InfoSecBulletin Cybersecurity for mankind
The stolen database from the compromised website, BreachForums, has resurfaced, and its remnants are now available for purchase under the name “breached_db_person.” The public has been granted access to extremely sensitive information, including the US No Fly List, FBI’s InfraGard, DC Health Link with Members of Congress data, and much more, through this compromised forum.
Over 4,000 users’ personal details were disclosed in the recent breach of the new BreachForums clone controlled by a group called Shiny Hunters. The database that was stolen contains an impressive 212,000 records, consisting of usernames, IP and email addresses, private messages, as well as hashed passwords.
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
ALSO READ:
According to recent reports, the 2 GB file shared by the person responsible for breaching the database contains extensive data tables that include comprehensive information about member databases, private messages, and payment transactions. The information available has the potential to unveil previous breaches and pinpoint the culprits behind these assaults.
There is compelling evidence indicating a connection between payment information and forum rankings, as well as credit purchases. This raises concerns about the financial consequences for the users involved.
The stolen data’s legitimacy has been verified by “Have I Been Pwned,” a central repository that tracks online breaches and exploits. Our service has incorporated the BreachForums data into our database to provide users with the opportunity to verify whether their login credentials have been compromised. The person who did the bad thing and sold the database even shared it with “Have I Been Pwned” to prove that it was real and trustworthy for people who might want to buy it.
While the stolen data from BreachForums is indeed up for sale, the price to acquire it is truly astounding. With sellers asking anywhere from $100,000 to $150,000, obtaining the complete database snapshot from November 29th, 2022 is an investment not to be taken lightly.
It is crucial to take heed of the warnings issued by security experts and law enforcement agencies, who strongly discourage any attempts to obtain or utilize stolen information. By engaging in such actions, you are not only aiding criminal activities but also fueling an ongoing cycle of cybercrime. This can have severe consequences, as innocent individuals who have had their data compromised may suffer significant harm.
