Leaks, leaks, leaks….

Posted on by Dissent

A small roundup of leak or breach reports from various sources and places in the world…

Pakistan

Bykea, a Pakistani vehicle-for-hire and parcel delivery company was found leaking its production server with more than 200GB of data containing more than 400 million records.  Exposed customer PII included names, phone numbers, and email addresses, while Bykea drivers’ PII included names, phone numbers, addresses, CNIC (Computerized National Identity Card), driver’s license numbers with issuing city and expiration dates, and body temperature. Read more on SafetyDetectives.

Iran

Bob Diachenko tweeted that an Iranian entity, Raychat, leaked its entire database (267M+ accounts with names, emails, passwords, metadata, encrypted chats). The DB was subsequently destroyed by a bot attack.

In a follow-up tweet, Bob explained that there were multiple accounts for many users, plus a lot of bot accounts:

India

CloudSEK reports that they found a post advertising a police exam database exposing 500K Indian citizens’ PII. Their “discoveries” are basically searching sites like RaidForum to find posts offering data that may relate to previously unpublicized leaks or hacks. That aside, there’s a legitimate question as to where these data came from, who was responsible for the database, and whether they even knew there was a leak or breach. CloudSEK’s analysis of the sample data provided suggests to them that “the common denominators of a significant amount of the sample data are Bihar (“wedistrict”) and 22 December 2019 (“wedate”). This points to the candidates of the preliminary examination conducted by Bihar Police Subordinate Services Commission (BPSSC) for the post of Sub Inspector/ Sergeant/ Assistant Superintendent Jail / Assistant Superintendent Jail, on 22 December 2019.” They do not mention whether they reached out to the BPSSC to confirm their guess.

Category: Breach Incidents