InfoSecBulletin Cybersecurity for mankind
A big data breach was found with a combolist containing 122GB of data containing 361 million unique email addresses taken from thousands of Telegram channels.
The dataset contains passwords and websites linked to them. It reveals a lot of new data that has been added to the breach alert service called Have I Been Pwned (HIBP).
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
Troy Hunt reported a discovery last week made by an anonymous researcher. The dataset includes 151 million email addresses not previously listed in the service, with 2 billion lines in 1,748 files. This shows that Telegram is widely used for sharing sensitive and illicit data.
Telegram is a messaging platform that offers privacy features. It lets users create channels to share information anonymously. Some people use this feature to distribute data from breaches. These data collections, also known as “combolists,” contain combinations of email addresses or usernames with passwords. These combolists are used in attacks to gain unauthorized access to accounts.
Data sent to Hunt came from 518 Telegram channels and had different sizes. Some files were very large, with millions of rows. The biggest files seemed to be a result of info stealer malware. This malware captured login information when people entered it on compromised computers. Hunt made sure the data was real by contacting HIBP subscribers and confirming that the stolen login information was accurate.
Responses from subscribers varied when contacted. Some recognized old passwords that had been used before, while others confirmed new and previously unseen data. For instance, one subscriber recognized passwords that had been used for different services over the past five years, and another identified credentials related to their daughter’s old Epic Games account. These verifications highlight the legitimacy of the data and the continued risk of credential theft.
Credential stuffing attacks use these combolists to access large numbers of accounts, which is a major threat to users. Various websites, such as Nike, Footlocker, and an Italian tire retailer, have confirmed that the stolen data includes email addresses, showing that many users are affected.
Given the severity of this breach, users are advised to take immediate action to secure their accounts:
Create new and unique passwords for all accounts.
Use a reliable password manager to create and save strong passwords.
Use two-factor authentication (2FA) whenever you can.
Check your accounts regularly for any unusual activity and turn on alerts for any unauthorized access attempts.
Update all your devices with the latest security patches.
