Tag: dark web

Hackers put 200 million Twitter users’ private information for sale on dark web

Anyone can now download the data of more than 200 million Twitter users for free.

According to Privacy Affairs‘ security researchers, who confirmed the database that’s currently posted on a hacker forum, this most recent data dump, which contains account names, handles, creation dates, follower counts, and email addresses, turns out to be the same — albeit cleaned up — leak reported last month that affected more than 400 million Twitter accounts.

According to Privacy Affairs CEO and founder Miklos Zoltan, the removal of duplicate accounts is what caused the number of accounts to be cut in half. But this time, he added, “the data is available for download by anyone for free, as opposed to being marketed for sale at $200,000, as it was in December.”

According to Zoltan’s blog article detailing the breach, some of the well-known individuals and companies in the new 63GB database leak include Donald Trump Jr., Google CEO Sundar Pichai, SpaceX, the US National Basketball Association, CBS Media, and the World Health Organization.

There is no information on whether the Christmas Day Twitter account hack of British Education Secretary Gillian Keegan is connected. Miscreants hijacked Keegan’s account in that instance, altered her profile photo to one of Elon Musk, and sent out a string of tweets endorsing cryptocurrency.

The exposed account owners are still at risk even if the disclosed data does not contain users’ phone numbers, physical addresses, or passwords, according to Zoltan.

“Privacy Affairs cybersecurity experts reviewed the published data and believe this latest leak could lead to social engineering attacks and doxxing.”

The genuine names and locations of individuals can be ascertained by combining the hacked email addresses connected to Twitter accounts with other publicly accessible data. Additionally, nation state goons and criminals continue to use phishing emails as a successful entry point for social engineering attacks.

Of course, spammers or con artists can also utilise the listed email addresses; all they need to do is persuade one victim to click on a harmful link.

Researchers cautioned that despite this week’s data leak having fewer accounts, it may be more dangerous because the thieves are giving away the entire information for free.

“It is not certain at this moment how exactly this data was obtained,” Zoltan noted. “The most likely method used could have been the abuse of an application programming interface (API) vulnerability.”

The data was allegedly hacked in 2021 due to a security flaw that Twitter claimed to have closed last year.

January 6, 2023
Apple warns of security flaw that lets hackers take full control of iPhones, iPads and MacBooks

To protect against two security loopholes that might let hackers take full access to a user’s iPhone, iPad, or Mac, Apple owners have been warned to update their products immediately.

Apple stated that there are solid reports suggesting that hackers have already been taking advantage of the flaws in both cases to attack users.

According to Apple, one of the software flaws affects the kernel, the most core component of the operating system used by all devices. The other has an impact on WebKit, the engine that powers the Safari web browser.

By accessing the settings menu on a mobile device or the “about this Mac” menu on a computer, users of macOS Monterey can get the update.

According to experts, a hacker could gain “complete admin access to the device” and “run any code as if they were you, the user,” according to Apple’s explanation of the vulnerability.

People “in the public spotlight,” such as activists or journalists, who could be the focus of sophisticated nation-state eavesdropping, should pay special attention to updating their software, according to Tobac.

The vulnerabilities were previously categorised as “zero-day” issues since a fix had been made available for them for zero days prior to the fix’s release. Such flaws are extremely lucrative on the open market, and cyberweapon dealers will pay thousands or even millions of dollars for them.

August 20, 2022
Amazon bans more than 13,000 Pakistani seller accounts for fraudulent activities

According to reports, Amazon has suspended more than 13,000 Pakistani seller accounts over suspicions of fraud.

Due to government backing through Pakistan Post’s many programmes to promote the cottage industry and boost Pakistan’s exports, the trend of small business owners choosing to become Amazon Sellers has been steadily increasing over the past few years.

Mian Chanuu and Sahiwal, two cities in Punjab, have reportedly been designated as fraudulent red zones by Amazon because vendors based there have been discovered engaging in fraudulent activities, according to GVS.

According to sources, Amazon has also blacklisted IP addresses from Mian Channu, therefore users from these areas are now using Dubai or the computers of other customers to access their accounts.

When a buyer orders merchandise from a phoney Amazon seller, sellers use the Kabootar technique or false tracking. Two different websites offer fake tracking services.

However, such merchants notify the buyers that it will take 15 to 20 days to deliver their goods. Typically, Amazon credits the amount to sellers within 14 days. Since the customer believes the sellers, there are no complaints made, and after 14 days, Amazon pays the money to the seller.

Read more: Leaks reveal iPhone 14 could be the best model ever

Actual buyers never receive their things, and the dishonest vendors profit. According to reports, sellers profit significantly from this Kabootar scam.

On the other hand, carding is the main activity of those who register for an account on a dark web website. Such individuals purchase compromised cards from such websites for $100 to $200 with all pertinent information, such as the card number, expiration date, and Card Verification Value (CVV).

These cards are used by these vendors to purchase and resell prepaid gift cards. They can avoid being caught by the authorities in this manner.

August 13, 2022
National awareness campaign launched to protect children against cybercrime

The Federal Ombudsman’s nationwide public awareness campaign aimed at educating the wider populace and relevant groups about the skills and methods needed to combat cybercrime against children is now in full swing.

On Sunday, a representative for the Federal Ombudsman Office said that as part of the program, state-run broadcasting stations broadcast informational messages and programmes about the prevention and control of cyber-crime against children in Urdu and regional languages.

The strategic goal of the awareness campaign, according to Commissioner for Children Syeda Viqar un Nisa Hashmi, is to raise public awareness about the effects of cyber-crime abuse and exploitation of minors, as well as to educate children so that they could protect themselves from such situations.

He went on to say that politicians were encouraged to bring legal amendments to the issue as part of the protection drive. The FIA Cyber Crime Cell is also conducting operations to apprehend the remaining suspects.

Read more: Lahore Police arrested 648 dacoits, recovering more than Rs27 crore in three months

Earlier, the Federal Investigation Agency’s Cyber Crime Cell also nabbed a gang in Lahore that was allegedly making money from the dark web through juvenile crime.

April 18, 2022
Data of 115m Pakistani mobile users for sale on dark web

A Pakistani cybersecurity company has come across data of 115 million Pakistani mobile phone users currently for sale on the dark web, a private media outlet reported.

The asking price for this data is 300 Bitcoins (BTC), which is equivalent to 2.1 million USD. Cybercriminals is the company who is selling data, they’re also VIP members of the platform.

Rewterz’s — Pakistani information security company — Threat Intelligence team has analyzed some of the samples from the telecom database up for sale on the notorious dark web. The data includes personal information of the users such as names, contact numbers, residential addresses, CNIC numbers, and NTN numbers.

According to the report, these threat actors are financially motivated, who’re working in Pakistan. Moreover, organizations with outdated
cyberinfrastructure are more vulnerable to these threats.

The team further notes that it is unclear for now whether only single or more telecom companies have fallen victim to cybercriminals.

According to the given sample’s visible results, the latest data is from 2014 and none of the latest number schemes (0317, 0308 etc) is mentioned.

As yet, none of the telecom operators has notified their customers that their data has been compromised.

April 11, 2020