Shane Chambers No Comments

Irishman Arrested for Running Website That Sold Stolen Credentials

A man from Fermanagh has been arrested along with a Dutch national (both aged 22) for their part in running the illicit credential marketplace WeLeakInfo. A joint collaboration between law enforcement in the UK, Northern Ireland, Germany, the US and the Netherlands was kicked off in the summer of 2019, with the site alleged to have over 12 billion credentials for sale, from various nefarious sources.

The domain seizure notice displayed on the website weleakinfo.com after the operation.

The site WeLeakInfo was an online marketplace for email addresses, passwords and other credentials that had been obtained through various data breaches, with users able to search the giant database of over 12 billion records. Subscriptions to the site were available for as little as $2 per day, with longer access periods available.

Credential reselling is a growing market, as many would-be cyber criminals with little technical knowledge prefer to cheaply purchased hacked credentials in bulk online to actually obtaining credentials themselves.

A related trend that we wrote about last month is the rise of ‘combo lists’, where breached credentials are collated into lists that are then resold online, often with a view to crafting convincing and personalised phishing emails to send to the email addresses within.

Another online credentials reselling marketplace, LeakedSource, was taken down in a similar effort by international law enforcement back in 2017, however other sites still remain at large, such as Dehashed, Snusbase & Leak-Lookup.

Due to the increase in combo lists and credential reselling websites, it is becoming more important than ever that users use strong, unique passwords for each website or service that they use – otherwise, they are potentially leaving the door open to hackers.

Shane Chambers No Comments

Personal Data for Billions of Users Exposed Online in Three ‘Combo Lists’ Discovered This Month

It’s a scary time to be an internet user, with three huges troves of user data recently discovered to be exposed online; opening users up to phishing emails, spam and even credential stuffing attacks.

Cyber criminals use ‘credential stuffing’ to gain unauthorised access to websites that were never breached, using previously hacked passwords
Read more
Shane Chambers No Comments

Irish Businesses Hit by Invoice Redirect Scams, Gardaí Warn

Gardaí have reported a sharp increase in the number of invoice redirect and CEO fraud-style attacks on Irish businesses in the last few months. “We are getting a couple of cases every week now”, according to Detective Superintendent Pat Lordan, who said that both small and large companies are being hit for amounts ranging from €10,000 into the millions.

Staff should be very wary of any requests to change payment details from suppliers, and are advised to pick up the phone and speak to someone they know first.
Read more
Shane Chambers No Comments

First Large GDPR-Era Fine Handed Down to British Airways (£183m)

In a move that is likely to shock corporations in Europe and beyond, the Information Commissioner’s Office (ICO) has fined British Airways (BA) just over £183 million, due to a 2018 data breach in which personal data belonging to 500,000 of its’ customers was compromised. The move marks the first large fine handed down to a company since the General Data Protection Regulation (GDPR) took effect in May of last year and, shockingly, was less than 50% of the maximum fine that the ICO could have set for BA.

In 2018, British Airways suffered a breach that exposed credit card info, names, addresses, travel details and login credentials for 500,000 customers
Read more
Shane Chambers No Comments

Three Major Antivirus Companies Breached by Russian Hackers

In the latest major security breach to rock the business world, three major US-based antivirus companies have been hit by Russian hacker group Fxmsp. Fxmsp, who are well known in the cyber security community for previous high-profile breaches, began advertising the spoils of their latest venture on the dark web for upwards of $300,000, while providing strong evidence of their claims.

Fxmsp is known for selling access to large, global corporate networks on the dark web.
Read more