Malware
Exclusive Access to Sought-After BreachForums Database and Private Chats Now Available in Thrilling Hacker Data Breach Auction
Breachforums, a notorious hacker forum, has fallen victim to a major data breach. The attackers have gained access to the platform’s database and private chats, compromising sensitive information. This breach raises concerns about the security of user data and highlights the growing risks of online platforms. Find out more about this alarming incident and its implications.
Breached Cybercrime Forum’s Database for Sale and Shared with Have I Been Pwned
Concerns about data breaches usually revolve around consumers and their exposed information. However, it is now the hackers who are feeling the heat as the notorious Breached cybercrime forum’s database is up for sale and its member data has been shared with Have I Been Pwned.
Yesterday, the data breach notification service Have I Been Pwned announced that visitors can check if their information was compromised in a data breach of the Breached cybercrime forum.
“In November 2022, the well-known hacking forum “BreachForums” was itself breached. Later the following year, law enforcement agencies arrested the operator of the website and seized the site,” reads the announcement from Have I Been Pwned.
The breach exposed 212k records, including usernames, IP and email addresses, private messages between site members, and passwords stored as argon2 hashes.
Breached was a large hacking and data leak forum notorious for hosting, leaking, and selling data stolen from hacked companies, governments, and organizations worldwide.
After the arrest of the site’s admin Pompompurin in March 2023, the remaining administrator, Baphomet, decided to shut down the forum due to concerns that law enforcement also had access to the site’s servers.
Subsequently, Baphomet launched a new version of the forum called BFv2 with another data breach seller known as Shiny Hunters.
Did the Ransomware Attack on the Parent Company of KFC and Pizza Hut Lead to the Data Breach?
The recent ransomware attack on the kfc and pizza hut parent company has raised concerns about a potential data breach. As cybercriminals exploit vulnerabilities, it remains uncertain if sensitive data from these popular restaurant chains has been compromised. Investigations are underway to determine the extent of the breach and safeguard customer information.
A Valuable Data Source
The Breached database is currently being sold by a threat actor known as “breached_db_person.” They have shared the database with Have I Been Pwned to validate its authenticity for potential buyers.
BleepingComputer has also verified that known Breached accounts are listed in the shared member’s table.
Previous Breached admin Baphomet has confirmed the legitimacy of the database and issued a warning that its sale is part of an ongoing campaign to dismantle the community.
“Not only was the database submitted to Have I Been Pwned, but it is also being actively sold and leaked by at least one person, who even attempted to do so on our forum,” warned Baphomet.
“For that reason, I’m sure we’re going to see it become public soon enough. Judging by the 212k users, this is likely an older database from months before the closure of BFv1, considering that my last forum backup had 336k users.”
According to the seller, only law enforcement, Baphomet, and Pompompurin possess the database.
The threat actor is offering to sell the Breached database to a single buyer for $100,000 – $150,000. The database contains a snapshot of the entire dataset taken on November 29th, 2022.
The database is approximately 2 GB in size and includes all tables, such as private messages, payment transactions, and the member database.
While the FBI has already gained access to the Breached database after seizing the servers, this data remains valuable for cybersecurity researchers and potentially other threat actors.
The seller, breached_db_person, informed BleepingComputer that the private message tables contain incriminating information about forum members. Furthermore, the “members” database includes IP addresses, indicating that many threat actors do not employ good operational security and instead use residential IP addresses.
The private messages table holds great value as it contains messages exchanged privately among forum members, potentially revealing information about past attacks, identities, and other useful details.
Samples from the payments table were shared with BleepingComputer and contain information about payments made to purchase forum ranks (membership levels with additional benefits) and credits (a form of forum currency).
These payments were processed through CoinBase Commerce or Sellix, with Coinbase transactions including links to order confirmations that may contain sensitive information, such as cryptocurrency addresses and Coinbase payment IDs.
This cryptocurrency data can be valuable to blockchain analytics companies, allowing them to link threat actors to criminal activities using the cryptocurrency addresses.
Breached and its members have been responsible for numerous hacks, extortion attempts, ransomware attacks, and the leaking of stolen data from various companies. These breaches include DC Health Link, Twitter, RobinHood, Acer, Activision, and many others.
Therefore, the private messages could prove invaluable to researchers. The seller mentioned that they have already been contacted by cybersecurity firms requesting a copy of the data for their own research.
Other threat actors have also expressed interest, with one offering $250,000 for the database.
Although it is still too early to determine whether the database will be sold, even if it is, it would not be surprising for the entire dataset to be leaked for free in the future.
