Sensational user data leaks for January - April 2019

In 2018, 2263 public cases of confidential information leakage were registered in the world. Personal data and payment information were compromised in 86% of incidents - this is about 7.3 billion user data records. The Japanese cryptocurrency exchange Coincheck as a result of compromising the online wallets of its customers lost $ 534 million. This was the greatest damage claimed.

What will be the statistics for 2019 is still unknown. But there are already quite a few sensational “sinks”, and this is sad. We decided to review the most discussed leaks since the beginning of the year. "Whether there will be more," as they say.

January 18: Collection databases

On January 18, the media began to receive messages about a 773 million database found in open accessmailboxes with passwords (including users from Russia). The database was a collection of leaked databases from about two thousand different sites accumulated over several years. For which he received the name Collection # 1. In terms of size, it turned out to be the second database of hacked addresses in history (the first was considered an archive with 1 billion users of Yahoo !, which appeared in 2013).

It soon became clear that Collection # 1 was just part of the data set that fell into the hands of hackers. Information security experts also found other “Collections” numbered from 2 to 5, and their total volume was 845 GB. Almost all information in the databases is relevant, although some logins and passwords are outdated.

Information security expert Brian Krebs contacted a hacker selling archives and found out that Collection # 1 had been around for two or three years. According to the hacker, “on sale” he has more recent databases of more than four terabytes.

February 11: leak of user data from 16 major sites

On February 11, The Register reported that 620 million users of large Internet services are selling data on the Dream Market trading platform:

• Dubsmash (162 million)
• MyFitnessPal (151 million)
• MyHeritage (92 million)
• ShareThis (41 million)
• HauteLook (28 million)
• Animoto (25 million)
• EyeEm (22 million)
• 8fit (20 million)
• Whitepages (18 million)
• Fotolog (16 million)
• 500px (15 million)
• Armor Games (11 million)
• BookMate (8 million)
• CoffeeMeetsBagel (6 million)
• Artsy (1 million)
• DataCamp (700,000)

For the entire database, attackers requested about $ 20 thousand, it was also possible to buy an archive of the data for each site separately.

All sites were hacked at different times. For example, the 500px photo portal reported that the leak occurred on July 5, 2018, but it became known of it only after the appearance of the data archive.

Databases contain email addresses, usernames, and passwords. True, there is one joyful fact: passwords are mostly encrypted one way or another. That is, to use them, you will first have to puzzle over data decryption. Although, if the password is simple, then it is quite possible to pick it up.

February 25: unprotected MongoDB database;

February 25, security specialist Bob Dyachenko discoveredthe network is an insecure 150 GB MongoDB database containing over 800 million personal data records. The archive contained email addresses, last names, information about the field and date of birth, phone numbers, postal codes and addresses, IP addresses.

The problematic database was owned by Verifications IO LLC, an email marketing company. One of her services was checking corporate email. As soon as information about the problematic database appeared in the media, the company's website and the database itself became inaccessible. Later, representatives of Verifications IO LLC said that the database did not contain the company's customer data and was replenished from open sources.

March 10: Facebook user data leak through FQuiz and Supertest apps

On March 10, The Verge published a messagethat Facebook sued two Ukrainian developers, Gleb Sluchevsky and Andrey Gorbachev. They were charged with the theft of personal data of users.

Developers created test applications. These programs installed extensions in the browser that collected user data. For 2017-2018, four applications, including FQuiz and Supertest, were able to steal data from approximately 63 thousand users. Mostly affected were users from Russia and Ukraine.

March 21: Hundreds of millions of Facebook passwords unencrypted

March 21 journalist Brian Krebs said on his blogFacebook has been storing millions of passwords unencrypted for a long time. About 20 thousand employees of the company could view passwords from 200 to 600 million Facebook users, since they were stored in plain text format. Some Instagram passwords also fell into this insecure database. Soon, the social network itself officially confirmed the information.

Pedro Canahuati, Facebook’s vice president of design, security and privacy, said that the problem with storing passwords in an unencrypted form has been fixed. In general, Facebook login systems are designed to make passwords unreadable. The company did not find evidence that unauthorized access to unencrypted passwords was obtained.

