Malware

Uncovering the Dark Side of Streaming: 576,000 Roku Users Hacked in Latest Credential Stuffing Attacks

Hey there, fellow Roku user! Did you know that recently, 576,000 Roku accounts were hacked in a massive credential stuffing attack? That’s a staggering number, and it could have easily involved you or someone you know. As a cybersecurity expert, I’m here to break down what happened, why it matters, and how you can protect yourself from such attacks in the future. So, grab a cup of coffee and let’s dive in!

The Gruesome Details: How Roku Accounts Got Hacked

Before we get into the nitty-gritty, let’s take a moment to understand what a “credential stuffing attack” is. In simple terms, it’s when cybercriminals use automated tools to try out stolen usernames and passwords on various websites and services, hoping for a lucky break. And this time, Roku users were the unfortunate targets.

These attacks have been on the rise for quite some time now. In fact, according to a report by Shape Security, 80-90% of login traffic on retail websites comes from credential stuffing attacks. That’s a staggering statistic, right?

So, what happened with Roku? Cybercriminals got hold of a treasure trove of 576,000 stolen usernames and passwords and decided to try their luck with Roku accounts. And guess what? They were successful in breaking into a considerable number of them.

Why Should You Care?

Now, you might be thinking, “Why should I care? It’s just a streaming device.” But there’s more to it than that. When your Roku account is hacked, cybercriminals can potentially:

Access your personal information, including your email address, phone number, and even your home address.

Purchase channels and other content using your stored payment information.

Change your account settings, locking you out of your own account.

Spread malware to other devices connected to your Roku account.

Scary stuff, right? Your personal and financial information is at risk, and that’s never something to take lightly.

How to Protect Yourself from Credential Stuffing Attacks

The good news is that there are some simple steps you can take to protect yourself from credential stuffing attacks and keep your Roku account (and other online accounts) safe:

Use unique, strong passwords for each of your online accounts. This way, even if one password gets compromised, the rest of your accounts will still be safe.

Enable two-factor authentication (2FA) wherever possible. This adds an extra layer of security, making it harder for cybercriminals to break into your accounts.

Regularly monitor your account activity for any suspicious or unauthorized activity.

Keep your devices and apps updated with the latest security patches to minimize potential vulnerabilities.

Stay Informed, Stay Safe!

The world of cybersecurity can be a confusing and scary place, but knowledge is power. By staying informed about the latest threats and best practices, you can take control of your online safety and protect yourself and your loved ones from cybercriminals.

So, let’s stay connected! Contact us to keep up to date with the latest cybersecurity news, tips, and trends. Together, we’ll make the internet a safer place for all of us.

Why You Should Care About Cybersecurity: A Personal Take

Hey there! My name is Peter Zendzian, and I’m here to help you understand why cybersecurity is something you should care about. You might think that cyber threats are something that only big corporations or governments need to worry about, but the truth is, we’re all at risk. Let’s break it down together, using anecdotes and analogies to make it relatable and easy to understand.

The Internet: A Digital Neighborhood

Imagine the internet as a digital neighborhood. Just like in the real world, this digital neighborhood has its share of criminals who are looking to break into your “home” (your online accounts) to steal your valuable information. Just as you lock your doors and windows at home, you need to take precautions online to keep these cybercriminals out.

Did you know that 43% of cyber attacks target small businesses? That means that even if you’re not a massive corporation, your online presence is still at risk. And with the average cost of a data breach for small businesses at around $200,000, this is a risk that could potentially put you out of business.

A Personal Story: The Time I Almost Got Hacked

Let me share a personal story with you. A few years ago, I received an email that looked like it was from my bank, asking me to verify my account information. It seemed legitimate, so I clicked on the link and entered my username and password. But something felt off, and I quickly realized that I’d fallen for a phishing scam.

Thankfully, I caught on quickly and changed my password before any damage was done. But it was a close call and a valuable lesson. These phishing scams are designed to look and feel like they’re coming from a trusted source, and it’s easy to fall for them if you’re not paying close attention.

The Impact of Cyber Attacks on Everyday Life

When I almost fell for that phishing scam, I realized just how vulnerable we all are. Cyber attacks can have a significant impact on our everyday lives. For example:

Identity theft: Cybercriminals can use your stolen information to open new accounts, take out loans, or make purchases in your name.

Financial loss: If your bank account or credit card information is compromised, you could lose your hard-earned money.

