Reading:
The Week in Dark Web – 09 April 2021 – Databases Under Attack

The Week in Dark Web – 09 April 2021 – Databases Under Attack

April 9, 2021
Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. User database of a company in Qatar, unauthorized network access sales, online messaging platform database sale , Airline database sale in UAE hit the headlines. Click here to read the last week’s edition. Here are the details of the major events that took place on the deep web this week:

User Database of an Institution Operating in Qatar On Sale

On April 2, 2021, on a dark web forum monitored by SOCRadar, a vendor attempted to sell a database which allegedly contains personally identifiable information of people from Qatar. While there was no information about where the database was dumped from, it was clearly said that there was information belonging to 70.000 people. According to the vendor’s post, the leaked data covers emails, credentials for the victim platform and other PII (Personally Identifiable Information) like date of birth

Unauthorized Network Access Sales Detected for 4 Shops from the UK and Mexico

On April 3, 2021, 4 unauthorized network accesses are on sale allegedly belonging to 4 shops from the UK and Mexico, on a dark web forum monitored by SOCRadar. According to the threat actor’s claim, victim shops are selling home interiors, sofas, electronics and pharmas respectively and all of them have magneto engines. The actor asserted to have access to the admin panel for some of the shops. Moreover, the vendor was contacting buyers on Telegram and was asking PayPal payments.

Customer Database of a Gambling Company is on Sale

On April 3, 2021, on a dark web forum monitored by SOCRadar, a customer database sale was detected for a gambling site from Malaysia. According to the threat actor’s claim, the database contained credentials, bank account information and PII (Personal Identifiable Information) data like phone numbers of 23.000 users. The surfaced details could be used with the contact information in the dump by threat actors to run phishing attacks

Database of an Online Messaging Platform from the USA For Sale on the Dark Web

On April 5, 2021, SOCRadar detected a vendor who allegedly attempted to sell database and server access for an online marketing and messaging platform from the USA, on a dark web forum. According to the vendor’s claim, on this platform there are mobile marketing, email marketing, instant messaging and social media marketing tools for businesses. The vendor, asserting to give access to the server backdoor and show how to access panel admin, added on the server, there are 3 databases which have a size of 8 TB.

For a Company from UAE, Customer Database Sale Detected on the Dark Web

On April 9, 2021, an unauthorized network access and customer databases sale allegedly belonging to a ticket sale business from UAE was detected on a dark web forum monitored by SOCRadar. According to the threat actor’s claim, the buyer could have admin access to the platform and two customer databases. While the first database contains PII (personally identifiable information) like full names, addresses, phone numbers and credentials of over 22 million people, the second database includes credit card information of 17.2 million users which may pose a serious fraud threat for these users. The vendor also added that the databases are up-to-date and open to different offers.


Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.