430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Carder forum claims 150 million logins for sale from CloudBleed case

The carder forum CVV2Finder claims to have more than 150 million logins from several popular services, including Netflix and Uber. The carder forum CVV2Finder claims to have more than 150 million logins, from several popular services, including Netflix and Uber. The operators in the forum are offering the precious commodity to the VIP members. According to […]

Carder forum claims 150 million logins for sale from CloudBleed case

The carder forum CVV2Finder claims to have more than 150 million logins from several popular services, including Netflix and Uber.

The carder forum CVV2Finder claims to have more than 150 million logins, from several popular services, including Netflix and Uber. The operators in the forum are offering the precious commodity to the VIP members.

According to the experts, the data were obtained by exploiting the recently discovered Cloudbleed, a flaw that was causing the leak of a wide range of sensitive information in the CloudFlare infrastructure, including authentication cookies and login credentials of numerous organizations using the popular service.

The Cloudbleed security issue with Cloudflare servers has a significant impact on numerous major organizations, including Uber, Fitbit, 1Password, and OKCupid. Cloudbleed also affects mobile apps, because, they are developed using the same backends as browsers for content delivery and HTTPS (SSL/TLS) termination.

The flaw was discovered by the popular researcher Tavis Ormandy from Google Project Zero Team.

The Canadian researcher Phineas (@itsphin) published on GitHub a list of more than 4 million domains possibly affected by Cloudflare’s Cloudbleed HTTPS Traffic Leak.

The list includes popular services such as 23andme, Coinbase, Patreon, Yelp, Fiverr, and Change.org.

“This list contains all domains that use Cloudflare DNS, not just the Cloudflare proxy (the affected service that leaked data). It’s a broad sweeping list that includes everything. Just because a domain is on the list does not mean the site is compromised, and sites may be compromised that do not appear on this list.” explained Phineas.

“Cloudflare has not provided an official list of affected domains, and likely will not due to privacy concerns. I’m compiling an unofficial list here so you know what passwords to change.”

https://twitter.com/itsphin/status/835264045674528769

Experts at Salted Hash received via email the following screenshot the CVV2Finder carder forum.

CloudBleed

A messaged appeared on the CVV2Finder forum clearly refers the Cloudbleed case as the source of millions of fresh credentials for popular services.

“Dear DeepWeb Users of cvv2finder, After the success of the latest attack (cloudbleed) to cloudflare servers, More than 150 Million Fresh Logins Avaliable for Uber , Netflix … and many more. After hours these data will be avaliable into a database and would sell it for 250k$. This offer only for VIP users.”

This means that the impact of CloudBleed was much larger than first thought with a serious impact for CloudFlare customers.

Experts noticed that Netflix isn’t a CloudFlare customer, so the presence of the file in the list of accounts offered for sale is suspect.

“CVV2Finder lists Netflix, Dominos, several “People Meet” dating websites, Tidal, CBS, Bitdefender, Origin, Dell, UPS, HBO Now, Spotify, and DirecTV accounts in their database as available to purchase.” reported Salted HAsh. “However, there are only 2,300 accounts, a far cry from the 150 million they are promising.”

Stay Tuned …

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cloudbleed , hacking)