ADT, Citi Bike, Sun West Mortgage, and Bausch Health Face Alleged Data Breaches

Several significant data breaches and cyber threats impacting major companies have been detected by the SOCRadar Dark Web Team. Notable incidents include the alleged database leaks of ADT, Citi Bike, and Sun West Mortgage, along with the sale of medical DEA numbers from Bausch Health. Additionally, unauthorized intranet access for a major CIS company is being sold.

Receive a Free Dark Web Report for Your Organization:

Alleged Database of ADT is Leaked

The SOCRadar Dark Web Team detected a post on a hacker forum revealing a new alleged database leak for ADT, a security company. The threat actor claims that ADT suffered a data breach exposing over 30,812 records, including 30,400 unique emails. The exposed records reportedly contain customer emails, full addresses, user IDs, and details of products bought.

Alleged Database of Citi Bike is on Sale

The SOCRadar Dark Web Team detected a post on a hacker forum announcing the sale of an alleged 9 GB database for Citi Bike, a bike-sharing service. The sample data includes ride details such as ride ID, type, timestamps, station names and IDs, coordinates, and user type.

Database of Sun West Mortgage is Allegedly Leaked

The SOCRadar Dark Web Team detected a post on a hacker forum alleging a new database leak for Sun West Mortgage. The threat actor claims the database contains 6 million lines of data, formatted in SQL and totaling 2.3GB. The leaked information reportedly includes personal details and contact information such as lead IDs, names, addresses, phone numbers, email addresses, and loan details.

Alleged Database of Bausch Health is on Sale

The SOCRadar Dark Web Team detected a post on a hacker forum advertising a database sale for Bausch Health. The threat actor claims to have 1.6 million medical DEA numbers and prescriber details, with over 3TB of data. They highlight the value of DEA numbers, which allow healthcare providers to write prescriptions for controlled substances.

The post offers packages of DEA numbers for sale, with prices ranging from $10,000 for 10 numbers to $50,000 for 100 numbers, and also demands $3 million from Bausch Health to prevent the sale. The actor emphasizes the difficulty of resetting DEA numbers and the potential for widespread misuse in writing fake prescriptions.

The threat actor in question is Sp1d3rHunters, linked to the Snowflake breach. The threat actor claims the breach is connected to Snowflake.

Alleged Unauthorized Intranet Access Sale is Detected for a Company

The SOCRadar Dark Web Team detected a post on a hacker forum advertising unauthorized intranet access allegedly belonging to a major company. The threat actor provides details including contact information and mentions that the company is from a large Commonwealth of Independent States (CIS) country with a revenue exceeding $130 billion. The access type is described as confidential access to the intranet.

The price for this access is set at $100,000. This alarming post highlights the ongoing risks and vulnerabilities that even large and financially robust companies face in the cyber realm. The sale of such access can lead to significant security breaches, data theft, and potential financial losses. Organizations must remain vigilant and continuously enhance their cybersecurity measures to protect against such threats.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.