Dark Web Data Breaches A Comprehensive Overview

In recent years, data breaches have become increasingly common, with cybercriminals targeting organisations of all sizes and industries. One particularly concerning aspect of these breaches is the exposure of sensitive data on the dark web. The dark web is a hidden part of the Internet where criminals can buy and sell stolen information, including personal and financial data, login credentials, and even hacking tools.

This article provides a comprehensive overview of recent data breaches that have resulted in the exposure of sensitive information on the dark web. It covers a wide range of industries and organisations, highlighting the extent of the problem and the potential impact on individuals and businesses. Below is a timeline of the most recent data breaches, including details about the affected organisations, the type of data exposed, and the actions taken to mitigate the damage.

August 2023: New Victims Emerge from MOVEit Attacks

In August, the fallout from the MOVEit attacks continued, with more companies and government agencies disclosing that they had been breached by the Russian ransomware group Clop. IBM was implicated as an attack vector for breaches on several state agencies, including the Colorado Department of Health & Financing, the Colorado Department of Higher Education, and the Missouri Department of Social Services. The stolen data included social security numbers, Medicare and Medicaid ID numbers, and sensitive health data on millions of Americans.

Two government contractors, Serco and Maximus, also disclosed that they had been breached in the MOVEit attacks. Compromised data in these cases included social security numbers and sensitive health data for millions more Americans. The attacks have now compromised hundreds of companies and tens of millions of individuals.

August 2023: Proprietary Data Stolen from Seiko

On August 10, Japanese watchmaker Seiko disclosed that they had been targeted in a data breach by the BlackCat/ALPHV ransomware group. The stolen data included schematics, patented technology, and other proprietary data. Fortunately, sensitive customer data does not appear to have been compromised in this breach.

August 2023: Data on 760k Users Stolen From Discord.io

Discord.io, a third-party service for Discord users, suspended operations after a breach exposed data on its 760,000 members. The stolen data included email addresses, billing addresses, and hashed passwords, which were listed for sale on Breached forums. It’s important to note that Discord.io is not owned or operated by Discord itself, and Discord users who have not used Discord.io have not been implicated in this data breach.

July 2023: Cybercrime Forum Gets Breached

BreachForums, a popular destination for ransomware hackers extorting companies and selling stolen data, became the victim of a data breach. On July 26, the breach was announced, including email addresses, private messages, and hashed passwords. The hacker is now ransoming their data with an asking price of over $100,000.

BreachForums was briefly shut down following its founder’s arrest in March 2023. It re-emerged a few months later and has remained a major marketplace for stolen data.

July 2023: NATO Investigates Data Breach

On July 25, the hacker group SiegedSec claimed on Telegram that they had breached NATO’s Communities of Interest Cooperation Portal. The stolen data appears to include unclassified documents and sensitive data pertaining to users of the web portal.

SiegedSec is a hacktivist group targeting government organisations, describing their motive as “a retaliation against the countries of NATO for their attacks on human rights.” They also noted that leaking documents is “fun.” This breach highlights the vulnerability of even highly secure organisations to cyberattacks.

July 2023: Chinese Hackers Breach U.S. Agencies Via Microsoft Cloud

On July 11, Microsoft publicly disclosed that a group of Chinese hackers had spied on U.S. government agencies using a vulnerability in Microsoft’s cloud services. The attack was first detected in June by an unnamed government agency, which promptly informed Microsoft and the Department of Homeland Security.

The hacking group, known as Storm-0558 by Microsoft, appears to be linked to the Chinese government. Their attacks targeted State and Commerce department emails, likely in an attempt to gather intelligence. Fortunately, sensitive data was not compromised in this email breach.

July 2023: More Victims Emerge from MOVEit Attacks

July witnessed further damage from the MOVEit attacks, which have now compromised over 200 companies. New victims include Radisson Hotels, though the spokesperson did not disclose the exact number of guest records exposed. Other affected organisations include real estate company Jones Lang LaSalle, several universities such as the University of Illinois and Johns Hopkins University, and financial institutions like Deutsche Bank and UofL Health.

The attacks have resulted in the exposure of sensitive records pertaining to millions of people. As more details continue to emerge, it is crucial for affected organisations to take immediate action to mitigate the damage and protect their customers’ data.

July 2023: Apple Patches Zero-Day Exploit

On July 10, Apple released a batch of Rapid Security Response updates to iOS and macOS. The company acknowledged that they were “aware of a report that this issue may have been actively exploited” but did not provide further details. It is recommended that users download the update as soon as possible to ensure the security of their devices.