It is common for data breaches to initially be privately purchased and then released later to enhance reputation within the data theft community.
Recently, the seized RaidForums data breach forum also experienced a data breach, and the new BreachedForums clone (BFv2) had its database leaked.
Malware
Finastra Battles Massive Data Breach: Unraveling the SFTP Hack Impact on Fintech Titan
Fintech firm Finastra is probing a potential data breach following a hacking incident involving its SFTP server. The breach, which may have exposed sensitive user data, has prompted the company to bolster its security measures and notify affected customers.
Did you know that even the largest and most successful financial software companies can fall victim to cyberattacks? Recently, Finastra, a company that serves over 8,000 institutions across 130 countries, experienced a cybersecurity incident that put their customers’ sensitive data at risk.
The Incident at Finastra
Finastra is a global financial software company that counts 45 of the world’s top 50 banks and credit unions among its clients. With over 12,000 employees and a revenue of $1.7 billion last year, it’s a major player in the finance sector. On November 7, 2024, a cyber attacker managed to access one of Finastra’s Secure File Transfer Platform (SFTP) systems using compromised credentials.
So far, the company’s investigation, supported by external cybersecurity experts, has not found evidence that the breach extended beyond the SFTP platform. But the attack has raised concerns about the security of the company’s software services, which include lending solutions, payment processing, cloud-enabled retail and banking platforms, and trading risk management tools.
How We Learned About the Breach
Brian Krebs first reported the security breach after seeing a data breach notification sent to an impacted person. The attack appears to be linked to a post on a hacking forum, where a threat actor named “abyss0” claimed to be selling 400GB of data stolen from Finastra.
When we asked Finastra about the forum post, they wouldn’t confirm or deny if the data belonged to them. However, they did acknowledge a limited-scope security breach and are currently evaluating its impact. They also stressed that the compromised SFTP platform was not used by all their customers and was not their default file exchange platform.
What’s Next for Finastra and Its Customers?
The exact impact and scope of the breach are still under investigation. It may take some time to determine who has been affected, but Finastra has assured that those who are deemed impacted will be contacted directly. As a result, public disclosures from the company are not expected.
Interestingly, the threat actor who published the data samples earlier this month has since deleted the post. It’s unclear whether the data was sold to a buyer or if “abyss0” became concerned about the sudden publicity.
A History of Cybersecurity Incidents
This isn’t the first time Finastra has experienced a cybersecurity incident. In March 2020, the company was hit by ransomware actors and forced to take parts of its IT infrastructure offline, causing service disruptions. At the time, reports highlighted Finastra’s lackluster vulnerability management strategy, as they were using older versions of Pulse Secure VPN and Citrix servers.
What Can We Learn From This?
The Finastra breach is a stark reminder that no organization is immune to cyber threats. As technology continues to evolve, so do the tactics and techniques used by cybercriminals. It’s crucial for companies, large and small, to prioritize cybersecurity and invest in the latest security measures to protect their customers’ data.
And for you, as a reader and potential customer, it’s important to stay informed about the latest cybersecurity news and best practices. That’s where we come in. We’re committed to providing you with the most up-to-date information on cybersecurity, so you can stay one step ahead of the bad guys. So why not reach out to us and keep coming back to learn more about how you can protect yourself and your business from cyber threats?
Malware
Ford Dismisses Data Breach Accusations, Asserts Customer Information Remains Secure
Ford has denied allegations of a data breach, assuring customers that their information remains secure. The automaker responded to claims made by a security researcher who discovered a vulnerability in their systems, stating that no sensitive data was accessed or exposed. Ford is working closely with the researcher to investigate and resolve the issue.
As someone who cares about cybersecurity, I can’t help but feel concerned about the recent news that Ford is investigating allegations of a data breach. A threat actor going by the name ‘EnergyWeaponUser’ claimed on a hacking forum to have leaked 44,000 customer records. They also implicated another hacker, ‘IntelBroker,’ who supposedly took part in the breach back in November 2024.
What’s in the leaked data?
The leaked information includes Ford customer records containing personal details such as full names, physical locations, purchase details, dealer information, and record timestamps. While this data might not be extremely sensitive, it still contains personally identifiable information (PII) that could be used in phishing and social engineering attacks targeting the affected individuals.
What’s interesting is that the threat actors didn’t try to sell the dataset. Instead, they offered it to registered members of the hacker forum for eight credits, equivalent to just a little over $2.
Ford’s response and investigation
We reached out to Ford to validate the claims, and a spokesperson confirmed that they are actively investigating the allegations. They stated, “Ford is aware and is actively investigating the allegations that there has been a breach of Ford data. Our investigation is active and ongoing.”
