Report: Indian e-Payments App Exposes Millions of Users in Massive Data Breach

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a massive amount of incredibly sensitive financial data connected to India’s mobile payment app BHIM that was exposed to the public.

The website was being used in a campaign to sign large numbers of users and business merchants to the app from communities across India. All related data from this campaign was being stored on a misconfigured Amazon Web Services S3 bucket and was publicly accessible.

The scale of the exposed data is extraordinary, affecting millions of people all over India and exposing them to potentially devastating fraud, theft, and attack from hackers and cybercriminals.

👀 Data Breach Summary 👀

Company/Website: http://cscbhim.in/
Located: India
Industry: Mobile banking; e-payments; personal finance
Size of data in gigabytes: 409 GB
Suspected no. of records: ~7.26 million
No. of people exposed: Millions
Geographical scope: Nationwide across India
Types of data exposed: PII data
Potential impact: Identity theft, fraud, theft, viral attacks
Data storage format: AWS S3 bucket

👉🏼 Read more:
https://www.vpnmentor.com/blog/report-csc-bhim-leak/

#BHIM #india #data #brach #leak #epayment #app
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Millions of Telegram Users’ Data Exposed on Darknet

Telegram’s built-in contact import feature was exploited to leak the personal data of millions of users onto the darknet.

Telegram, a major privacy-focused messaging app, has suffered a data leak that exposed some personal data of its users on the darknet.

A database containing the personal data of millions of Telegram users has been posted on a darknet forum. The issue was first reported by Russian-language tech publication Kod.ru on Tuesday.

According to the report, the database contains phone numbers and unique Telegram user IDs. It remains unclear exactly how many users' data was leaked while the database file is about 900 megabytes.

About 40% of entries in the database should be relevant
Telegram has reportedly acknowledged the existence of the leaked database to Kod.ru. The database was collected through exploiting Telegram’s built-in contacts import feature at registration, Telegram reportedly said.

Telegram noted that the data in the leaked database is mostly outdated. According to the report, 84% of data entries in the database were collected before mid-2019. As such, at least 60% of the database is outdated, Telegram declared in the report.

Additionally, 70% of leaked accounts came from Iran, while the remaining 30% were based in Russia.

https://kod.ru/darknet-sliv-baza-telegram-jun2020/

👉🏼 Read more:
https://cointelegraph.com/news/millions-of-telegram-userss-data-exposed-on-darknet

#tg #telegram #leak #breach #database #exposed #darknet
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Hacker breaches security firm in act of revenge

Hacker claims to have stolen more than 8,200 databases from a security firm's data leak monitoring service.

A hacker claims to have breached the backend servers belonging to a US cyber-security firm and stolen information from the company's "data leak detection" service.

The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that leaked from other companies during past security breaches.

The databases have been collected inside DataViper, a data leak monitoring service managed by Vinny Troia, the security researcher behind Night Lion Security, a US-based cyber-security firm.

👀 👉🏼 https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/

👀 👉🏼 https://gist.github.com/campuscodi/226b0758e08592df2e5d898979d1da17

#DataViper #leak #breach #hacked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

AssangeLeaks

DDoSecrets Announcement About This Folder

With the Justice Department's superseding indictment against Assange, public access to the evidence becomes critical. The documents in this file illuminate that case and illustrate how WikiLeaks operates behind closed doors. AssangeLeaks is not for or against Julian Assange or WikiLeaks, and is only interested in the evidence.

👀 👉🏼 https://assangeleaks.org/

#DDoSecrets #leak #Assange #FreeAssange
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Report: No-Log VPNs Exposed Users’ Logs and Personal Details for All to See

A group of free VPN (virtual private network) apps left their server completely open and accessible, exposing private user data for anyone to see. This lack of basic security measures in an essential part of a cybersecurity product is not just shocking. It also shows a total disregard for standard VPN practices that put their users at risk.

The vpnMentor research team, led by Noam Rotem, uncovered the server and found Personally Identifiable Information (PII) data for potentially over 20 million VPN users, according to claims of user numbers made by the VPNs.