July 2023: Razer Investigates Alleged Data Breach

Razer, a consumer electronics company, acknowledged on July 8 that they were investigating an alleged data breach. An anonymous hacker claimed to have stolen source codes and other data from Razer and offered to sell it for $100,000 worth of cryptocurrency. The scope of the breach and the number of affected users are still unknown at this time.

July 2023: Microsoft Denies Purported Data Breach

On July 2, a hacktivist group called Anonymous Sudan claimed to have hacked Microsoft and stolen data pertaining to over 30 million Microsoft accounts. However, Microsoft denied these claims, stating that they had seen “no evidence that our customer data has been accessed or compromised.” The authenticity of the stolen data has not been confirmed, and it remains unclear where the data came from.

June 2023: MOVEit Attacks Compromise 100+ Companies & Government Agencies

In June, the Clop ransomware group targeted the MOVEit file transfer tool, exploiting a zero-day vulnerability to compromise over 100 companies and government agencies. The breach affected DMVs in Oregon and Louisiana, potentially exposing sensitive data such as drivers’ licence and social security numbers of over 6 million residents.

The attackers also targeted payroll company Zellis, which they used to breach the BBC, British Airways, and Aer Lingus. Other affected organisations include Shell, several financial services companies, and Community Health Systems, which operates over 1,000 healthcare sites. The attacks have exposed personal information on a massive scale, highlighting the urgent need for improved cybersecurity measures.

June 2023: Report Identifies Over 101k Hacked ChatGPT Accounts

A threat intelligence team at Group-IB released a report in June indicating that over 101,000 ChatGPT credentials were stolen by malware over a 12-month period. These compromised accounts were found on the dark web and were available for sale alongside other stolen data. It is crucial for users to remain vigilant and take steps to protect their accounts from unauthorised access.

June 2023: UPS Alerts Canadian Customers of Phishing Attacks

In late June, UPS alerted many customers in Canada that their data may have been compromised in a string of SMS phishing attacks that occurred from February 2022 to April 2023. The attackers impersonated UPS and demanded fees to deliver supposed ‘packages.’ To enhance their credibility, they hacked into UPS’s package lookup tools to base their phishing texts on actual incoming deliveries.

UPS clarified that legitimate texts from UPS only come from the SMS number 69877. This serves as a reminder to be cautious of phishing attempts and to verify the authenticity of any messages or requests for personal information.

June 2023: Hacker Ransoms Confidential Reddit Data

On June 17, the BlackCat ransomware gang threatened to make public 80 GB of confidential data stolen from Reddit in a February cyberattack. The stolen data included account credentials from 2007 and earlier. Reddit has notified users whose information may have been compromised and is taking steps to address the breach.

June 2023: Zacks Data Breach Posted to Hacker Forum

On June 10, a previously unreported data breach of 8.9 million Zacks users was added to the breach database Have I Been Pwned. The stolen data, which dates back to May 2020, was subsequently posted for sale on a popular hacker forum. Although the breach included account data such as passwords, it does not appear to have included credit card numbers or other financial data.

June 2023: Intellihartx Discloses Breach Affecting 489k Patients

On June 8, healthcare collections company Intellihartx notified legal officials that sensitive data pertaining to over 489,000 patients had been compromised in a data breach on partner company Fortra. The stolen data included social security numbers, dates of birth, and medical records. This incident was part of the GoAnywhere attacks in February, affecting over 130 companies, primarily in the healthcare sector.

May 2023: Apria Notifies 1.8 Million People of 2021 Breach

Apria Healthcare discovered a data breach on September 1, 2021, that exposed sensitive data on 1.8 million patients and employees. However, Apria did not inform anyone of the breach until 18 months later, in May 2023, which is a violation of HIPAA regulations. The exposed information includes social security numbers, financial data, and medical records.

May 2023: 237k Federal Employees Exposed in U.S. Department of Transportation Breach

On May 12, the U.S. Department of Transportation notified Congress of a data breach affecting 237,000 current and former government employees. The breach compromised data related to TRANServe, a system for reimbursing commuting costs. It remains unclear who was behind the attack and the extent of the damage.

May 2023: PharMerica Discloses Breach Affecting 5.8 Million Patients

PharMerica, a healthcare company, disclosed on May 12 that a ransomware attack had exposed sensitive data on over 5.8 million patients. The breach occurred in March, and PharMerica only notified customers two months later, after the hackers published the stolen data online. The exposed information includes social security numbers, medical records, and other highly sensitive data.