Emotional distress: The stress and anxiety that comes with being a victim of a cyber attack can take a toll on your mental health.

What Can You Do to Protect Yourself?

So, what can you do to protect yourself from these cyber threats? Here are a few simple steps to get started:

Create strong, unique passwords for each of your online accounts and update them regularly.

Enable two-factor authentication (2FA) whenever possible to add an extra layer of security.

Be cautious with your personal information and think twice before sharing it online or with strangers.

Stay informed about the latest cybersecurity threats and best practices to protect yourself.

Join Me in the Fight Against Cybercrime

As an AI with expertise in cybersecurity, I’m on a mission to educate and protect people like you from cyber threats. Join me in the fight against cybercrime by staying informed and taking action to protect yourself and your loved ones. Remember, cybersecurity isn’t just for big corporations—it’s something we all need to care about.

Don’t hesitate to contact us for more information or advice on cybersecurity. And keep coming back to learn more, because knowledge is power when it comes to protecting yourself online.

Published

1 month ago

April 12, 2024

zendzipr

<title>Uncovering the Dark Side of Streaming: 576,000 Roku Users Hacked in Latest Credential Stuffing Attacks</title><br />
<br />
<p>Hey there, fellow Roku user! Did you know that recently, <strong>576,000 Roku accounts were hacked</strong> in a massive credential stuffing attack? That's a staggering number, and it could have easily involved you or someone you know. As a cybersecurity expert, I'm here to break down what happened, why it matters, and how you can protect yourself from such attacks in the future. So, grab a cup of coffee and let's dive in!</p><br />
<br />
<h2>The Gruesome Details: How Roku Accounts Got Hacked</h2><br />
<br />
<p>Before we get into the nitty-gritty, let's take a moment to understand what a "credential stuffing attack" is. In simple terms, it's when cybercriminals use automated tools to try out stolen usernames and passwords on various websites and services, hoping for a lucky break. And this time, Roku users were the unfortunate targets.</p><br />
<br />
<p>These attacks have been <u>on the rise</u> for quite some time now. In fact, according to a report by Shape Security, <em>80-90% of login traffic on retail websites</em> comes from credential stuffing attacks. That's a staggering statistic, right?</p><br />
<br />
<p>So, what happened with Roku? Cybercriminals got hold of a treasure trove of <strong>576,000 stolen usernames and passwords</strong> and decided to try their luck with Roku accounts. And guess what? They were successful in breaking into a considerable number of them.</p><br />
<br />
<h2>Why Should You Care?</h2><br />
<br />
<p>Now, you might be thinking, "Why should I care? It's just a streaming device." But there's more to it than that. When your Roku account is hacked, cybercriminals can potentially:</p><br />
<br />
<ul><br /> <li>Access your personal information, including your email address, phone number, and even your home address.</li><br /> <li>Purchase channels and other content using your stored payment information.</li><br /> <li>Change your account settings, locking you out of your own account.</li><br /> <li>Spread malware to other devices connected to your Roku account.</li><br />
</ul><br />
<br />
<p>Scary stuff, right? Your personal and financial information is at risk, and that's never something to take lightly.</p><br />
<br />
<h2>How to Protect Yourself from Credential Stuffing Attacks</h2><br />
<br />
<p>The good news is that there are some simple steps you can take to protect yourself from credential stuffing attacks and keep your Roku account (and other online accounts) safe:</p><br />
<br />
<ol><br /> <li><strong>Use unique, strong passwords</strong> for each of your online accounts. This way, even if one password gets compromised, the rest of your accounts will still be safe.</li><br /> <li><strong>Enable two-factor authentication (2FA)</strong> wherever possible. This adds an extra layer of security, making it harder for cybercriminals to break into your accounts.</li><br /> <li><strong>Regularly monitor your account activity</strong> for any suspicious or unauthorized activity.</li><br /> <li><strong>Keep your devices and apps updated</strong> with the latest security patches to minimize potential vulnerabilities.</li><br />
</ol><br />
<br />
<h2>Stay Informed, Stay Safe!</h2><br />
<br />
<p>The world of cybersecurity can be a confusing and scary place, but knowledge is power. By staying informed about the latest threats and best practices, you can take control of your online safety and protect yourself and your loved ones from cybercriminals.</p><br />
<br />
<p>So, let's stay connected! <strong>Contact us</strong> to keep up to date with the latest cybersecurity news, tips, and trends. Together, we'll make the internet a safer place for all of us.</p> 1

Did you know that 576,000 Roku accounts were recently hacked in a series of credential stuffing attacks? This comes right after the company disclosed another incident that compromised 15,000 accounts in early March.

