Tag Archive for: database

Hackers steal database of Russian convicts to avenge Navalny’s death – media

/in


After Russian opposition leader Alexei Navalny died in prison, a group of anti-Kremlin hackers gained access to the computer network run by the Federal Penitentiary Service (FSVP of Russia) and claimed they had snatched data on hundreds of thousands of prisoners.

This was reported by CNN, Ukrinform reports.

According to hackers, they got hold of the agency’s database, which contains information on approximately 800,000 Russian prisoners, their families and contacts, including data on prisoners held in the colony where Navalny died on February 16.

Hackers posted a photo of the politician alongside his wife Yulia at a political rally on the penitentiary service’s website.

Read also: Canada expanding Russia sanctions over Navalny’s death

The hackers, who claim to be of various ethnic backgrounds, including Russian expatriates and Ukrainians, are sharing the data “in the hope that somebody can contact them and help understand what happened to Navalny,” a hacker claiming to be involved in the breach told CNN.

An analysis by CNN found several duplicate entries in the database, but it still contains information on hundreds of thousands of people. CNN was able to match several names seen in the snapshots shared by hackers with people currently in a Russian prison as per public records.

The group also gained access to the prison’s online store, where families of convicts can purchase food for them, and changed the prices of some goods to just one ruble. This is evidenced by screenshots and videos published by hackers.

Read also: Defense Ministry developing legislative definition for term ‘cyberwarfare’

The group also posted Navalny’s photo on the store’s website. They sent a warning to the administrators of the prison’s online store not to remove the image and went on to destroy one of the servers when the admins failed to heed to the warning.

The hackers “clearly had full blown access to get it all,” says Tom Hegel, who is principal threat researcher at U.S. cybersecurity company SentinelOne. “The amount of images captured and data provided is quite thorough.”

Read also: Ukraine’s counterintelligence exposes 1,700 attempts at…

Source…

Hackers compile database of people of Jewish descent using stolen 23andMe user data

/in


Hackers on the website BreachForums stole user data from genealogy testing company 23andMe, targeting two particular groups: people of Jewish descent and people of Chinese descent.

The resulting hacker database centered on one subset of the Jewish diaspora, Ashkenazi Jews, who came to the Western Hemisphere from Central and Eastern Europe.

23andMe confirmed Friday that data had been compromised, but told technology magazine Wired that its systems had not been breached. 

“While we are continuing to investigate this matter, we believe threat actors were able to access certain accounts in instances where users recycled login credentials – that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked,” 23andMe said in a statement on its website.

Source…

Another Biloxi casino suffers cyberattack as hackers access customer loyalty database

/in


Beau Rivage Resort & Casino and Harrah’s Gulf Coast Biloxi are open and working around computer issues as their parent companies continue to deal with cyberattacks.

Caesars Entertainment said Thursday in a filing with the Security and Exchange Commission that it recently discovered suspicious activity following an attack on an outsourced support vendor used by the company.

The parent company of Harrah’s Gulf Coast on Sept.7 said it determined the attacker got a copy of the company’s loyalty program database. Caesars Entertainment has one of the largest customer databases of any casino company.

Caesars said its casinos and online gambling program were not impacted, but the attack may have exposed customers’ driver’s license numbers and social security numbers.

“We have no evidence to date that any member passwords/PINs, bank account information or payment card information were acquired by the unauthorized actor,” Caesars said, and has seen no evidence the data was shared.

The company is offering credit monitoring and identity theft protection to all loyalty club members who call 888-652-1580 from 8 a.m.-8 p.m. weekdays. Customers will be notified affected by the hack.

Harrah’s Gulf Coast in Biloxi is one of the Caesars Entertainment casinos that may have been seen customer information revealed in a cyberattack.

Harrah’s Gulf Coast in Biloxi is one of the Caesars Entertainment casinos that may have been seen customer information revealed in a cyberattack.

Caesars said it doesn’t know the costs of the attack.

The Las Vegas Review-Journal cited sources who said the company already paid tens of millions of dollars to the hackers.

MGM update

MGM Resorts International, parent company of the Beau Rivage in Biloxi, said Friday its website is back online and operating in a limited capacity.

The company posted answers to frequently asked questions and said it would post updates to the MGM Resorts Twitter handle.

Beau Rivage Resort & Casino in Biloxi is working around technology issues as its parent company deals with a cyberattack.

Beau Rivage Resort & Casino in Biloxi is working around technology issues as its parent company deals with a cyberattack.

Reservations for restaurants, entertainment and the spa can be booked on the company website and mobile app.

MGM announced the cyberattack on Monday and said its Website, email and electronic key entry to hotel rooms were among the systems taken down.

Systems were put in place to work around these…

Source…

Hacking forum hacked, user database leaked online • Graham Cluley

/in


Hacking forum hacked, user database leaked online

RaidForums, the notorious hacking and data leak forum seized and shut down by the authorities back in April 2022, is – perhaps surprisingly – at the centre of another cybersecurity breach.

Because it seems the hacking site has been… err… hacked.

As Bleeping Computer explains, upon the demise of RaidForums many of its users jumped ship to a new hacking forum called BreachForums to trade their stolen data.

Sign up to our free newsletter.
Security news, advice, and tips.

However, in March this year the US Department of Justice announced that it had forced BreachForums offline, and arrested its alleged founder 20-year-old Conor Brian Fitzpatrick, aka “pompompurin.”

Once again, those who like to frequent criminal hacking forums realised that they had to find a new home. Some members of the site, no doubt, would have feared that the authorities might have been able to spy upon their communications and gather evidence of their various wrongdoings.

So, did they give up a life of cybercrime? Far from it! Many of them joined a new hacking forum called ExposeForums.

And it is this site which appears to have now leaked the user database of RaidForums – potentially providing law enforcement, security researchers, and – yes – other cybercriminals with a large amount of potentially sensitive information.

Raidforums leak

According to Bleeping Computer, the data includes details of 478,870 RaidForums members, “including their usernames, email addresses, hashed passwords, registration dates, and a variety of other information related to the forum software.”

Chances are that this information (and possibly more) has been in the hands of law enforcement investigators since RaidForums’ website was seized in April 2022, but there is no doubt that it would also be of interest to others.

It must be pretty nerve-wracking being a mamber of a hacking forum like RaidForums, BreachForums, ExposeForums… never quite knowing when your preferred cybercrime hangout is going to be seized by the cops, and what information they might be able to find out about you.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley…

Source…