Security News

Since 2019, ransomware gangs have leaked the stolen data for 2,103 companies on dark web data leaks sites. A dark web security researcher known as DarkTracer has been keeping track of the data leak sites for thirty-four ransomware gangs and told BleepingComputer that they have now leaked the data for 2,103 organizations.

There are methods of checking whether passwords are on the dark web and consequently at risk of being used in credential stuffing; but this generally requires giving the user details to another company. A new service from HackNotice solves this problem: Dark Hash Collisions.

A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what's one of the largest data dumps of breached usernames and passwords. The leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the U.K, Australia, Brazil, and Canada.

Just ahead of Sunday's Oscars, the firm analyzed more than 800 million breached passwords out of a list of 2 billion and is revealing the top 20 movies exposed via breaches. "While we present this breached password list in good humor, what shouldn't be taken lightly is the negative impact that weak and compromised passwords can have on an organization's cybersecurity risk," the firm said.

Facebook wants you to believe that the scraping of 533 million people's personal data from its platform, and the dumping of that data online by nefarious people, is something to be "Normalised." A blundering Facebook public relations operative managed to send a journalist a copy an internal document detailing the antisocial network's strategy for containing the leaking of 533 million accounts - and what the memo contained was infuriating though unsurprising.

The hacking spree targeting underground marketplaces has claimed another victim as a database from card shop Swarmshop emerged on another forum. By the looks of it, the leak contains the records of the entire Swarmshop community along with all the stolen card data traded on the forum.

Facebook users can now use the Have I Been Pwned data breach notification site to check if their phone number was exposed in the social site's recent data leak. This leak's main component is a Facebook user's phone number, rather than an email address, and thus Have I Been Pwned could not accurately alert a user if they were exposed in the breach.

In what's likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free-which was harvested by hackers in 2019 using a Facebook vulnerability. The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital status broken, account creation date, and other profile details broken down by country, with over 32 million records belonging to users in the U.S., 11 million users the U.K., and six million users in India, among others.

After a shared Google Drive was posted online containing the private videos and images from hundreds of OnlyFans accounts, a researcher has created a tool allowing content creators to check if they are part of the leak. While OnlyFans is promoted as a way for celebrities and social influencers to share their content, it is also heavily used to share adult-themed content with fans who pay to access it.

The publicly released Facebook user data is believed to be part of a 2019 "Add Friend" Facebook security bug exploited by hackers at the time. The types of data include Facebook user mobile phone numbers, their Facebook ID, name and gender information.