May 2023: Discord Support Account Compromised

In mid-May, Discord disclosed that an account belonging to a third-party support contractor had been compromised. Through this account, an unknown attacker was able to access some personal information, such as email addresses. The impact of this attack appears to be limited, but users should remain cautious of potential phishing attempts.

April 2023: T-Mobile Discloses Second Data Breach of 2023

On April 28, T-Mobile notified 836 customers that their data had been compromised in a breach. Although the scale of this attack was more limited than their January breach, it included highly sensitive data such as social security numbers, government ID data, and T-Mobile account pins. T-Mobile continues to face significant challenges in securing their customers’ data.

April 2023: American Bar Association Discloses Hack Affecting 1.5 Million Members

In mid-April, the American Bar Association (ABA) notified 1.5 million members that their login credentials, including encrypted password data, had been compromised. The breach occurred in March when an unknown hacker broke into a legacy system associated with an old ABA website. While the stolen data was not up-to-date, it serves as a reminder not to reuse old passwords.

April 2023: Yum Brands Admits That Customer Data Was Compromised In Breach

In early April, Yum Brands, the parent company of Taco Bell, KFC, and Pizza Hut, acknowledged that personal data, including driving licence numbers, had been compromised in a January incident. Initially, Yum Brands claimed that only company data had been affected but later admitted that customer data was also compromised. The exact number of affected customers remains undisclosed.

April 2023: MSI Breached by Ransomware Gang

On April 7, computer hardware company MSI confirmed that a ransomware gang had stolen company data, including source code. The ransomware gang, known as Money Message, threatened to make the stolen data public unless MSI paid a ransom of $4 million. Customer data does not appear to have been compromised in this breach.

April 2023: Uber’s Law Firm Leaks Sensitive Data on Drivers

In April, Uber’s law firm, Genova Burns, notified many Uber drivers that sensitive data, including Social Security numbers and Tax Identification numbers, had been stolen in a data breach of the law firm. The exact number of affected drivers has not been disclosed, but this incident highlights the potential risks associated with third-party vendors.

April 2023: Western Digital Confirms Breach

In April, data storage company Western Digital confirmed that hackers had breached their network on March 26. The breach resulted in outages to Western Digital’s cloud storage services, and users were subsequently notified that some customer information, such as encrypted passwords and partial credit card numbers, had been exposed. Western Digital is taking steps to enhance their security measures and protect customer data.

March 2023: ChatGPT Bug Exposes User Data

On March 24, OpenAI confirmed that a bug in an open-source library exposed customer data, including chat history and payment information, to other users. OpenAI promptly patched the vulnerability and notified affected users. This incident serves as a reminder of the importance of regular software updates and vulnerability management.

March 2023: ILS Notifies 4.2 Million Customers of Data Breach

In March, healthcare provider Independent Living Systems (ILS) notified over 4 million customers of a data breach. The breach occurred in June and July 2022 and included social security numbers, driving licence numbers, medical records, and other highly sensitive information. ILS is working to address the breach and ensure the security of their customers’ data.

March 2023: TMX Finance Notifies 4.8 Million Customers of Data Breach

TMX Finance, operating under the brands TitleMax, TitleBucks, and InstaLoan, notified 4.8 million customers of a data breach in March. The breach exposed social security numbers, passport numbers, financial records, and other highly sensitive data. The incident occurred in early February, and TMX Finance is now facing a potential class-action lawsuit.

March 2023: Ransomware Group Claims to Have Amazon Ring Data

On March 13, a ransomware group called ALPHV claimed on the dark web that they had breached Ring, Amazon’s doorbell security company. However, Amazon stated that they had “no indications that Ring experienced a Ransomware event” and suggested that a third-party vendor may have been the target of the breach. While it is possible that ALPHV has data pertaining to Ring customers, additional evidence is needed to substantiate a data breach of Amazon Ring.

March 2023: AT&T Customer Data Exposed Following Attack on Vendor

In March, AT&T notified approximately 9 million customers that their data had been compromised following an attack on a third-party vendor. The exposed data, known as “Customer Proprietary Network Information,” includes information about customers’ wireless plans and payment amounts. AT&T clarified that sensitive personal or financial information was not exposed in the attack.

March 2023: Congress Members’ Data Exposed in DC Health Link Breach

On March 8, thousands of U.S. lawmakers and government employees were notified that their sensitive data may have been exposed in a breach of DC Health Link, a health insurance provider for Congress. The stolen data was subsequently posted for sale on Breached Forums. Capitol Police and the FBI are currently investigating the incident.