Is there credibility to these allegations?
The involvement of IntelBroker in the breach lends some credibility to the threat actor’s allegations. This hacker has a track record of confirmed breaches, including recent ones at Cisco’s DevHub portal, Nokia (through a third party), Europol’s EPE web portal, and T-Mobile (via a vendor).
The data samples leaked by the threat actors include locations from around the world, with the United States being one of them.
How to protect yourself from potential risks
In light of this potential data exposure, it’s crucial to treat unsolicited communications with caution and reject requests for revealing more information under any pretense. Keep an eye out for any suspicious emails, messages, or phone calls that might use this leaked information to manipulate or deceive you.
An important update from Ford
After our initial report, Ford provided us with an additional statement based on new findings from their ongoing investigation. They said, “Ford’s investigation has determined that there was no breach of Ford’s systems or customer data. The matter involved a third-party supplier and a small batch of publicly available dealers’ business addresses. It is our understanding that the matter has now been resolved.” – A Ford spokesperson
Stay informed and stay safe
Keeping up to date with cybersecurity news and best practices is crucial in today’s digital world. Continue to check back with us for the latest information and advice on protecting yourself and your data. Remember, knowledge is power, and staying informed is the first step in defending against potential threats.
Malware
US Space Tech Powerhouse Maxar Reveals Massive Employee Data Breach
US-based space technology firm Maxar Technologies has disclosed a data breach, potentially affecting current and former employees. The company discovered unauthorized access to its database, which may have exposed personal information such as names, birth dates, and Social Security numbers. Maxar has launched an investigation and is offering identity theft protection services to affected individuals.
Picture this: You work at a leading U.S. satellite maker, Maxar Space Systems, and one day, out of the blue, you receive a notification that hackers have accessed your personal data. It’s a nightmare scenario, right? Well, that’s exactly what happened to some employees at Maxar.
Breaking into Maxar’s Network
Maxar discovered that a hacker had breached their company network and accessed files containing employee personal data. The intruder used a Hong Kong-based IP address and had access to the system for about a week before the company discovered the breach.
As soon as Maxar’s information security team detected the unauthorized access, they took action to prevent the hackers from going deeper into the system. But the damage was already done.
Why You Should Care About Maxar
Maxar Space Systems is a big deal in the American aerospace industry. They’re known for building communication and Earth observation satellites. Based in Colorado, they have built more than 80 satellites currently in orbit. Their technology plays a significant role in space exploration, like the Maxar 1300 platform’s essential role in NASA’s Psyche mission and the power and propulsion elements used for the Artemis Moon exploration program.
What Personal Data Was Exposed?
The hacker likely accessed the following employee information:
- Name
- Home address
- Social security number
- Business contact information
- Gender
- Employment status
- Employee number
- Job title
- Hire/termination and role start dates
- Supervisor
- Department
Thankfully, no bank account information was exposed in this cybersecurity incident.
What’s Next for Maxar Employees?
Maxar is offering affected current employees IDShield identity protection and credit monitoring services. Former employees have until mid-February 2025 to enroll in identity theft protection services from IDX.
While the data breach exposed personal information, it’s also important to consider the potential impact on proprietary technical data. In a somewhat related incident, a threat actor claimed in July to have scraped the user base of GeoHIVE, a geospatial intelligence platform by Maxar Technologies, the parent company of Maxar Space Systems.
We reached out to Maxar Technologies to ask about the possibility of confidential technology data exposure and a possible link to the scraping incident, but a comment wasn’t immediately available.
Take Action to Protect Yourself
This breach at Maxar Space Systems is a stark reminder of the importance of cybersecurity. Don’t wait until it’s too late to protect your personal and business data. If you’re not sure where to start, we’re here to help. Our IT Services will guide you through the process of securing your data and keeping it safe from hackers.
Contact us today and stay ahead of the game. And don’t forget to keep coming back to learn more about cybersecurity and how you can protect yourself and your business.
-
Malware1 year ago
Flagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
-
Malware1 year ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
-
Data Protection Regulations1 year ago
Top Data Protection Officer Certification Courses Reviewed
-
Security Audits and Assessments1 year ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
-
Data Protection Regulations1 year ago
Top 11 Data Protection Training Programs for Compliance
-
Data Protection Regulations1 year ago
Navigating Data Protection Laws for Nonprofits
-
Data Protection Regulations1 year ago
9 Best Insights: CCPA’s Influence on Data Security
-
Security Audits and Assessments1 year ago
HIPAA Security Risk Assessment: Essential Steps Checklist