The last few days has been epic to say the least, lack of sleep, hours of processing and normal 8hrs a day shift work as well. Anyway moving to what we are all looking for which is a full detailed analyst into the recent leak of information from 62 different sites which has been dubbed #Projectblackstar and was carried out by hackers from @TeamGhostShell. As most know the leaked data was posted in the form of a index on various public pastebin sites which had well over 200 links to partial leaked data that came from 62 websites that are mainly from Russian but also from turkey, Italy, Ukraine. Almost all of the attacked websites have resulted in leaked account data that contains emails and passwords which total 148,449 found emails. Aw well as the leaked emails some of the data leaked contains visitation logs from websites such as metaprom.ru and others. It also does contain a heap of accounts with just usernames and passwords as well as other personal or account related information.
Break down of leak data
As stated above the leaked data does not all contain critical information, in fact a lot of it is just database layouts and basic user credentials but the size of this when put together is huge. The largest breaches from Projectblackstar come from https://www.corp-gov.ru coming in with 64,885 found emails, next up is https://rabota-izhevsk.info with 60,000. The 2nd lot of largest sites are in the 10-20k leaked accounts and those are https://ec-univer.ru with 14,683 accounts found, https://medical.ru 13,750 accounts found and finally https://www.psi-energo.ru with 12,836 accounts found. Most of the other sites that had breaches only range from 1-10,000 accounts but more so down to the 5000 mark. encryption appears to be used across pretty much all the databases. Out of the 62 sites leaked 24 contain very minor data, no emails or relevant account credentials. Also i noticed some sites stating that 2.5 million russian government accounts had been leaked in this breach. I am yet to find that but there is a lot of government based service sites and education based sites that have been affected in this breach.