Alleged Leaks: Tencent, FTD Educação, and Yellow Pages Data Exposed

The SOCRadar Dark Web Team has identified several significant cyber threats in the past week. These include the sale of 21,000 U.S. credit cards, a DDoS attack on Spanish websites by the pro-Russian hacktivist group Noname057(16), and alleged database leaks involving FTD Educação and Tencent. Additionally, scraped data from Yellow Pages is being sold, reflecting the widespread impact of these cyber incidents across various industries.

Receive a Free Dark Web Report for Your Organization:

21K Credit Cards Belonging to the United States are on Sale

The SOCRadar Dark Web Team detected a post on a hacker forum advertising the sale of 21,000 credit cards belonging to individuals in the United States. The threat actor claims that these cards are fresh and have a validity rate of 70-80%. The entire batch is being offered for $10,000, equating to approximately $0.47 per card. The seller also mentions the possibility of selling the cards in smaller quantities to multiple buyers.

Noname057(16) Conducted DDoS Attack on Spanish Websites

The SOCRadar Dark Web Team detected a post on a Telegram channel announcing a Distributed Denial-of-Service (DDoS) attack targeting several Spanish websites. The post, shared by the pro-Russian hacktivist group Noname057(16), detailed the alleged disruption of multiple critical services in Spain, including the Chamber of Commerce and Industry of Spain, the online platform of the Barcelona Arbitration Tribunal (TAB), the Zaragoza and Vitoria-Gasteiz tram networks, the Tenerife tram network, and the Ports of Algeciras and Las Palmas. The post included links to check-host reports, which purportedly confirmed the success of these attacks.

Alleged Database of FTD Education is on Sale

The SOCRadar Dark Web Team detected a post on a hacker forum where a threat actor claimed to have compromised a database belonging to FTD Educação, a Brazilian educational materials supplier. The post detailed the sale of sensitive data, including API tokens, authentication details, user information such as names, emails, phone numbers, and passwords, as well as operational records like registration numbers, ticket information, and personal tokens. The database, offered in CSV format, allegedly contains 132,457 lines with 1,181,097 associated tickets, amounting to 60 MB of data.

Alleged Sale of Scraped Data from Yellow Pages

The SOCRadar Dark Web Team detected a post on a hacker forum announcing the sale of an alleged database containing 22 million records from YellowPages.com in the USA. The threat actor claims that in early July, a server hosting data from various websites was breached by two threat actors, resulting in the exposure of detailed information from Yellow Pages. This data allegedly includes source URLs, names, home pages, email addresses, phone numbers, and full addresses of the listed businesses. A sample of 50,000 lines has been shared as proof of the breach.

Alleged Database of Tencent Leaked

The SOCRadar Dark Web Team detected a post on a hacker forum where a new alleged database leak for Tencent. The threat actor claims to have obtained a massive database containing 1.4 billion records associated with Tencent.com. According to the post, the data is available in a compressed format of 44GB, which expands to 500GB when uncompressed. The database is reportedly formatted in JSON and includes sensitive fields such as email addresses, mobile numbers, and QQ IDs.

The possibility that this alleged data breach is not recent has also been a topic of discussion among threat actors.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.