Tag Archive for: database
Data breach at Social Blade confirmed. Hacker offers to sell database on underground website
Social media analytics service Social Blade has confirmed that it is investigating a security breach after a hacker offered its user database for sale on an underground criminal website.
In a notification sent to Social Blade users, the firm said that it had confirmed that its database was being offered for sale on a hacking forum after being notified of a potential breach on December 14th.
According to Bleeping Computer, Social Blade’s data was first put on sale on the underground forum on December 12, 2022.
The hacker, meanwhile, claims to have stolen the database of 5.6 million records in September.
Social Blade, which monitors the social media accounts of tens of millions of users, issued a reassurance that no credit card information had been leaked, but did say that the leaked data included email addresses, IP addresses, password hashes, client IDs and tokens for business API users, auth tokens for connected accounts, and “many other pieces of non-personal and internal data.”
In addition, the firm warned that “a very small subset of the data (about a tenth of a percent)”” also included the addresses of users.
Social Blade went on to say that although password hashes had been leaked, it did not believe they were at risk as the strong bcrypt encryption algorithm had been used. Nonetheless, it would be sensible for affected Social Blade users to change their passwords, ensuring that new passwords are hard-to-crack or guess, and are unique.
Business API tokens have meanwhile been reset to prevent exploitation by unauthorised third parties.
Social Blade believes that the individual who stole its data accessed it by exploiting a website vulnerability. It says it has closed the security hole and is conducting additional reviews of its systems to ensure that security is further hardened.
Anyone who has used Social Blade would be wise to not only change their password but also to be on the lookout for scams and phishing attacks which attempt to use the breached information to trick the unwary into handing over further details.
Police database breach a ‘big black eye’ for Chinese security systems
Shanghai [China], July 9 (ANI): There is rising outrage amongst Chinese citizens with the surfacing of numerous incidents of personal data breaches parked on Chinese security systems, with the latest being a breach on Shanghai police database.
As per New York Times, the Shanghai police database with a vast trove of personal data that was seized by a hacker was left unsecured for months, security researchers said and turned out to be the largest known breach of Chinese government computer systems.
The leak came to light after an anonymous user posted in an online forum offering to sell personal information of as many as one billion Chinese citizens, exposing the privacy risks of the Chinese government’s vast surveillance.
The communist party collect a huge amount of data on citizens by tracking their movements and recording their DNA and other biological markers, New York Times reported, adding that it has been subjected to severe leaks due to parking it on unprotected servers.
Claiming to have information on 90 million citizens, another anonymous user posted on social media offering to sell a separate police database from the central Chinese province of Henan.
Over recent years, Chinese citizens have expressed growing demands for personal privacy and data protection from companies as the online security breaches fueled public resistance to the collection of private data by the government.
However, the news about the leak was swiftly censored and removed from the Chinese internet and social media platforms, a sign that the government understood the explosive nature of the apparent breach.
As of Thursday, Hashtags such as “Shanghai data leak,” “data leak of one billion citizens” and “data leak” remained blocked on Sina Weibo, a popular Chinese microblogging service as of Thursday, The New York Times reported, citing local media sources.
“It’s left a big black eye for the Chinese public security world, and by extension the Chinese government,” said Paul Triolo, senior vice president for China at Albright Stonebridge Group, a strategy firm. on China’s policies on surveillance of its masses.
“It’s not surprising they’ve gone into full censorship mode given how sensitive this issue is for the…
China censors news of alleged hacking of Shanghai police database
China is rapidly censoring news of the alleged hacking of a Shanghai police database that threatens to expose the personal data of more than 1bn people, in what could be one of the largest-ever leaks of private information.
An anonymous hacker advertised the data on an online cyber crime forum late last month, claiming the full file for sale contained multiple terabytes of details, including names, addresses, IDs, phone numbers and criminal records of more than 1bn Chinese people.
The alleged hack set Chinese social media abuzz for a brief period over the weekend, but by Monday microblogging network Weibo and Tencent’s WeChat had begun to censor the topic.
Hashtags such as “data leak”, “Shanghai national security database breach” and “1 billion citizens’ records leak”, which had amassed millions of views and comments, were blocked on Twitter-like Weibo.
One Weibo user with 27,000 followers said a viral post about the hack had been removed by censors and that she had already been invited by local authorities to discuss the post.
Tencent’s WeChat also appears to have removed the news, including a public post by a well-known cyber security blogger. The post, which was published on the blogger’s public page “JohnDoes loves study”, detailed the implications of the huge data breach. It was no longer accessible on Tuesday.
Chinese search engine Baidu showed few results about the topic, with links that it provided to discussions about the hack on Zhihu inaccessible as of Tuesday.
The hacker, writing under the name ChinaDan, uploaded a description and sample of the data haul to the online forum and named a purchase price: 10 bitcoin, or about $200,000.
While the US frequently accuses Chinese hackers of stealing information about American citizens and probing its networks, Beijing has long denied those claims and asserted that it was instead the country that faced the greatest number of cyber intrusions.
Usually, those leaks remain hidden from the public, as companies and governments across the country prefer to say little about any data losses.
Shanghai authorities did not comment on the alleged data leak. The Shanghai government did not…