As we all see, data breaches are, unfortunately, still with us and it’s unlikely that they’re going away any time soon. Judging from what we can see from the past – namely 2020 and 2021 – hackers were less interested in breaching sites and taking or leaking data just to annoy people and instead, they focused on something that would either:
- Be of value to those people that they dump the data to (in other words, data breaches were chosen relative to the hacker forum the hacker is in, according to their “taste”, so to say.)
- Remind people that “hey, these sites existed – we handn’t forgot about them.” We’re talking about Doxbin here – for those who don’t know it yet, Doxbin was a site which essentially disclosed personal information related to people which were targeted by hackers of various skill sets. The breach apparently happened in January 2022 and was eventually leaked online, though it’s hard to find at present.
- Cause at least a bit of financial gain for themselves – of course, there were incidents like the so-called “XSS.is Data Breach Compilation” compilation of data breaches where hackers just took records from hundreds of different data breaches, combined them, then removed duplicates, leaked it, and called it a day, but the other part of the data breaches on this spectrum focused on forums that dealt with carding (in December 2021, the Carding Mafia forum got breached), crypto-related stuff (in November 2021, BTC-alpha, a crypto exchange platform, suffered a ransomware-related data breach), and even brokerage platforms (in April 2021, Upstox, an Indian brokerage platform, suffered a data breach)
From what we can see, the forums that the data is dumped on include software-related forums which have a “leak” category, but at first glance no one would actually be able to see that the forums are leak-related. As far as some forums are related, we would need to register on those to get further information about data leaks, and once we are able to observe which site has gotten its data leaked on that forum, we wouldn’t be able to access it very easily either – most of the data dumped in this way is protected either by a plugin (most of such forums use some forum software, think MyBB and the like), or by other custom-built solutions that unlock the content only after it’s commented on. Obviously, as you might imagine, such threads are frequent targets of a bunch of spam which is frequently deleted by admins (such users get banned immediately in most cases), and those forums have implemented systems in which you have to be an active member of the forum for a while (6 months or so) or have a couple of high-quality posts (posts liked by other forum members) to unlock the content, thus overcoming the spam issue.
Regardless, the most frequent medium that data is leaked on remains to be online forums – some online forums are more so-to-say “well known” in this space, others aren’t. From what we saw so far in regards to both 2020 and 2021, we can make predictions that in 2022, such categories will be of the most interest to attackers:
- Forums – we know that it’s a really wide category, but from what we saw in the years prior, hackers should be targeting forums more frequently. Those forums include bigger forums with around more than 250,000 users and forums which deal with software in a supporting capacity (think services which provide products to customers and have a forum in which people can voice their concerns in, etc.)
- Crypto – this is another interesting one to look out for for this year. Since we’re in an unfortunate war situation in the European continent, some people turn to crypto coins and instead of stashing up on cash, they stash up on crypto valuables and as a result, they search for forums that would include people that are interested in the same subject as they are.
- Platforms – from what we saw in 2021, platforms supporting some kind of services that people buy access to (think Airbnb-like hotel booking) were also frequent targets of hackers, so this is something we will definitely be keeping a very watchful eye on.
- Social media-related data breaches – remember the old breach into LinkedIn? What about MySpace? tumblr? From what we can see (Wattpad was breached a while ago too, unfortunately), hackers that are interested in troves of data to use for their future identity theft pursuits usually turn to breaching bigger websites that are likely to have email addresses and passwords in their databases. Those email addresses and passwords are then either used to create some kind of data breach compilations (we already told you about the XSS.is one) or as an “assistance tool” for future identity theft attacks.
As far as those categories are related, we would like to direct your attention to the last category in particular – knowing that more people are working remotely, hackers, unfortunately, exploit that aspect for personal gain as well.
Identity Theft and Social Media
Of course, identity theft and social media platforms aren’t anything new per se, but with large social media-related sites being breached also comes the risk of credential stuffing attacks where attackers use lists of already compromised sets of credentials to breach another system. Some of those people, of course, use forums talked about above, and there they can be seen selling software solutions that automate credential stuffing attacks for other people. There was at least one such incident in the past where a presumably Russian developer developed a tool that was aimed to “help people out” (in terms of attacking) when people have gotten information about the “AntiPublic” leak.
Thankfully, protecting from such things is rather easy, really – we just need to enable two-factor authentification and we will be good to go! Some of the bigger social media platforms (Twitter, Facebook) even let us know when our account is accessed from a different location leaving no clues for the attacker (i.e. the message comes through hours, sometimes days, after the attacker was logged in), so if you haven’t enabled that functionality in your account, make sure you do.
Data breaches will continue to happen, and with the unfortunate situation we find ourselves in (coronavirus and a war on the European continent), hackers may be turning their focus on websites that may not come with an immediate financial advantage for them (in terms of selling data), but rather, to use the data in other future operations that most likely are going to be conducted with the aim of gaining further information in terms of data when logged in to a different system or information relevant to a person or when conducting and starting new data breaches that may bring a financial upside in the long run. Essentially, hackers no longer seem to target pretty small forums (with roughly less than 50,000 visitors), but older, more “nostalgic” sets of systems (think of the social media and “doxbin” examples we gave) are certainly a target and, in our opinion, will remain a target for a long time. Thank you for reading this far, and if you haven’t already, run a search through our data breach search engine to ensure that your information hasn’t been leaked on the web yet. Do that while we import a couple of interesting data breaches, and we’ll see you in the next one.