Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Threat actors are offering for sale 550 million stolen user records

Threat actors are offering for sale tens of databases on a hacker forum that contains roughly 550 million stolen user records. Security experts from Cyble reported that a threat actor is attempting to sell twenty-nine databases on a hacker forum since May 7. Forum members could also buy each database individually. The archives allegedly contain a total […]

Threat actors are offering for sale 550 million stolen user records

Threat actors are offering for sale tens of databases on a hacker forum that contains roughly 550 million stolen user records.

Security experts from Cyble reported that a threat actor is attempting to sell twenty-nine databases on a hacker forum since May 7. Forum members could also buy each database individually. The archives allegedly contain a total of 550 million stolen user records.

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020.

https://twitter.com/AuCyble/status/1260947667640709121

The data could be used by crooks to launch credentials stuffing attacks against individuals and organizations.

Hackers are also offering for sale a separate database containing 47.1 million phone numbers that are part of Dubsmash data breach that occurred in 2018.

Below the list of databases, published by Bleepingcomputer, that are available for sale:

CompanyAmountData Breach Date
Evite.com101 millionMarch 2019
Tokopedia.com91 millionApril 2020
piZap.com60.9 millionApril 2018
Netlog.com (Twoo.com)57 millionNovember 2012
Dubsmash.com Phone numbers47.1 millionDecember 2018
Shein.com42 millionJune 2018
Fotolog.com33.5 millionDecember 2018
CafePress.com23.6 millionFebruary 2019
Wanelo.com Customers23.2 millionDecember 2018
OMGPop.com21.4 millionAugust 2019
SinglesNet.com16.3 millionSeptember 2012
Bukalapak.com13 millionFebruary 2018
Bookmate.com8 millionJuly 2018
ReverbNation.com7.9 millionJanuary 2014
Wego.com6.5 millionN/A
EatStreet.com6.4 millionMay 2019
PumpUp.com6.4 millionN/A
CoffeeMeetsBagel.com6.2 millionMay 2018
Storybird.com4 millionDecember 2018
Minube.net3.2 millionMay 2019
Sephora.com3.2 millionJanuary 2017
CafeMom.com2.6 millionApril 2014
Coubic.com2.6 millionMarch 2019
Roadtrippers.com2.5 millionMay 2019
DailyBooth.com1.6 millionApril 2014
ClassPass.com1.6 millionOctober 2017
ModaOperandi.com1.3 millionApril 2019
Rencanamu.id (Youthmanual.com)1.1 millionJanuary 2019
StreetEasy.com1 millionMay 2018
Yanolja.com1 millionMarch 2019

Users can verify if their credentials are part of one of the above breaches querying the the Cyble’s amibreached.com data breach lookup service.

Those who have their account exposed in one of the above incidents are recommended to change their password.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – threat actors, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]