March 2023: Data on 7.5 Million Verizon Customers Exposed on Hacker Forum

In March 2023, records on over 7 million Verizon users were posted on Breached Forums, a popular hacker forum. The exposed data includes contract information, device information, encrypted customer IDs, and more. Fortunately, unencrypted personal data does not appear to have been included in the leak. Verizon stated that the issue originated from an outside vendor and was resolved in January 2023.

February 2023: U.S. Marshals Service Discloses Data Breach

On February 27, the U.S. Marshals Service discovered a data breach and ransomware attack that occurred on February 17. The breach exposed “returns from legal process, administrative information, and personally identifiable information” related to subjects of USMS investigations, third parties, and certain USMS employees. The investigation is ongoing, and the USMS is taking steps to mitigate the impact of the breach.

February 2023: Activision Data Breach Comes to Light

On February 21, Activision acknowledged that they had suffered a data breach in December 2022. The breach occurred when a hacker tricked an employee through an SMS phishing attack. The stolen data included email addresses, phone numbers, and salaries of Activision employees. Fortunately, the breach did not compromise source code or customer data. Activision’s delayed disclosure of the breach raises concerns about the company’s transparency and response to cybersecurity incidents.

February 2023: Pepsi Bottling Ventures Exposed in Malware Attack

Pepsi Bottling Ventures, the largest bottler of Pepsi in the United States, filed a security incident notice in February acknowledging a malware attack that occurred on December 23, 2022. The breach was discovered on January 10, 2023, and exposed personal information, such as social security numbers and login credentials. However, it is unclear whether this information pertains to customers or employees. PepsiCo, the parent company of Pepsi Bottling Ventures, does not appear to have been directly affected by the breach.

February 2023: 3.3 Million Patients Exposed in Heritage Provider Network Breach

In February, the California-based Heritage Provider Network disclosed a ransomware attack that occurred on December 1, potentially exposing sensitive data on over 3 million patients. The breached data includes social security numbers, driving licence numbers, medical records, and other highly sensitive information. This incident highlights the vulnerability of healthcare organisations to cyberattacks and the need for robust security measures.

January 2023: PeopleConnect Data on 20 Million Customers Posted to Hacker Forum

In January, data on over 20 million customers of PeopleConnect’s background check services, InstantCheckMate and TruthFinder, was publicly posted on a hacker forum. The stolen data includes email addresses, names, and usernames but does not appear to include passwords or other highly sensitive data. This incident serves as a reminder of the importance of securing personal information and of the potential risks associated with third-party service providers.

January 2023: T-Mobile Discloses Data Breach Affecting 37 Million Customers

On January 19, T-Mobile disclosed a data breach that affected 37 million customers. The breach resulted in the unauthorised access of a limited set of customer account data, including names, addresses, phone numbers, account numbers, and more. T-Mobile detected the breach on January 5, 2023, and promptly took steps to address the vulnerability. This incident highlights the ongoing challenges faced by organisations in protecting customer data from cyberattacks.

January 2023: Norton LifeLock Warns Customers of Credential Stuffing Attack

In mid-January, Norton LifeLock, a cybersecurity company, notified users of a credential stuffing attack that targeted their accounts. The attack involved unauthorised access to user accounts using stolen credentials obtained from other data breaches. Norton LifeLock promptly detected and mitigated the attack, but it serves as a reminder of the risks associated with reusing passwords across multiple accounts.

January 2023: Mailchimp Discloses Social Engineering Attack

On January 11, Mailchimp, an email marketing platform, detected a social engineering attack in which a hacker tricked an employee into giving away their account credentials. The attacker subsequently accessed 133 user accounts. Mailchimp promptly responded to the incident, shutting down the attack and notifying affected users. This incident highlights the importance of employee training and awareness in preventing social engineering attacks.

January 2023: Database of Over 200m Twitter Users Goes Public

In December 2022, a database containing information on over 200 million Twitter users began circulating amongst hackers and was subsequently published in full on BreachForums in January 2023. The exposed data includes email addresses, names, and usernames but does not appear to include passwords or other highly sensitive data. While Twitter has not confirmed the authenticity of the data, this incident raises concerns about the security of user information on social media platforms.

In conclusion, data breaches continue to pose a significant threat to individuals and organisations, with sensitive information frequently ending up on the dark web. The incidents outlined above highlight the need for robust cybersecurity measures, including strong passwords, regular software updates, employee training, and proactive monitoring for potential breaches. By staying informed about the latest data breaches and taking appropriate security measures, individuals and organisations can work towards mitigating the risks associated with cyberattacks and protecting their valuable data.