U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A dataset of 200 million PII exfiltrated from several Japanese websites offered on underground market

FireEye iSIGHT Intelligence discovered on the underground market a dataset allegedly containing 200 million unique sets of personally identifiable information stolen from several popular Japanese websites. Security experts from FireEye iSIGHT Intelligence have discovered on underground forums a dataset allegedly containing 200 million unique sets of personally identifiable information (PII) stolen from several popular Japanese website databases. It’s […]

japan NISC

FireEye iSIGHT Intelligence discovered on the underground market a dataset allegedly containing 200 million unique sets of personally identifiable information stolen from several popular Japanese websites.

Security experts from FireEye iSIGHT Intelligence have discovered on underground forums a dataset allegedly containing 200 million unique sets of personally identifiable information (PII) stolen from several popular Japanese website databases.

It’s likely the data was taken via opportunistic compromise.

In reality, the dataset was discovered in an instant messenger group for sharing and offering data.

The huge trove of data was first discovered in December 2017, the archive was offered by a Chinese user at around $150.

Stolen records included names, credentials, email addresses, dates of birth, phone numbers, and home addresses.

The huge archive is composed of data stolen from Japanese websites of a variety of industries, including those in the retail, transportation sectors, food and beverage, financial, and entertainment.

According to the experts, data was raked between May and June 2016, the threat actor has offered for sale site databases on Chinese underground forums since at least 2013.

“Yes, we’ve observed actors who were selling Japanese PII data or interested in purchase,” said Oleg Bondarenko, senior manager for international research at FireEye. “However [we] have never observed at such scale.”

Many users commented on the advertisement demonstrating their interest for the data, but some of them provided negative feedback because they did not receive the purchased database.

“The data was extremely varied and not available through publicly available data sources; therefore, we believe that the advertised data is genuine,” states FireEye.

Experts believe data was genuine, they noticed that most of the email addresses out of a random sample of 200,000 belong to major third-party leaks.

“Since we did not observe most of the leaked data in any dataset as coming from one specific leak or on any publicly available website, this also indicates that the actor is unlikely to have bought or scraped the information from data leaks and resold it as a new product,” continues FireEye.

Japanese websites

The analysis of another sample composed of 190,000 credentials revealed that 36% contained duplicate values and the presence of a huge numbed fake email addresses.

The seller was offering data stolen from websites in China, Taiwan, Hong Kong, European countries, Australia, New Zealand, and North American countries.

“Since much of this information has been previously leaked in large-scale data leaks, as well as the possibility that it has been previously sold, we anticipate that this dataset will not enable new large scale malicious activity against targeted entities or individuals with leaked PII,” FireEye concluded.

According to the officials, the scale of the data put up for sale is unprecedented for Japan.

FireEye is warning Japanese government offices and affected businesses. They say the information could be used to carry out cyberattacks on Japan.

Masatomi Iwama, an executive of FireEye’s Japan branch, explained that people must be careful about their security hygiene.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Japanese websites, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]