Cybercriminals Share Millions of Stolen Records During Holiday Break

Cybercriminals Share Millions of Stolen Records During Holiday Break

January 2, 2024 at 05:31PM

Cybercriminals leaked around 50 million records of sensitive personal information in a lead-up to Christmas, dubbed “Leaksmas” on the Dark Web to attract new customers. Resecurity identified several threat actors releasing substantial data dumps, including discounts on stolen payment data. Known groups, like SeigedSec and Five Families, shared compromised information freely over the holiday break.

Based on the meeting notes, I have identified the following key takeaways:

1. Cybercriminals leaked millions of records of sensitive personal information during the holiday season, a trend referred to as “Free Leaksmas.”
2. Threat actors released substantial data dumps, including both new breaches and stolen data from past breaches, with discounts reaching up to 40% on compromised online banking and ecommerce accounts.
3. Major data dumps came from breaches at companies such as Peruvian telecom provider Movistar, a Vietnamese fashion retailer, and a French company.
4. The leaked data includes individual records as well as larger compilations known as combo-lists, containing millions of records, including emails and passwords.
5. Known threat actors, such as SeigedSec and an alliance of multiple hacktivist groups called “Five Families,” were identified as sharing compromised data.
6. Criminals offered steep discounts on stolen credit card data and services to attract new buyers, with a focus on exploiting vulnerabilities in insecure web applications and network services.

Let me know if there’s anything else you’d like to add.

Full Article