

Vickery also offered a teaser of the leak, also reducing the number of identities by 30,000.

Security experts are speculating about the name of the alleged victim of the data breach, it is a huge amount of data and this restricts the list of candidates.

Online is circulating the name of the Aadhaar, that is the world’s largest biometric ID system, with over 1.123 billion enrolled members as of 28 February 2017. It includes data from more than 99% of Indians aged 18 and above.

“The data is collected by the Unique Identification Authority of India (UIDAI), a statutory authority established on 12 July 2016 by the Government of India, under the Ministry of Electronics and Information Technology, under the provisions of the Aadhaar Act 2016.”

The Indian Government promptly denied the database belongs the Aadhaar system.

“In a comprehensive clarification with regard to misinformation in some news items and articles appearing in various print and social media during the last few days alleging breach of Aadhaar data, misuse of biometrics, breach of privacy, and creation of parallel databases etc., UIDAI said that it has carefully gone into these reports and would like to emphasise that there has been no breach to UIDAI database of Aadhaar in any manner whatsoever and personal data of individuals held by UIDAI is fully safe and secure.” reads the official statement issued by the UIDAI.

“In a statement, UIDAI has said that Aadhaar based authentication is robust and secure as compared to any other contemporary systems. Aadhaar system has the capability to inquire into any instance of misuse of biometrics and identity theft and initiate action.”

Another hypothesis on the possible origin of the huge trove of data is China which the only other country with a so big archive (1.37bn identities is China). Which brings us to other candidates, namely:

Giving a look at the private sector, a limited number of companies have databases with a similar dimension.

Facebook, WhatsApp, Apple, Microsoft, Yahoo, the Chinese WeChat and the Tencent platforms IM QQ and social network Qzone.

El Reg also speculated the involvement of a data harvesting company.

“The likes of Oracle, Salesforce and Wayin have colossal databases of individuals and businesses they sell to marketers and others, and claim to have hundreds of millions of records. Can’t be discounted.” reads El Reg.

Whoever it is, the data leak highlights the poor level of security for data base exposed online.

Chris Vickery discovered many other clamorous cases of open database exposed on the Internet. In December 2015 the security expert discovered 191 million records belonging to US voters online, in April 2016 he also discovered a 132 GB MongoDB database open online and containing 93.4 million Mexican voter records.

In March 2016, Chris Vickery has discovered online the database of the Kinoptic iOS app, which was abandoned by developers, with details of over 198,000 users.

In January 2017, the expert discovered online an open Rsync server hosting the personal details for at least 200,000 IndyCar racing fans.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – data leak, hacking)

[adrotate banner=”13″]