Data Leakage (Exfiltration)

  • 0

SnapchatDB - 4.6 million users leaked  snapchatdb.info

"You are downloading 4.6 million users' phone number information, along with their usernames. -- For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse."

  • 0

Yik Hak: Smashing the Yak  silverskylabs.github.io

CONCLUSION: The internet is scary. Consider keeping private thoughts to yourself.

  • 0

Introducing paste searches and monitoring for “Have I been pwned?”   troyhunt.com

"I’ve got 174,451,409 breached accounts in Have I been pwned? (HIBP) as of today which probably sounds like a lot, but it’s not. Why is it not a lot? Because whilst that list spans a lot of the big breaches I could get my hands on, as of the middle of this year (now a couple of months ago already), there were over half a billion accounts breached in just six months. That’s just nuts and as that article explains, its set us on a track that will make 2014 the most hacked year to date by a fairly significant margin over last year which was the previous most hacky year."

  • 0

CanaryPW – Share and distribute information relating to data loss  canary.pw

by @afreak. Search engine designed to look through text that has been publicly posted on services like Pastebin. A series of tools scan the text, pull out the interesting bits, and then are entered into a database. The interesting bits for now include e-mail addresses, phone numbers, IP addresses, and websites.

The idea behind this is to mirror the data posted on these sites so anyone can perform quick analysis. It also allows for individuals and organisations to determine if any proprietary information has been inadvertently made available and allow for mitigation.

  • 0

Mozilla Developer Network (MDN) Database Disclosure  blog.mozilla.org

Starting on about June 23, for a period of 30 days, a failing data sanitization process caused an accidental disclosure of the email addresses of about 76,000 users and encrypted passwords of about 4,000 users to remain on a publicly accessible server.