Each of these VPNs claims that their services are “no-log” VPNs, which means that they don’t record any user activity on their respective apps. However, we found multiple instances of internet activity logs on their shared server. This was in addition to the PII data, which included email addresses, clear text passwords, IP addresses, home addresses, phone models, device ID, and other technical details.

The VPNs affected are UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN – all of which appear to be connected by a common app developer and white-labeled for other companies.

👀 👉🏼 https://www.vpnmentor.com/blog/report-free-vpns-leak/

#vpn #breach #leak #cybersecurity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

OnePlus accidentally leaks emails of hundreds of customers in an research email.

👀 👉🏼 https://twitter.com/itsRith/status/1286399727572000769

#oneplus #leak
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Malaysian Navy Documents Uploaded on the Dark Web by Hackers

Documents belonging to the Royal Malaysian Navy have been breached and posted on the dark web although the Malaysian military has dismissed the data as obsolete

When we speak about the numerous cyberattacks that have been orchestrated in brazen campaigns of late, one thing stands out – threat actors breach an organization’s system to access critical files through a loophole, which then exposes the entire system to the attackers.

Although recent times have seen the hacking of victims such as Garmin who ended up parting with millions of dollars for ransom, it appears that threat actors have not restricted their sights to private sector entities – the Royal Malaysian Navy is the latest victim.

Media reports have intimated that about 70 documents belonging to Malaysian Navy were accessed by unknown hackers who uploaded them to a darknet platform.

According to Singapore’s English-language daily newspaper The Straits Times, it turns out that the affected documents were sourced from different threat actors who breached the communication channels belonging to the Malaysian military – including personnel email accounts.

While the newspaper reported the uncertainty to whether the hackers intended to sell the uploaded documents, it was revealed that the affected information touched on details concerning the strength of the Malaysian Navy.

👀 👉🏼
https://www.freemalaysiatoday.com/category/nation/2020/08/17/navy-documents-leaked-on-dark-web-claims-report/

👀 👉🏼 (Tor-Browser)
http://tapeucwutvne7l5o.onion/malaysian-navy-documents-uploaded-on-the-dark-web-by-hackers

#malaysia #navy #hackers #leak #darkweb
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The Internet’s Biggest Webmaster Forum Had a Data Breach

Another day and another big data leak. On July 1st the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained records of the internet’s largest webmaster portal. Upon further research it appeared that Digital Point had leaked the data of 863,412 users.

Digital Point claims to be the world’s biggest webmaster forum and marketplace for web related services. The forum lets people buy and sell websites, SEO, and a wide range of services. The site caters to those individuals who maintain or create websites either for themselves or customers.

👀 👉🏼 Data Breach Summary:
https://www.websiteplanet.com/blog/digitalpoint-leak-report/

#digitalpoint #leak #report
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Major German shopping site leaks customer data

A publicly-listed multinational retailer with millions of dollars in annual revenues was discovered to be operating a completely unsecured server, thereby publicly exposing private data belonging to around 700,000 of its customers.

Our Security team, led by Anurag Sen, discovered a vulnerable and unsecured server containing more than 6 terabytes of data operated by German company windeln.de.

Our team detected the breach on 13 June 2020 and estimates that the server vulnerability was exposed on the Internet on 11 June 2020.

The ElasticSearch server and its vulnerability were discovered during a routine check of IP addresses on particular ports. Our team found that the server was completely unsecured and publicly exposed without a password – meaning that anyone in possession of the server’s IP address could access the entire database.

We tried to reach out to Windeln.de, but nobody ever got back to us. We then contacted the German CERT, so they could inform the company about the data leak. A few days later, the server got secured.

👀 👉🏼 https://www.safetydetectives.com/blog/windeln-leak-report/

#windeln #germany #vulnerability #leak #data #dataleak #customers
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Bitwarden leaks passwords to other subdomains

Today I was on a domain that should only be available via BasicAuth. Then I was really scared when I did not have to login. Even in incognito mode the page was visible without login. Is my BasicAuth broken? Turns out: No, but @Bitwarden has automatically logged in for me.

👀 👉🏼 https://nitter.net/RitzmannMarkus/status/1307614248835731456

#bitwarden #leak #password #subdomains
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag