Data Breach Archives - ShadowMap Digital Risk Management - Asset Inventory & Cyber Threat Intelligence - ShadowMap Fri, 07 Aug 2020 11:24:56 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.3 https://shadowmap.com/wp-content/uploads/2019/07/favicon-50x50.png Data Breach Archives - ShadowMap 32 32 Zoosk Data Breach Published on Darkweb Forum – 29 Million Users Impacted https://shadowmap.com/threat-intelligence/zoosk-data-breach-published-on-darkweb-forum/ https://shadowmap.com/threat-intelligence/zoosk-data-breach-published-on-darkweb-forum/#respond Wed, 05 Aug 2020 08:08:10 +0000 https://shadowmap.com/?p=1691 ShadowMap’s AI & ML based digital risk management platform has discovered a new data breach on the darkweb that impacts 29 million users of the online dating website, Zoosk.

The post Zoosk Data Breach Published on Darkweb Forum – 29 Million Users Impacted appeared first on ShadowMap.

]]> ShadowMap’s AI & ML based digital risk management platform has discovered a new data breach on the darkweb that impacts 29 million users of the online dating website, Zoosk. Zoosk is an online dating service available in 25 languages and in more than 80 countries and is part of the Spark Networks SE which includes SilverSingles, EliteSingles, Jdate, Christian Mingle, eDarling, JSwipe, AdventistSingles, LDSSingles, and Attractive World.

Monitoring The Dark Web & Discovering The Breach

As part of our continuous monitoring of 4000+ Surface, Deep & Dark Web Forums for data breaches, we discovered this data being traded early last week, while it has been openly published for public consumption on the 5th of August 2020.

The data contains 29,186,600 rows of user data and the hacker has suggested that the initial breach took place in January 2020.

Zoosk Data Breach Published on Dark Web Forums

Zoosk Data Breach Published on Dark Web Forums

Inside The Zoosk Data Breach

The data contains two tables:

User Table
id, first_name, last_name, user_nicename, user_email, email_status, user_status, widget_guid, sex, interested_in, relationship, birthday, location_id, latitude, longitude, zipcode, country, discoverable, user_activation_key, media_request_id, user_registered, last_login, lastdailable_flatched migrated, height, ethnicity, education, religion, politics, children, smoking, drinking, bodytype, income, pets, settings, currency_id, balance, provider_map, photo_source, photo_count, locale_id, timezone_id, source, is_remarketed_to, dscore, rscore, sscore

Tig Users Table
uid, user_id, sha1_user_id, user_pw, last_login, last_logout, online_status, failed_logins, account_status

General Recommendations

Even though passwords were not leaked, threat actors can use the email addresses to send spam, phishing emails, and launch other online scams.

So, as a rule of thumb:

  • Use strong passwords.
  • Enable multi-factor authentication for all your online accounts.
  • Don’t open unsolicited email attachments and links, especially from senders you don’t recognise.
  • Don’t share OTPs with third-parties.
  • Review online accounts and financial statements periodically.
  • Regularly update your apps and any other software you use.

The post Zoosk Data Breach Published on Darkweb Forum – 29 Million Users Impacted appeared first on ShadowMap.

]]> https://shadowmap.com/threat-intelligence/zoosk-data-breach-published-on-darkweb-forum/feed/ 0 Dunzo Data Breach Published on DarkWeb Forum – 6 Million Users Impacted https://shadowmap.com/threat-intelligence/dunzo-data-breach-published-on-darkweb-forum-6-million-users-impacted/ https://shadowmap.com/threat-intelligence/dunzo-data-breach-published-on-darkweb-forum-6-million-users-impacted/#respond Fri, 17 Jul 2020 12:55:23 +0000 https://shadowmap.com/?p=1772 ShadowMap’s AI & ML based digital risk management platform has discovered a new data breach on the darkweb that impacts 6 million users of the online delivery service, Dunzo.

The post Dunzo Data Breach Published on DarkWeb Forum – 6 Million Users Impacted appeared first on ShadowMap.

]]> ShadowMap’s AI & ML based digital risk management platform has discovered a new data breach on the darkweb that impacts 6 million users of the online delivery service, Dunzo. Dunzo is an Indian company that provides delivery services in Bengaluru, Delhi, Gurugram, Pune, Chennai, Jaipur, Mumbai and Hyderabad. The company also operates a Bike Taxi service in Gurugram. It is headquartered in Bengaluru, India. In 2017, it was funded by Google.

Monitoring The Dark Web & Discovering The Breach

The initial disclosure of the breach was made by Dunzo it self on the 11th of July 2020. As part of our continuous monitoring of 4000+ Surface, Deep & Dark Web Forums for data breaches, we discovered this database being sold on DarkWeb forums around the first week of July 2020.

The forum post claims that the data contains 8,493,681 rows of user data and the hacker has suggested that the initial breach took place in June 2020. On analysing the breach data, we found there were 5,969,986 rows of data published as part of this leak and the breach itself took place around the 20th of June 2020.

Dunzo Data Breach Published on Dark Web Forums

Dunzo Data Breach Published on Dark Web Forums

Inside The Dunzo Data Breach

The database contains a single table: Users_DunzoUser

id, password, last_login, is_superuser, uuid, first_name, last_name, email, phone, country_code, type, status, device_token, phone_type, phone_make, date_joined, last_updated, secret_key, app_version, registered_on, registered_platform character, send_logistics_pricing, send_logistics_pricing_image_format, last_pricing_version_shared, preferred_mode_of_payment, credit_amount, credit_score, maximum_retries_count, profile_data_updated_on_firebase, merchant_id, permission_role, user_status, flow_version, extra_data_json, city_id, current_runner_task_id, source, first_known_location, last_known_location, referral_code, referred_by_code, advertising_id, device_id, bucket_id

The passwords in the database seem to be stored using Django Password Hashes (Salted SHA 256 hash with 20000 iterations), while some users don’t have a password string in the database since they are most likely using social or OTP based login. In-addition to the email addresses, mobile numbers, IP addresses & password hashes the GPS locations of the users while they installed and last used the application along with details about their phone devices are also available.

Dunzo Data Breach

Dunzo Data Breach

General Recommendations

Since the password hashes have been leaked, there is a significantly likelihood of password stuffing attacks taking place against various platforms where the same email / mobile and password are being used. In-addition to this, threat actors can use the email addresses to send spam, phishing emails, and launch other online scams.

So, as a rule of thumb:

  • Use strong passwords.
  • Enable multi-factor authentication for all your online accounts.
  • Don’t open unsolicited email attachments and links, especially from senders you don’t recognise.
  • Don’t share OTPs with third-parties.
  • Review online accounts and financial statements periodically.
  • Regularly update your apps and any other software you use.

The post Dunzo Data Breach Published on DarkWeb Forum – 6 Million Users Impacted appeared first on ShadowMap.

]]> https://shadowmap.com/threat-intelligence/dunzo-data-breach-published-on-darkweb-forum-6-million-users-impacted/feed/ 0