breachwatch-march-2020_03_12

Acquisition Date: 2020-03-11T00:00:00Z

Site: AzorUlt Botnet

Description: AzorUlt is a lesser known credential stealing botnet, also known as crimeware. This malware steals data from infected computers via web browsers and protected storage. Once infected, the computer sends the stolen data to a bot command and control (C&C) server, where the data is stored. Any credentials from this source can be assumed to already be in the hands of threat actors, and should be changed immediately.

Passwords: 532707

Acquisition Date: 2020-03-11T00:00:00Z

Site: Vidar Stealer

Description: Vidar Stealer is a Windows-targeted stealer designed to grab form data such as IP addresses, browsing history, saved passwords, cryptocurrency, private messages and/or screenshots from affected users. Operators of Vidar can set messages for when jobs are completed. Vidar is typically delivered via the Fallout exploit kit. The stealer can be purchased easily for only $700.00 USD.

Passwords: 12659

Acquisition Date: 2019-11-15T00:00:00Z

Site: Iran UFC

Description: In November 2019, a criminal went on a hacking spree against websites running vBulletin, a popular platform for powering online forums and communities. They exploited a bug disclosed in September 2019, affecting default 5.x versions of vBulletin (CVE-2019-16759), allowing unauthenticated attackers to take control of web hosts. Allegedly iranufc.com was targeted by the criminal, leading to a breach of their forum. The stolen data contains usernames, passwords and additional personal information and is being privately shared on the internet.

Passwords: 8240

Acquisition Date: 2020-03-11T00:00:00Z

Site: Raccoon Stealer

Description: Raccoon is a type of malware (or stealer) affecting Windows users. The Stealer has risen in popularity among cyber criminals as a means to procure credit card information, passwords, and cryptocurrency. The tool was first detected in April 2019. The payload is generally to victims via exploit kits, phishing and compromised software downloads.

Passwords: 115168

Acquisition Date: 2019-11-15T00:00:00Z

Site: Mjakmama

Description: In November 2019, a criminal went on a hacking spree against websites running vBulletin, a popular platform for powering online forums and communities. They exploited a bug disclosed in September 2019, affecting default 5.x versions of vBulletin (CVE-2019-16759), allowing unauthenticated attackers to take control of web hosts. Allegedly mjakmama24.pl was targeted by the criminal, leading to a breach of their forum. The stolen data contains usernames, passwords and additional personal information and is being privately shared on the internet.

Passwords: 54647

Acquisition Date: 2020-01-17T00:00:00Z

Site: Sensitive Source

Description: This source has been marked as sensitive due to one of the following reasons:Revealing the source may compromise an on-going investigationThe affected site is of a controversial nature but does not validate email addresses and could therefore be used to tarnish an employee's reputation

Passwords: 0

Acquisition Date: 2020-01-17T00:00:00Z

Site: Sensitive Source

Description: This source has been marked as sensitive due to one of the following reasons:Revealing the source may compromise an on-going investigationThe affected site is of a controversial nature but does not validate email addresses and could therefore be used to tarnish an employee's reputation

Passwords: 0

Acquisition Date: 2020-01-23T00:00:00Z

Site: Combo List

Description: This combolist was compiled from a variety of private and public breaches and contains a mix of email addresses from a number of countries. Threat actors are actively using this list to gain access to sites using credential stuffing tools. This combolist is being shared privately online.

Passwords: 0

Acquisition Date: 2019-11-15T00:00:00Z

Site: Borders Down

Description: In November 2019, a criminal went on a hacking spree against websites running vBulletin, a popular platform for powering online forums and communities. They exploited a bug disclosed in September 2019, affecting default 5.x versions of vBulletin (CVE-2019-16759), allowing unauthenticated attackers to take control of web hosts. Allegedly bordersdown.com was targeted by the criminal, leading to a breach of their forum. The stolen data contains usernames, passwords and additional personal information and is being privately shared on the internet.

Passwords: 12332

Acquisition Date: 2019-11-15T00:00:00Z

Site: Jamplay Talk

Description: In November 2019, a criminal went on a hacking spree against websites running vBulletin, a popular platform for powering online forums and communities. They exploited a bug disclosed in September 2019, affecting default 5.x versions of vBulletin (CVE-2019-16759), allowing unauthenticated attackers to take control of web hosts. Allegedly jamplaytalk.com was targeted by the criminal, leading to a breach of their forum. The stolen data contains usernames, passwords and additional personal information and is being privately shared on the internet.

Passwords: 336188

Acquisition Date: 2020-01-17T00:00:00Z

Site: Tunngle

Description: At an unconfirmed date, the virtual gaming network Tunngle was allegedly breached. The stolen data contains passwords and email addresses. This breach is being privately shared on the internet.

Passwords: 4874796

Acquisition Date: 2019-11-15T00:00:00Z

Site: Anime Indir

Description: In November 2019, a criminal went on a hacking spree against websites running vBulletin, a popular platform for powering online forums and communities. They exploited a bug disclosed in September 2019, affecting default 5.x versions of vBulletin (CVE-2019-16759), allowing unauthenticated attackers to take control of web hosts. Allegedly animeindir.com was targeted by the criminal, leading to a breach of their forum. The stolen data contains usernames, passwords and additional personal information and is being privately shared on the internet.

