We've rounded up two data leakages in the new report on recent data related incidents. Today we're revealing the details of the incident, involving compromise of 3.4 billion credentials and disclosing, how thousands of wealthy Americans' tax information leaked to the press.
Let's start with a very serious case of personal data exposure: 3.4 billion credentials inadvertently leaked to the public domain. The leak came to light when SecurityDiscovery CEO Bob Diachenko discovered that DarkBeam’s Elasticsearch and Kibana data visualization interface was unprotected. DarkBeam, digital risk protection company, had apparently been collecting information to alert its customers in case of a data breach.
It is assumed that the disclosed data was not limited to DarkBeam's customers. The leaked data included:
- Logins
- Email addresses
- Passwords.
After discovering the unprotected database, Diachenko alerted the company to the problem and the leak was promptly closed. It is unclear at this stage how long the data had been in the public domain.
Regardless of the company's quick response, this combination of revelations put everyone involved at significant risk.
As a result of the second incident, an Internal Revenue Service (IRS) consultant in the US was charged with leaking taxpayer data. The defendant allegedly gave two news organizations’ tax information on thousands of the country's richest people dating back more than 15 years.
Charles Littlejohn, 38, had access to the leaked information while working as a contractor for the consulting firm from 2018 to 2020. At this stage, there is no definitive information on exactly how the intruder managed to get the data out of the workplace.
The incident has caused much consternation, not only because of the nature and scale of the leak, but also because tax records are subject to elaborate safeguards and cases of unauthorized disclosure are rare.
Now Charles Littlejohn faces up to five years in prison.
We have previously reported cases of former employees leaking information to major publications, such as the Tesla employee incident. At that time, information about the company's employees and customers was compromised.
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!