CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 724
- Points
- 113
3.8 billion lines leaked to the Network, what do the company's customers think about this incident?
DarkBeam, a digital risk protection company, has committed a massive data breach, leaving its Elasticsearch and Kibana interfaces unprotected. As a result, records with email addresses and passwords of users from previously public and even unknown security breaches were disclosed.
According to Bob Diachenko, CEO of SecurityDiscovery, who was the first person in the research community to discover this leak, there were more than 3.8 billion records in the public database. The incident was identified on September 18 and immediately resolved by DarkBeam specialists after Diachenko informed the company about the problem.
Diachenko claims that such data leaks usually occur due to a human factor, for example, when employees forget to set a password after performing maintenance.
Example of a data leak
Among the potentially leaked data were 16 collections named " email 0-9 "and" email A-F", each of which contained 240 million records, including data from Russian-speaking customers.
Experts emphasize the danger of disclosing such collections, as they provide attackers with almost unlimited opportunities for attacks.
Despite the fact that most of the leaked data contains already known information, an organized and extensive compilation of this data poses a serious threat to people whose account information was disclosed. And new data can create risks for those companies that chose to hide security breaches in order to protect their reputation.
It is worth noting that such databases have been leaked more than once in the past. However, the leak made by a digital risk management company certainly raises questions about the competence and care of its employees.
If you suspect that your password may have been leaked to the public, you should check your data using leak detection tools. Or you can immediately change all the passwords from your online accounts. We recommend using special password generators to create strong passwords. You should also enable two-factor authentication for all your critical accounts.
DarkBeam, a digital risk protection company, has committed a massive data breach, leaving its Elasticsearch and Kibana interfaces unprotected. As a result, records with email addresses and passwords of users from previously public and even unknown security breaches were disclosed.
According to Bob Diachenko, CEO of SecurityDiscovery, who was the first person in the research community to discover this leak, there were more than 3.8 billion records in the public database. The incident was identified on September 18 and immediately resolved by DarkBeam specialists after Diachenko informed the company about the problem.
Diachenko claims that such data leaks usually occur due to a human factor, for example, when employees forget to set a password after performing maintenance.
Example of a data leak
Among the potentially leaked data were 16 collections named " email 0-9 "and" email A-F", each of which contained 240 million records, including data from Russian-speaking customers.
Experts emphasize the danger of disclosing such collections, as they provide attackers with almost unlimited opportunities for attacks.
Despite the fact that most of the leaked data contains already known information, an organized and extensive compilation of this data poses a serious threat to people whose account information was disclosed. And new data can create risks for those companies that chose to hide security breaches in order to protect their reputation.
It is worth noting that such databases have been leaked more than once in the past. However, the leak made by a digital risk management company certainly raises questions about the competence and care of its employees.
If you suspect that your password may have been leaked to the public, you should check your data using leak detection tools. Or you can immediately change all the passwords from your online accounts. We recommend using special password generators to create strong passwords. You should also enable two-factor authentication for all your critical accounts.