Security Affairs

JULY 19, 2018

Thousands of account credentials associated with the popular file storage service Mega have been published online, The former NSA hacker Patrick Wardle, co-founder at Digita Security , discovered in June a text file containing over 15,500 usernames, passwords, and files names. ” read the post published by ZDNet.

IT 49

IT Data breaches File names Passwords 49

Security Affairs

JUNE 26, 2021

On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. On June 14th, Altus Group, a commercial real estate software solutions company, has announced that its data was breached. A week later, they reported “no evidence of impact”.

Ransomware 103

Ransomware File names Archiving Encryption 103

Security Affairs

JULY 6, 2020

The second database that may be from Shanghai Yanhua Smartech has even more sensitive data, such as easily-decoded audio files, names, employee ID numbers, heart rates, oxygen levels, GPS locations and more. Most of these records are for vehicle GPS locations and tracks, facility data, and people’s GPS tracks.

Passwords 78

Passwords File names Access Phishing 78

Security Affairs

MARCH 1, 2021

. “And if that same site visitor clicks the “direct download link” provided on this page, they receive a.zip archive file with a filename that exactly matches the search query terms used in the initial search, which itself contains another file named in precisely the same way.” ” continues the analysis.

Search queries 113

Search queries CMS Ransomware File names 113

Security Affairs

JANUARY 24, 2023

No Fly List exposed on the Internet, the sensitive data were hosted on a server run by US airline CommuteAir. Crimew discovered a file named NoFly.csv which is a legitimate U.S. records (first names, last names, and dates of birth) belonging to people with suspected or known ties to terrorist groups.

Archiving 91

Archiving File names Access Authentication 91

Security Affairs

MARCH 17, 2022

The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. The name B1txor20 is based on the file name “b1t” used for the propagation and the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes.

Honeypots 129

Honeypots File names Communications Encryption 129

Troy Hunt

JANUARY 16, 2019

Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". It's made up of many different individual data breaches from literally thousands of different sources. This number makes it the single largest breach ever to be loaded into HIBP.

Data breaches 112

Data breaches Passwords Risk Personal data 112

Troy Hunt

FEBRUARY 26, 2018

tl;dr - a collection of nearly 3k alleged data breaches has appeared with a bunch of data already proven legitimate from previous incidents, but also tens of millions of addresses that haven't been seen in HIBP before. It's also interesting because among nearly 3k other breaches, the data contains Dropbox.

Data breaches 89

Data breaches Passwords Cleanup File names 89

Security Affairs

DECEMBER 8, 2021

This helps us warn users and organizations that their data is being exposed and help them plug the leaks. Back in September, while gathering intelligence on an IoT search engine, our security researchers stumbled upon a DS_STORE file that was apparently stored on a web server owned by Microsoft Vancouver. What’s in the file?

Passwords 99

Passwords Metadata File names Phishing 99

Troy Hunt

NOVEMBER 19, 2020

It's increasingly hard to know what to do with data like that from Cit0Day. If that's an unfamiliar name to you, start with Catalin Cimpanu's story on the demise of the service followed by the subsequent leaking of the data. rar files in it whilst the second has a further 8,949.rar

Passwords 145

Passwords Archiving Risk File names 145

Troy Hunt

SEPTEMBER 13, 2018

This is going to be a brief blog post but it's a necessary one because I can't load the data I'm about to publish into Have I Been Pwned (HIBP) without providing more context than what I can in a single short breach description. In short, this data is a combination of sources intended to be used for malicious purposes.

Passwords 63

Passwords Data breaches File names Risk 63

Troy Hunt

FEBRUARY 11, 2019

The 773 Million Record "Collection #1" Data Breach On Thursday 17 Jan, I loaded 773M records into Have I Been Pwned (HIBP) which I titled "Collection #1". Collection #1 was 87GB of data but collections #2 through #5 totalled another 845GB on top of that. There were 2.7B rows of email addresses and passwords in total, but only 1.6B

Passwords 83

Passwords Data breaches Communications IT 83

Troy Hunt

OCTOBER 19, 2017

This week, I started looking into a large database backup file which turned out to contain the personal data of a significant portion of the South African population. Who Am I and Why Do I Have This Data? On March 14 this year, someone sent me a 27GB file called "masterdeeds.sql" which was a MySQL database backup file.

Data breaches 84

Data breaches Personal data Government IT 84

Troy Hunt

FEBRUARY 14, 2018

As I'll show shortly, we also find huge troves of breached data there. That remaining 6% of content in the "dark web" consists of resources accessible by "hidden" services, namely Tor. Keep in mind that the Ashley Madison data was torrented extensively by the people that stole it in the first place!

Data breaches 83

Data breaches Passwords Marketing Access 83

Troy Hunt

MARCH 3, 2021

I've investigated hundreds of data breaches over the years (there are 514 of them in Have I Been Pwned as I write this), and for the most part, the situation with Gab is just another day on the internet. A couple of days ago, I posted a thread about their alleged breach. Gab's approach.

Passwords 145

Passwords Data breaches Mining Risk 145