March 21: Toyota customer data leak

At the end of March, Japanese automaker Toyota announced that hackers managed to steal personal data from up to 3.1 million customers of the company. Hacking systems of trading divisions and five subsidiaries of Toyota occurred on March 21.

The company did not disclose exactly what personal data of the customers was stolen. However, she stated that the attackers did not get access to information about bank cards.

March 21: publication of patient data of the Lipetsk region on the UIS website

On March 21, activists of the Patient Control public movement reported that personal information about patients was provided in the information published by the Health Department of the Lipetsk region on the UIS website.

Several auctions for the provision of emergency medical services were posted on the government procurement website: patients had to be transferred to other institutions outside the region. The descriptions contained information about the name of the patient, his home address, diagnosis, ICD code, profile, and so on. Incredibly, in the open form, patient data were published at least eight times over the last year alone (!).

The head of the Lipetsk Region Health Department, Yuri Shurshukov, said that an internal investigation had begun and that patients whose data were published would be apologized. The prosecutor's office of the Lipetsk region also began checking the incident.

April 4: data leakage of 540 million Facebook users

UpGuard, an information security company, saidover 540 million Facebook users entering publicly available data.

Records of members of the social network with comments, likes, account names were found on the Mexican digital platform Cultura Colectiva. And in the already defunct At the Pool application, names, passwords, email addresses and other data were available.

April 10: data from ambulance patients from the Moscow Region leaked to the network

At the ambulance stations (SSMP) of the Moscow Region , a data leak was allegedly occurred . Law enforcement agencies have begun a preliminary investigation into the incident reports.

A file with a size of 17.8 GB was found on one of the file hosting sites, containing information about calls by the ambulance in the Moscow region. The document contained the name of the ambulance, a contact phone, the address where the team was called, the date and time of the call, and even the condition of the patient. The data of residents of Mytishchi, Dmitrov, Dolgoprudny, Korolev and Balashikha turned out to be compromised. It is assumed that the base was laid out by activists of the Ukrainian hacker group.

April 12: Central Bank blacklist
Data of bank customers from the Central Bank blacklist of refuseniks under the law on combating money laundering were found on the InternetApril 12th. It was about the information of about 120 thousand customers who were denied service in accordance with the law on combating money laundering and the financing of terrorism (115-ФЗ).

Most of the base is made up of individuals and individual entrepreneurs, the rest are legal entities. About individuals, the database contains information about their name, date of birth, series and passport number. About IP - Name and TIN, about companies - name, TIN, PSRN. In one of the banks, unofficially admitted to reporters that the list is real customers-refuseniks. The base covers “refuseniks” from June 26, 2017 to December 6, 2017.

April 15: personal data of thousands of US police and FBI officers published

The cybercriminal group managed to hack several sites related to the US Federal Bureau of Investigation. And posted on the Internet dozens of files with personal information of thousands of police officers and federal agents.

Using publicly available exploits, attackers managed to gain access to the network resources of the association associated with the FBI Academy in Quantico (Virginia). This was written by TechCrunch.
The stolen archive contained the names of law enforcement officials and US federal services, their addresses, phone numbers, information about their email and positions. A total of about 4000 different entries.

April 25: Docker Hub user data leak

Cybercriminals gained access to the database of the world's largest library of images for Docker Hub containers, as a result of which the data of about 190 thousand users were compromised. The database contained usernames, password hashes, and tokens for the GitHub and Bitbucket repositories used for Docker automated builds.

The Docker Hub administration told users about the incident late in the evening on Friday, April 26th. According to official information, unauthorized access to the database became known on April 25. Investigation of the incident has not yet been completed.

You can also recall the story with Doc +, which was recently covered on Habré, an unpleasant situationwith payments by citizens to the traffic police and the Federal Social Security Service and other leaks that are described by ashotog .

As a conclusion, the

insecurity of the data stored by government agencies, in social networks and on large sites, as well as the extent of theft, are terrifying. It is also sad that leaks have become familiar. Many people whose personal data have been compromised do not even know about it. And if they know, they will not do anything to protect themselves.