A database of 34 million user account records that were stolen from seventeen companies in 2020 is now for sale on a forum, Bleeping Computer reports. The dump has generated interest from multiple users who approached the seller on Russian messaging platform Telegram. The seller insists he is not responsible for the data breaches, and only operates as a middleman.
“Selling Exclusive private databases. These databases are fresh and have never been sold before. Limited sales,” the seller writes on the forum.
In this latest announcement, for instance, the two largest breaches compromised the data of 8 million users of a Brazilian educational platform and 1 million records leaked from an online grocery and delivery service in Singapore.
The compromised records include:
- Emails, usernames and passwords;
- Full names, phone numbers, postal addresses, postal codes;
- Hashed passwords;
- Credit card information;
- Gender, date of birth, mother’s maiden name;
- Revenue, bank and tax numbers;
- Facebook IDs & tokens;
- Brazilian CPF numbers.
Data leaks are among top digital risks enterprises face in 2020. The seller claims the companies suffered data breaches throughout 2020, but they never reported them. This may not be true, however, as the parent company of the online grocery and delivery service detected the breach during proactive monitoring, and immediately notified customers that their data had been compromised. A price was not publicly revealed on the forum, yet Bleeping Computer claims the grocery store dump is priced at USD $1,500, following a conversation with the seller.
Proactive monitoring could help detect leaks, but not all companies have the financial resources or manpower to focus on this activity.
Data safety threatened by remote work
Since the coronavirus jumped into the picture and business has moved online, data breaches have become more frequent. They “increased 273% in the first quarter,” according to a new study. Companies now have to adjust to their employees working from home, with many potentially misusing cloud services. When employees are accessing company resources from remote locations, it is more difficult for security teams to evaluate their actions or software used, which may lead to a security breach and data compromise.
Some businesses might spend money on infrastructure security, but data integrity and confidentiality are the latest challenge they need to tackle. A data breach is not always an incident to be afraid of, but leaving it unreported could make clients and partners vulnerable to fraud and illicit activities. Companies that do not report data breaches fear regulatory repercussions and negative media attention. They hope to mitigate and contain the incident in-house, but what they fail to realize is that unreported data breaches could easily enable other attacks.
Confidential and sensitive information leaks can go undetected for months. “The average time to identify and contain a breach is 280 days,” according to Ponemon Institute’s 2020 Cost of a Data Breach Study, sponsored by IBM. Costs vary by industry and geography, yet one thing is certain: they are expensive, nearing a cost of USD 3.86 million per breach. What’s worse is that some companies might not even be aware they suffered a data breach until it’s too late. By the time they detect it, the data will have been available for sale and probably already compromised.
Detect data leaks before they go public
How can you rise to the challenge of protecting your data from compromise? Digital risk protection (DRP) solutions could be the latest addition to your cybersecurity strategy. The companies involved in the data dump were caught off guard when Bleeping Computer came knocking, and only two, at the time of writing, are investigating the data breach. Digital risk protection performs proactive monitoring of the deep, dark, and clear web to inform you about hackers trying to sell your data. Upgrading your digital footprint monitoring could optimize your security hygiene and help prevent negative media attention.