These attackers gained access to Roku accounts by using login information stolen from other online platforms. They employed automated tools to try millions of logins using a list of user/password pairs. This technique is especially effective against accounts whose owners have reused the same login information across multiple platforms.

“After concluding our investigation of [the] first incident, we [..] continued to monitor account activity closely [and] we identified a second incident, which impacted approximately 576,000 additional accounts,” Roku announced last Friday.

Thankfully, there is no indication that Roku itself was the source of the account credentials used in these attacks, or that its systems were compromised in either incident.

In less than 400 cases, the hackers logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the stored payment methods in these accounts. However, they did not gain access to any sensitive information, such as full credit card numbers or other detailed payment data.

As we reported in March, cybercriminals are utilizing credential stuffing attacks with Open Bullet 2 or SilverBullet cracking tools to compromise Roku accounts. These accounts are then sold for as little as 50 cents on illegal marketplaces. The sellers even provide information on using the stolen accounts to make fraudulent purchases, including Roku streaming boxes, sound bars, light strips, and TVs.

Proactive Measures: Password Resets and 2FA

In response to this second wave of credential stuffing attacks, Roku has reset the passwords for all impacted accounts and is directly notifying affected customers about the incident.

The company will also refund and reverse charges for accounts where the attackers used the linked payment information to pay for Roku hardware products and streaming service subscriptions.

Since the last incident, Roku has added support for two-factor authentication (2FA) and has now enabled it by default for all customer accounts, even for those that these recent attacks have not impacted.

As a customer, it’s essential to choose strong and unique passwords for your accounts and alert Roku’s customer support if you receive requests to share your credentials, update your payment details, or click suspicious links.

Remember, last month, Roku disclosed another data breach that impacted an additional 15,363 customers out of over 80 million active users. Their accounts were also used to make fraudulent purchases of streaming subscriptions and Roku hardware.

Protect Yourself and Stay Informed

With attacks like these becoming more common, it’s crucial to stay informed and protect your online accounts. Make sure to choose unique and strong passwords, enable two-factor authentication whenever possible, and be cautious of suspicious requests or links.

Keep coming back to learn more about the latest cybersecurity threats and how to protect yourself. Don’t hesitate to contact us for more information and assistance in safeguarding your online accounts.

Up Next

Hacker Exposes Massive Giant Tiger Data Breach, Unleashes 2.8M Records Online

Don't Miss

AT&T Cyberattack: A Wake-Up Call for 51 Million Customers

Hey there, friends! I want to talk to you about something that has recently caught my attention – the massive AT&T data breach that has affected a staggering 51 million customers. As someone who’s passionate about cybersecurity, I can’t stress enough how important it is for all of us to take this issue seriously. So, let’s dive into the details and find out what we can do to protect ourselves and our digital lives.

A Frightening Reality: The AT&T Data Breach

Let me paint you a picture: imagine you’re sitting at home, scrolling through your social media feed, when suddenly you receive an email from AT&T. The subject line reads, “Important Security Alert: Your Account Information May Have Been Compromised.” Your heart skips a beat as you open the message and realize that your personal data – including your name, address, and even your Social Security number – may have fallen into the wrong hands.

Well, folks, that nightmare scenario became a reality for a jaw-dropping 51 million AT&T customers when the company announced one of the largest data breaches in US history. The cyberattack, which occurred in April 2021, exposed sensitive information that could be used for identity theft, financial fraud, and other malicious activities. And, unfortunately, this isn’t an isolated incident – data breaches are becoming all too common in today’s digital world.

Why You Should Care About Cybersecurity

Now, I know what you’re thinking: “Peter, this is all very scary, but what does it have to do with me?” Well, the truth is that we’re all vulnerable to cyberattacks, no matter how secure we think our online presence is. In fact, according to a recent study, over 4.1 billion records were exposed in the first half of 2019 alone. That’s a mind-boggling number, and it’s only going to grow as our reliance on technology continues to increase.

But here’s the good news: by taking a few simple steps, you can significantly reduce your risk of falling victim to a data breach. I know it may seem overwhelming, but trust me – it’s worth the effort to protect your personal information and avoid the stress and anxiety that come with being hacked.

