Data breach broker

Data Breach Broker Trades Stolen Records From 26 Firms

Data breach broker allegedly does business with clients’ records stolen from twenty-six companies on a hacker forum, BleepingComputer reports.

When threat actors and hacking groups breach a company and steal their user databases, they commonly work with data breach broker who market and sell the data for them. Brokers will then create posts on hacker forums and dark web marketplaces to market the stolen data.

Last Friday, a data breach broker began selling the combined total of 368.8 million stolen user records for twenty-six companies on a hacker forum.

Chatbooks breach

Of these twenty-six companies, only eight are new alleged data breaches that have not been previously disclosed. These seven companies are Teespring.com, MyON.com, Chqbook.com, Anyvan.com, Eventials.com, Wahoofitness.com, Sitepoint.com, and ClickIndia.com.

In a conversation with the data breach broker, BleepingComputer was told that Teespring is being sold for $3,800-$4,000, MyON for $2,800, and Chqbook for $1,800. The broker has not decided on pricing for the other databases.

The full list of companies whose alleged data is being sold, including the number of user records and whether they were previously disclosed, is listed below.

CompanyUser RecordsKnown?
Teespring.com 8.2 millionNo
MyON.com13 millionNo
Chqbook.com1 millionNo
Anyvan.com4.1 millionNo
Eventials.com1.4 millionNo
Wahoofitness.com1.7 millionNo
Sitepoint.com1 millionNo
Clickindia.com 8 millionNo
Juspay.in 100 millionYes
Knockcrm.com 6 millionYes
Mindful.org1.7 millionYes
Bigbasket.com 20 millionYes
Reddoorz.com 5.8 millionYes
Hybris.com (SAP.com)4 millionSAP client data
Wedmegood.com1.3 millionYes
Wongnai.com 4.3 millionYes
Geekie.com.br 8.1 millionYes
Accuradio.com2.2 millionYes
Everything5pounds.com2.9 millionYes
Cermati.com2.9 millionYes
Netlog.com (Twoo.com)53 millionYes
Reverbnation.com 7.8 millionYes
Fotolog.com33 millionYes
Pizap.com60 millionYes
ModaOperandi.com1.2 millionYes
Singlesnet.com 16 millionYes

Responses from companies affected by the data breach broker

After learning about this forum post, BleepingComputer reached out to the companies that have not been previously disclosed in the past.

MyON confirmed that their systems was breached but stated that student’s private data was not exposed.

“In July 2020 we were made aware of a bad actor trying to sell portions of our data on the dark web.  We immediately began investigating to shut down any continued threats to our data or the data of our customers.  We were then able to confirm that according to federal and state privacy laws, no confidential student or customer data was compromised, and this incident did not rise to the level of an actual breach of student private data.”

“We are committed to the protection of the privacy of our user’s and customer’s data and have instituted supplemental protections in addition to our standard information security measures.  Additional information about those efforts is outlined in our information Security  Overview and our online Privacy Hub at https://www.renaissance.com/privacy/,” MyON told BleepingComputer via email.

From the samples seen of the MyON data breach, the exposed information consisted of login names, BCrypt hashed passwords, and names.

In an email to BleepingComputer, Chqbook.com claims that they were not breached.

“There has been no data breach and no information belonging to our customers has been compromised. Data security is a key priority area for us and we conduct periodic security audits to ensure the safety of our customers’ information,” Chqbook told BleepingComputer.

BleepingComputer has emailed some of the users listed in the Chqbook sample to confirm if the data belongs to them.

Finally, TeeSpring told us that they are investigating whether they have been breached.

What should users of these sites do?

Other than MyON and Chqbook’s statements, it has not been confirmed if the other six companies have suffered a data breach.

Historically, sold data breaches like this tend to be legitimate, and companies soon disclose them after the new becomes public.

For now, if you have an account at any of the sites listed above, it is strongly suggested that you change your password to a strong and unique one used only at that site.

If the same password has been used at other sites, change your password to a unique one there as well.

BleepingComputer recommends using a password manager to keep track of strong and unique passwords at sites you have accounts.

This article is sourced from:https://www.bleepingcomputer.com