Multiple databases of stolen records are freely exchanged on Dark Web networks, which is nothing new. Stolen data may be utilised in a variety of attacks, such as spear-phishing, random malspam campaigns, and so on. However, a new, alarming data breach pattern is surfacing. Large-scale data sorted by categories such as target country or occupation is available across Dark Web forums. Finding their next victim has never been easier for threat actors. The rest of us, on the other hand, have never been so exposed.

DATA BREACH ON LINKEDIN IN 2021

Date: June 2021

Impact: 700 million users

Another threat actor published millions of LinkedIn user details on a Dark Web site in August 2021, sorted by nation (the original database was leaked in June 2021). Furthermore, during the same month, a third threat actor went a step further by offering to sell stolen LinkedIn information sorted by occupation, including 12.9 million IT employees, 6.7 million HR professionals, and 4.8 million financial executives. A threat actor attempted to sell access to the email accounts of hundreds of C-level executives, including finance directors, in late 2020, in another notable breach of executive accounts. The records included in the data leak included first and last names, business names, designations, email addresses (registered with LinkedIn), country, and LinkedIn profile links. The threat actor also gave lists summarising information about the nations and occupations represented. Further investigation into the threat actor's activities indicated that he was mostly interested in records taken from databases. The threat actor's LinkedIn database was explicitly separated into human resources (HR), information technology (IT), and finance workers, which might imply that these employees are more likely to be targeted by cybercriminals. LinkedIn has issued a statement on the reports, claiming that the information was scraped from the internet and that this is not a data breach. It claimed that no personal information from LinkedIn members had been disclosed.

Preview of leaked data - Source: 9to5mac.com

The data was scraped by a hacker who took use of LinkedIn's API. Because no personal information was stolen, LinkedIn argues that this was not a "data breach," but rather a violation of their terms of service due to banned data scraping.

FACEBOOK DATA BREACH 2019

Date: April 2019

Impact: 533 million users

Two third-party Facebook app datasets were exposed to the public Internet in April 2019, according to the Up Guard Cyber Risk team. One, from Mexico's Cultura Colectiva, is 146 terabytes in size and contains over 533 million entries, including comments, likes, responses, account names, Facebook IDs, and more. A backup from a Facebook-integrated app called "At the Pool" was also discovered on the public internet thanks to an Amazon S3 bucket. Columns for fk user id, fb user, fb friends, fb likes, fb music, fb movies, fb books, fb photos, fb events, fb groups, fb+checkins, fb interests, passwords, and more were included in this database backup. The passwords are probably for the "At the Pool" app rather than the user's Facebook account, however, individuals who repeated the same password across accounts might be in danger.

Example of Facebook data from the disclosed Cultura Colectiva dataset that has been redacted.

TWITTER DATA BREACH 2018

Date: May 2018

Impact: 330 million users

Twitter users were warned in May 2018 of a bug that saved passwords unencrypted in an internal log, making all user credentials exposed to the internal network. Twitter advised its 330 million users to change their passwords, although the firm stated that the flaw had been repaired and that there was no evidence of a breach or abuse, but that the password update was recommended as a precaution. Twitter did not say how many people were affected, but it did say that the number was large and that they had been exposed for several months. Twitter's corporate clients have been notified that their personal information may have been hacked. It was discovered that certain clients' billing information was saved in the browser's cache, which was unknown to the users. The company wrote in an email to impacted users:

"We're very sorry this happened. We recognise and appreciate the trust you place in us, and are committed to earning that trust every day." Non-business Twitter users are not thought to be affected. It's not the first time Twitter's data has been compromised.

ALIBABA'S DATA BREACH

Date: November2019

Impact: 1.1 billion pieces of user data

A data leak at Alibaba's Taobao shopping site exposed over 1.1 billion pieces of consumer information, according to a Chinese court verdict. With more than 710 million monthly users in 2020, Taobao is Alibaba's most popular shopping site in China. Before Alibaba discovered the illegal activities and contacted the authorities, the accused marketing consultant unlawfully obtained customer data using web scraping software from November 2019 to July 2020. The accused marketing consultant illegally obtained user data using web scraping software from November 2019 to July 2020, before Alibaba discovered the illegal behaviour and contacted the authorities. Using crawler software he wrote, a developer working for an affiliate marketer stole consumer data from Alibaba's Chinese retail website, Taobao, over eight months, including usernames and mobile numbers. Even though both were sentenced to three years in prison, it appears that the developer and his firm gathered the data for personal use and did not sell it on the black market.

THE POINT OF THIS EXERCISE:

Unfortunately, we've basically arrived at a position where you must assume that whatever information you provide online will be either stolen or exploited. Privacy standards such as GDPR may have some effect in preventing organisations from exploiting your information, but they are usually useless in preventing information theft by hackers. Companies discovering data breaches, which were usually too late, were responsible for data leak notifications. Most businesses become aware of this after being contacted by a third party, usually security researchers or law enforcement, who has uncovered data that appears to be theirs for sale on the dark web. Organizations must develop a "true security culture" that prioritises the protection of user data. Security education, secure software development lifecycles, system and application hardening, periodic penetration testing to uncover potential vulnerabilities, and, finally, constant monitoring for suspicious activity in conjunction with proactive threat hunting are all critical components.

That’s all

Thank you for taking the time to read my article :) see you soon!