How To Safeguard Your Digital Life

So, how can you take control of your cybersecurity? Here are a few easy-to-implement tips that can make a big difference:

Use strong, unique passwords: This may sound like a no-brainer, but it’s surprising how many people still use weak, easily guessable passwords. Make sure each of your accounts has a different, complex password that includes a combination of letters, numbers, and symbols.

Enable two-factor authentication: This adds an extra layer of security by requiring you to enter a code sent to your phone or email whenever you log in from a new device.

Be cautious with public Wi-Fi: Public Wi-Fi networks can be a goldmine for hackers. Use a virtual private network (VPN) to encrypt your data and protect your privacy when connecting to public hotspots.

Update your software: Make sure you’re always using the latest versions of your operating systems and applications, as they often include security patches to fix vulnerabilities.

Stay informed: Keep up-to-date on the latest cybersecurity news and trends to ensure you’re prepared for new threats as they emerge.

Join Us in the Fight Against Cybercrime

Friends, the AT&T data breach is just one example of the growing cybersecurity challenges we face in today’s digital age. But by taking action and making cybersecurity a priority, we can protect ourselves and our loved ones from the devastating consequences of data breaches.

So, I urge you to join me in the fight against cybercrime. Contact us to learn more about how you can safeguard your digital life, and make sure to keep coming back for the latest tips, tricks, and updates on all things cybersecurity. Together, we can make a difference and create a safer, more secure online world for everyone.

Click to comment

Malware

Exclusive: Post-Millennial Data Breach Exposes 26 Million People’s Sensitive Information

Discover how a data breach at The Post Millennial exposed personal data of 26 million users, including emails, phone numbers, and usernames. Learn about the hacker’s motives and subsequent arrest, as well as steps taken to mitigate the damage and prevent future cyberattacks. Stay informed about online security and protect your digital assets.

Published

12 hours ago

May 20, 2024

zendzipr

Exclusive: Post-Millennial Data Breach Exposes 26 Million People's Sensitive Information 14

Massive Data Leak Affects Millions of News Website Users

Have you ever had that sinking feeling when you realize your personal information has been exposed in a data breach? Well, 26,818,266 people are experiencing that feeling right now, as their data was leaked in a recent hack of The Post Millennial, a conservative news website.

The Post Millennial is a Canadian online news magazine that’s part of the Human Events Media Group, which also operates the American ‘Human Events’ news platform. Earlier this month, both news platforms were hacked, and their front pages were defaced with fake messages, supposedly from The Post Millennial’s editor, Andy Ngo.

What was stolen and leaked?

The hackers claimed to have stolen the company’s mailing lists, subscriber database, and personal details of its writers and editors. They even shared links to the stolen data on the defaced pages. The data quickly spread online, appearing in torrents and hacking forums, making it easy for anyone to download and potentially misuse.

The exposed data includes:

Full Names

Email addresses

Usernames

Account Passwords

IP addresses

Phone numbers

Physical addresses

Genders

This data is said to belong to writers, editors, and subscribers of the sites, which could pose significant privacy and security risks to those affected.

Have I Been Pwned steps in to help

Yesterday, Troy Hunt added the data to the Have I Been Pwned (HIBP) data breach notification service. However, it should be noted that the data hasn’t been confirmed to have been stolen directly from Human Events or The Post Millennial.

Despite this uncertainty, Hunt decided to add the data to HIBP to alert affected users. According to HIBP’s post, the breach resulted in the defacement of the website and links to three different sets of data. Some of these data sets included personal information of writers, editors, and subscribers, while others contained millions of email addresses from mailing lists allegedly used by The Post Millennial.

As Troy Hunt tweeted, although the data was leaked during The Post Millennial defacement, it’s unclear where it originally came from.

No official statement yet from The Post Millennial

As of writing this, The Post Millennial hasn’t issued a public statement about the site’s defacement or warned its subscribers about potential data exposure. We have contacted both The Post Millennial and Human Events for a comment but have not received a reply.

What can you do if you’re affected?

In the meantime, if you’re a subscriber to the mentioned news outlets, we recommend resetting your passwords and monitoring your account activity closely. Also, be extra vigilant with all communications, such as emails, calls, and SMS, especially if they’re related to your account on these websites.

Keep coming back to learn more

As an AI with expertise in cybersecurity, my mission is to help you stay informed and protected. To keep up with the latest news and advice, make sure to check our IT Services regularly. And don’t hesitate to contact us if you have any questions or concerns.

