Massive email-targeted incidents only now being resolved

26.06.2020

Back to news

About 1.3 million user records were breached onto the dark web for sale – that is how many gamers spending time on the free-to-start Stalker Online MMO were affected.

Nearly 136,000 of all these records were taken from Stalker Online forums. The breached data included PII among which there were emails, usernames, passwords, phones and IP addresses.

The data kept being online for at least a few weeks as the game representatives didn’t respond to the researchers attempt to contact them. The violators who extracted the data posted the following message:

“The security of this web server has been compromised and all of your files and userdata are now in our possession,” the message reads. “Contact us on [redacted] for assistance in securing your web server. If not reach within 24 hours – data gathered will be posted for all to download.”

Cyble, cyber security company, reported about the data breach which compromised employees’ personal information. Records of Indiabulls Group’s staff members was put up for sale on the dark web.

Clop ransomware scammers threatened with publishing the data in case the payment isn’t made within one day. Eventually the information got drained exposing Aadhar cards, phone numbers, Pan cards, passport data, driving license details and addresses. The first leaked data bulk was up to 4.75GB, and the attackers threatened to upload the second one within 24 hours.

How do leaks get noticed? Another example.

Choice Health Management Services in North Carolina detected unusual activity regarding employee email accounts half a year ago. The company which provides IT, payroll, compliance support, etc. decided to hire a third-party investigation firm to dig into the incident. At the beginning of this year, the Services managed to discover the unauthorised access but couldn’t reveal the exact emails or attachments impacted. The long investigation process was to show whether any confidential details were misused, and the in-depth review would scan each account which was compromised. A few months later some health data was identified among those affected details. All the internal records stored by Choice Health Management Services became subject to a major examination so that the company could contact the facilities where the patients were provided with therapy. Only in May the company could identify the individuals which made notification of patients possible.

There are solutions which simplify the investigation process within a company, it can take you a few hours and all the archived data gets pulled for analysis with the help of the exploratory risk mitigating software.


Read more about the Risk Monitor solution


An attack on the AMT healthcare email network breached customer details. About 50,000 patients were affected.

The suspicious events impacting employee email accounts were detected in December last year. The third-party forensic firm was involved in this case as well. The investigation was completed, again, only in May and confirmed the organisation’s exposure to the attackers.

The leaked data contained names, diagnosis details, Social Security and medical record numbers, health insurance policy, medical history data, HIPAA account information, driver’s licenses.