Deloitte Breach, Star Health Data, 100 Million Stealer Logs for Sale

Recent findings by the SOCRadar Dark Web Team reveal a series of alarming cyber incidents. Among them is the alleged data leak of Deloitte, stemming from a September 2024 breach. The team also uncovered a leak of customer data from Central Tickets and the sale of a massive database from Star Health Insurance, which includes over 31 million customer records. In addition, 100 million stealer logs are being offered for sale, along with a new DDoS service featuring advanced attack methods.

Receive a Free Dark Web Report for Your Organization:

Alleged Data of Deloitte are Leaked

SOCRadar Dark Web Team detected a post on a hacker forum advertising the alleged data leak of Deloitte, a major auditing and consulting firm. The threat actor claims to have uploaded two files containing internal communications from Deloitte’s systems, following a breach that reportedly occurred in September 2024.

According to the threat actor’s claims, the breach was made possible after Deloitte exposed an Apache Solr server to the internet with default login credentials, making it vulnerable to unauthorized access. As a result, sensitive information was compromised, including email addresses, internal settings, and communications between intranet users.

Alleged Customer Data of Central Tickets are Leaked

SOCRadar Dark Web Team detected a post on a hacker forum claiming that the customer data of Central Tickets, a UK-based ticketing service, has been leaked. The threat actor alleges that they have obtained a database containing the personal information of 1,000,000 unique customers.

Alleged Customer Database of Star Health Insurance is on Sale

SOCRadar Dark Web Team detected a post on a hacker forum advertising the alleged sale of a massive customer database belonging to Star Health and Allied Insurance, one of India’s largest health insurance companies. The threat actor claims to have obtained over 31 million customer records and 5.7 million insurance claim records, with the data allegedly updated as recently as August 2024.

According to the threat actor’s claims, the total volume of the stolen data amounts to 7.24 TB, containing sensitive customer information such as full names, PAN numbers, mobile numbers, email addresses, and detailed health and insurance-related data. The leak also includes details of insurance claims, including Aadhaar card and PAN card photos, medical reports, contact information, and claim amounts.

Alleged 100 Million Lines of Stealer Logs are on Sale

SOCRadar Dark Web Team detected a post on a hacker forum advertising the sale of 100 million stealer logs. The threat actor claims to offer high-quality logs containing URLs, login credentials, and passwords, all packaged into 6.86 GB of data, split into two 50 million-line portions, and compressed into 7zip format. The price for the full set is 1.6 LTC (Litecoin), with some room for negotiation.

New DDOS Service is Detected

SOCRadar Dark Web Team detected a post promoting a new DDoS service offering targeted Layer 4 and Layer 7 attacks, with specialized techniques to bypass Cloudflare, OVH, and game protections. The service relies on European-based botnets and proxies for optimal efficiency, including advanced methods to bypass JavaScript-based security. Pricing is customized based on the target’s defenses, with contact available via PM or Jabber.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.