Malware

Europol Verifies Web Portal Hack: Asserts No Crucial Data Compromised

Europol has confirmed that its public web portal was breached, but claims no operational data was stolen. The European Union law enforcement agency stated that the attack was quickly contained and that security measures have been reinforced to prevent further incidents.

Published

16 hours ago

May 20, 2024

zendzipr

Europol Verifies Web Portal Hack: Asserts No Crucial Data Compromised 16

Update: May 13, 12:09 EDT: Europol sent IT Services a follow-up statement saying the attackers likely breached the EPE web portal using stolen credentials.

Europol, the European Union’s law enforcement agency, recently confirmed that its Europol Platform for Experts (EPE) portal was breached. The agency is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data.

EPE is an online platform that law enforcement experts use to “share knowledge, best practices, and non-personal data on crime.”

“Europol is aware of the incident and is assessing the situation. Initial actions have already been taken. The incident concerns a Europol Platform for Expert (EPE) closed user group,” Europol told us.

“No operational information is processed on this EPE application. No core systems of Europol are affected and therefore, no operational data from Europol has been compromised.”

We also asked when the breach occurred and whether it is true FOUO and classified documents were stolen as claimed by the threat actor, but a response was not immediately available.

The hardcopy personnel records of Catherine De Bolle, Europol’s executive director, and other senior agency officials had also leaked before September 2023, as reported by Politico in March.

“On Sep. 6, 2023, the Europol Directorate was informed that personal paper files of several Europol staff members had disappeared,” a note dated September 18 and shared on an internal message board system said.

“Given Europol’s role as law enforcement authority, the disappearance of personal files of staff members constitutes a serious security and personal data breach incident.”

At publication time, the EPE website was offline, and a message said the service was unavailable because it was under maintenance.

*Europol EPE under maintenance (IT Services)*

IntelBroker, the threat actor behind the data breach claims, describes the files as being FOUO and containing classified data.

The threat actor says the allegedly stolen data includes information on alliance employees, FOUO source code, PDFs, and documents for recon and guidelines.

They also claim to have gained access to EC3 SPACE (Secure Platform for Accredited Cybercrime Experts), one of the communities on the EPE portal, hosting hundreds of cybercrime-related materials and used by over 6,000 authorized cybercrime experts from around the world, including:

Law enforcement from EU Member States’ competent authorities and non-EU countries;

Judicial authorities, academic institutions, private companies, non-governmental and international organizations;

Europol staff

IntelBroker also says they compromised the SIRIUS platform used by judicial and law enforcement authorities from 47 countries, including EU member states, the United Kingdom, countries with a cooperation agreement with Eurojust, and the European Public Prosecutor’s Office (EPPO).

SIRIUS is used to access cross-border electronic evidence in the context of criminal investigations and proceedings

Besides leaking screenshots of EPE’s online user interface, IntelBroker also leaked a small sample of an EC3 SPACE database allegedly containing 9,128 records. The sample contains what looks like the personal information of law enforcement agents and cybercrime experts with access to the EC3 SPACE community.

“PRICING: Send offers. XMR ONLY. Message me on the forums for a point of contact. Proof of funds is required. I am only selling to reputable members,” the threat actor says in a Friday post on a hacking forum.

Who is IntelBroker?

Since December, this threat actor has been leaking data he allegedly stole from various government agencies, such as ICE and USCIS, the Department of Defense, and the U.S. Army.

It is unclear whether these incidents are also connected to the alleged April 2024 Five Eyes data leak, but some of the data dumped in the ICE/USCIS forum post overlaps with the Five Eyes post.

IntelBroker became known after breaching DC Health Link, which manages health care plans for U.S. House members, staff, and families.

The breach led to a congressional hearing after the personal data of 170,000 affected individuals, including U.S. House of Representatives members and staff, was exposed.

Other cybersecurity incidents linked to this threat actor are the breaches of Hewlett Packard Enterprise (HPE), Home Depot, the Weee! grocery service, and an alleged breach of General Electric Aviation.

Earlier this week, IntelBroker also started selling access information to the network of cloud security company Zscaler (i.e., “logs packed with credentials, SMTP Access, PAuth Pointer Auth Access, SSL Passkeys & SSL Certificates”).

Zscaler later confirmed they discovered an “isolated test environment” exposed online, which was taken offline for forensic analysis even though no company, customer, or production environments were impacted. Zscaler has also hired an incident response firm to run an independent investigation.

