Posts

Data Breach Notice: OGUsers – 161,143 breached accounts

In May 2019, the account hijacking and SIM swapping forum OGusers suffered a data breach. The breach exposed a database backup from December 2018 which was published on a rival hacking forum. There were 161k unique email addresses spread across 113k forum users and other tables in the database. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes. Stay safe out there!

Latest Threat Intelligence Summary (June 2019)

Web Attacks - Web attacks increased by 2 percent in May, marking the third consecutive month to see an increase. - The most common user names used in attacks included "admin", "root", and "default", while "123456", [BLANK], and "admin" were the top three passwords. - Like jacking topped the list of social media scam types, followed by like count scams.   Email - The email malware rate decreased in May to 1 in 602 emails. - At 1 in 257 emails, Mining topped the list of...

Data Breach Notice: Illawarra drivers licenses details

Illawarra drivers may have had their private details leaked to the media as part of a "political smear campaign", according to Wollongong MP Paul Scully. At the last election, a file containing names, addresses, ages and driving history - including those of then Labor leader Michael Daley - was leaked to the media by the office of Customer Service Minister Victor Dominello. The leak occurred after Revenue NSW advised Mr Dominello's office the file was a privacy breach and it must...

Data Breach Notice: Ordine Avvocati di Roma – 41,960 breached accounts

In May 2019, the Lawyers Order of Rome suffered a data breach by a group claiming to be Anonymous Italy. Data on tens of thousands of Roman lawyers was taken from the breached system and redistributed online. The data included contact information, email addresses and email messages themselves encompassing tens of thousands of unique email addresses. A total of 42k unique addresses appeared in the breach. Stay safe out there!

Data Breach Notice: Appartoo – 49,681 breached accounts

In March 2017, the French Flatsharing site known as Appartoo suffered a data breach. The incident exposed an extensive amount of personal information on almost 50k members including email addresses, genders, ages, private messages sent between users of the service and passwords stored as SHA-256 hashes. Appartoo advised that all subscribers were notified of the incident in early 2017. Stay safe out there!

Data Breach Notice: Club Penguin Rewritten – 1,688,176 breached accounts

In January 2018, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game). The incident exposed almost 1.7 million unique email addresses alongside IP addresses, usernames and passwords stored as bcrypt hashes. When contacted, CPRewritten advised they were aware of the breach and had "contacted affected users". Stay safe out there!