Top Breaches Happened This Month– Learn from them

250 GB data of Brazilian banking users got exposed

Personal details of potential and current clients of various local banking institutions were exposed by a financial service provider.

Security experts reports that the breach happened due to an unprotected server, was left open over the internet. The data belongs to a Brazilian financial services provider.

This security breach was discovered by security researchers of Data Group and approximately 250 GB of sensitive personal information was leaked by this security incident.

Leaked information includes scanned ID, social security cards, address proof documents, service request forms filled out by customers.

Banco Pan is also affected by this security incident.

"After careful analysis of its security systems accompanied by independent consultancy, it has become evident that the server is not owned by Pan and that no intrusion into the bank's infrastructure has been found,” -Banco Pan stated.
Statements adds "[Pan] will take appropriate measures if any misuse of this [personal] data is identified."

Stolen credit cards and debit cards were being sold on Dark Web

Over 23 million credit cards and debit cards were being sold on Dark web in the first half of 2019 as per Underground financial fraud report published on this Thursday by Cybersecurity firm Sixgill.

As per report, most of the stolen credit cards and debit cards belongs to US and UK. Only 316 stolen credit cards belonged from Russia.

Stolen Credit Cards included :

  1. 57 percent of Visa Card
  2. 29 percent of Master Cards
  3. 12 percent of AMEX

Stolen credit cards are available at as little as $5.

Zdnet post reads “You can pick up stolen credit card data for as little as $5. Dumps containing potentially thousands of numbers usable in the creation of clone cards for physical purchases are common, but the most valuable commodities are records also containing CVV numbers -- the three-digit security code found on the back of payment cards. 

Given a CVV code alongside full card numbers and expiry dates, fraudsters would be able to make purchases in person as well as online.”

86 millions of user data exposed due to unprotected database

Nearly 86 million of user data of YouHoldergot exposed due to unprotected database.

The exposed data includes user names, dates of birth, email addresses, addresses, phone numbers, passport numbers, passwords hashed with SHA-256, credit card numbers along with expiration dates, CVV numbers, bank details, and crypto wallet addresses.

Security researchers from vpnMentor, Noam Rotem and Ran Locar discovered this security incident. They notified the YouHolderon July 22, 2019. On July 23, 2019 YouHolder secured the database by disabling public access.

Indian bank exposed millions of records online

Millions of records belonged to the Jana Small Finance Bank exposed online. Jana Small Finance Bank is an India based micro finance bank, headquarter located at Bengaluru.

According to the researchers, due to a an unprotected Elastic database this security breach happened.

Breached data includes KYC, PII client information, wallet ID, usernames, emails, account and transaction data.

70,000 Hawaii students are at risk due to personal information exposed

Personal information of nearly 70,000 Hawaii students got exposed.

The exposed data includes Name , Birthday , Gender , Race , Ethnicity , Permanent address , Mailing address , Grade level , Courses taken and grades , Cumulative weighted Grade Point Average (GPA) , Smarter Balanced Assessment (SBA) scores and proficiency levels.

According to the report, Social Security numbers were not compromised by this security breach.

QuickBitcustomer’s data exposed by unprotected MongoDB database

Over 300,000 customers data of QuickBit got exposed. QuickBit is a Cryptocurrency Exchange platform.

Exposed data includes customers’ names, addresses, email addresses, and credit card information.

According to the report, the security incident happened due to an unprotected MongoDB database, was left open over internet. Anyone with working internet connection was able to view the database.

Approximately 2% of QuickBit’s customers are at risk by this security incident.

1111 job bank user’s personal data exposed online

Personal data of 1111 job bank users data was leaked to a foreign based hacker with the pseudonym “tomholland”. Over 200,000 pieces of user data was stolen by this hacker.

Leaked data includes user ID, name, birthday, email, phone number and address.

Foucs Taiwan posts reads “Taiwan job bank 1111 confirmed Friday that the personal data of its online members was hacked and leaked to a foreign-based hacker forum, and the case is now being investigated by local authorities.”