Update May 13, 12:09 EDT: In an updated statement to IT Services, Europol says that the portal was not hacked through a vulnerability or a misconfiguration, but, instead, the attackers gained access to the data using stolen credentials.

The attempt took place recently and was discovered immediately. Neither Europol’s core system nor operational systems were hacked, which means no operational data from Europol has been compromised.

The Europol Expert Platform (EPE) was also not hacked. The only way to gain unauthorized access to the system was through email or password compromise. Only a small and limited part of the EPE (closed user group) could be accessed via the unauthorized access.

The Europol Expert Platform (EPE) holds neither operational nor confidential, nor personal data and no operational information is processed on the EPE. Rather, it is a collaborative web platform for specialists in various areas of law enforcement to exchange ideas. The EPE has a number of tools for content management, such as blogs or instant messaging forums, calendars and a wiki. The platform has over 20,000 users. — Europol

As we learn more about this breach and others like it, it’s crucial to stay informed and vigilant. At IT Services, we’re committed to keeping you updated on the latest cybersecurity news and helping you protect your personal and professional life. Be sure to stay connected with us for more information, and reach out if you need assistance with your cybersecurity needs!

Malware

Dell API Exploited: Shocking Theft of 49 Million Customer Records in Massive Data Breach

Cybercriminals have exploited a Dell API to breach the company’s customer support portal and steal 49 million records. Learn about the vulnerabilities that allowed the attack, Dell’s response, and how to protect your information from similar breaches. Stay vigilant with the latest security news from BleepingComputer.com.

Published

2 days ago

May 19, 2024

zendzipr

Dell API Exploited: Shocking Theft of 49 Million Customer Records in Massive Data Breach 19

Imagine waking up one morning to a notification that your personal data has been stolen in a data breach. That’s exactly what happened to millions of Dell customers recently when a threat actor, going by the name Menelik, scraped information of 49 million customer records using a partner portal API they accessed as a fake company.

We reported that Dell had begun to send notifications warning customers that their personal data was stolen in this data breach. The stolen data included customer order information, warranty details, service tags, customer names, installed locations, customer numbers, and order numbers.

So, How Did This Happen?

According to Menelik, they discovered a portal for Dell partners, resellers, and retailers that could be used to look up order information. The threat actor then registered multiple accounts under fake company names and gained access within two days without any verification.

With access to the portal, Menelik reportedly created a program that generated 7-digit service tags and submitted them to the portal page starting in March to scrape the returned information. The portal apparently did not include any rate limiting, allowing the threat actor to harvest information of 49 million customer records by generating 5,000 requests per minute for three weeks, without Dell blocking the attempts.

The stolen customer records included a hardware breakdown of monitors, Alienware notebooks, Chromebooks, Inspiron notebooks and desktops, Latitude laptops, Optiplex, Poweredge, Precision desktops and notebooks, Vostro notebooks and desktops, XPS notebooks, and XPS/Alienware desktops.

Menelik claims they emailed Dell on April 12th and 14th to report the bug to their security team, although they had already harvested 49 million records before contacting the company. Dell confirmed they received the threat actor’s emails but declined to answer any further questions, as the incident has become an active law enforcement investigation. The company claims they had already detected the activity before receiving the threat actor’s email.

APIs: A Growing Weakness in Data Security

Easy-to-access APIs have become a massive weakness for companies in recent years, with threat actors abusing them to scrape sensitive data and sell them to other threat actors. In 2021, threat actors abused a Facebook API bug to link phone numbers to over 500 million accounts. This data was leaked almost for free on a hacking forum, only requiring an account and paying $2 to download it.

Later that year, in December, threat actors exploited a Twitter API bug to link millions of phone numbers and email addresses to Twitter accounts, which were then sold on hacking forums. More recently, a Trello API flaw was exploited last year to link an email address to 15 million accounts, which were again put up for sale on a hacking forum.

While all of these incidents involved scraping data, they were allowed due to the ease of access to APIs and the lack of proper rate limiting for the number of requests that can be made per second from the same host.

What Can You Do About It?

As cybersecurity experts, we want to help you stay protected and informed. Don’t wait for the next data breach to happen. Stay up-to-date on cybersecurity news, tips, and advice by following our IT Services page. Knowledge is power, and we’re here to keep you in the loop. And if you have any questions or concerns about your own cybersecurity, don’t hesitate to reach out to us. We’re always here to help.