Passwords: 6617

Acquisition Date: 2020-02-28T00:00:00Z

Site: Nexon Europe Forums

Description: At an unconfirmed date, the online gaming forum Nexon Europe Forums was allegedly breached. The stolen data contains usernames, IPs, passwords, salts, and email addresses. This breach is being privately shared on the internet.

Passwords: 1072301

Acquisition Date: 2020-03-11T00:00:00Z

Site: AzorUlt Botnet

Description: AzorUlt is a lesser known credential stealing botnet, also known as crimeware. This malware steals data from infected computers via web browsers and protected storage. Once infected, the computer sends the stolen data to a bot command and control (C&C) server, where the data is stored. Any credentials from this source can be assumed to already be in the hands of threat actors, and should be changed immediately.

Passwords: 583816

Acquisition Date: 2020-02-29T00:00:00Z

Site: Leadhunter

Description: In January 2020, a security researcher discovered a non-password-protected Elasticsearch database with data belonging to Leadhunter. The exposed data contained 110,378,874 records exposing full names, email addresses, genders, IP addresses, and phone numbers of various telemarketing leads.

Passwords: 0

Acquisition Date: 2019-11-15T00:00:00Z

Site: Mobil Depo

Description: In November 2019, a criminal went on a hacking spree against websites running vBulletin, a popular platform for powering online forums and communities. They exploited a bug disclosed in September 2019, affecting default 5.x versions of vBulletin (CVE-2019-16759), allowing unauthenticated attackers to take control of web hosts. Allegedly mobildepo.com was targeted by the criminal, leading to a breach of their forum. The stolen data contains usernames, passwords and additional personal information and is being privately shared on the internet.

Passwords: 633986

Acquisition Date: 2020-03-11T00:00:00Z

Site: Predator Stealer

Description: Predator (also known as Predator the Thief) is a type of malware (or stealer) affecting Windows users. The Stealer has risen in popularity among cyber criminals as a means to procure credit card information, passwords, and cryptocurrency. The payload is generally to victims via exploit kits, phishing and compromised software downloads.

Passwords: 12357

Acquisition Date: 2020-01-17T00:00:00Z

Site: Sensitive Source

Description: This source has been marked as sensitive due to one of the following reasons:Revealing the source may compromise an on-going investigationThe affected site is of a controversial nature but does not validate email addresses and could therefore be used to tarnish an employee's reputation

Passwords: 0

Acquisition Date: 2019-11-15T00:00:00Z

Site: Animesue

Description: In November 2019, a criminal went on a hacking spree against websites running vBulletin, a popular platform for powering online forums and communities. They exploited a bug disclosed in September 2019, affecting default 5.x versions of vBulletin (CVE-2019-16759), allowing unauthenticated attackers to take control of web hosts. Allegedly animesue.com was targeted by the criminal, leading to a breach of their forum. The stolen data contains usernames, passwords and additional personal information and is being privately shared on the internet.

Passwords: 5865

Acquisition Date: 2019-11-15T00:00:00Z

Site: Cieszyn Silesia Portal

Description: In November 2019, a criminal went on a hacking spree against websites running vBulletin, a popular platform for powering online forums and communities. They exploited a bug disclosed in September 2019, affecting default 5.x versions of vBulletin (CVE-2019-16759), allowing unauthenticated attackers to take control of web hosts. Allegedly forum.ox.pl was targeted by the criminal, leading to a breach of their forum. The stolen data contains usernames, passwords and additional personal information and is being privately shared on the internet.

Passwords: 84136

Acquisition Date: 2019-11-15T00:00:00Z

Site: Reason Forum

Description: In November 2019, a criminal went on a hacking spree against websites running vBulletin, a popular platform for powering online forums and communities. They exploited a bug disclosed in September 2019, affecting default 5.x versions of vBulletin (CVE-2019-16759), allowing unauthenticated attackers to take control of web hosts. Allegedly reasonforum.com was targeted by the criminal, leading to a breach of their forum. The stolen data contains usernames, passwords and additional personal information and is being privately shared on the internet.

Passwords: 6654

Acquisition Date: 2019-11-15T00:00:00Z

Site: Benchmark

Description: In November 2019, a criminal went on a hacking spree against websites running vBulletin, a popular platform for powering online forums and communities. They exploited a bug disclosed in September 2019, affecting default 5.x versions of vBulletin (CVE-2019-16759), allowing unauthenticated attackers to take control of web hosts. Allegedly benchmark.rs was targeted by the criminal, leading to a breach of their forum. The stolen data contains usernames, passwords and additional personal information and is being privately shared on the internet.

Passwords: 93129

Acquisition Date: 2019-11-15T00:00:00Z

Site: Inciforum

Description: In November 2019, a criminal went on a hacking spree against websites running vBulletin, a popular platform for powering online forums and communities. They exploited a bug disclosed in September 2019, affecting default 5.x versions of vBulletin (CVE-2019-16759), allowing unauthenticated attackers to take control of web hosts. Allegedly inciforum.com was targeted by the criminal, leading to a breach of their forum. The stolen data contains usernames, passwords and additional personal information and is being privately shared on the internet.

Passwords: 277

Acquisition Date: 2020-03-02T00:00:00Z

Site: Dragon Ball Z Online

Description: In February 2020, the online game Dragon Ball Z Online was allegedly breached. The stolen data contains passwords, salts, email addresses and additional personal information. This breach is being privately shared on the internet.

Passwords: 1430851