Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Seller Floods Forums With Stolen Data

A data breach broker is selling databases containing user information from 14 different companies that were claimed to have been breached in 2020. When companies are breached, threat actors will typically download accessible databases, including user account records, which are then sold to other threat actors directly or via a data breach broker. Over the past month, a known and reputable data breach broker has been selling several databases on hacker forums that they claimed were acquired in 2020. Each of the 14 databases being sold contains different information, but they all include usernames and hashed passwords. The databases for sale contain information from companies providing services such as game sites, food delivery services, soccer streaming, online fashion, and loans. These breached databases are being sold from $100 to $1100. The companies that were allegedly breached are DarkThrone, Efun, Fluke, Footers, HomeChef, James Delivery, KitchHike, KreditPlus, Minted, Playwings, Revelo, Tokopedia, Yotepresto, and Zoosk. The samples appear to be legitimate, according to BleepingComputer, and are a serious concern because they contain a combined total of 132,957,579 user records that can be used for credential stuffing attacks.

Analyst Notes

Unfortunately, breaches like these are becoming all too common. Anyone who has an account at any of the services listed above should change their password on that site and any other site that uses the same password. If a work email address was used to create an account on any of these sites with the same or similar password that can be used to remotely log on to work computers, that password should be changed immediately. Attackers often use stolen databases of passwords from third-party breaches to perform “password stuffing” attacks against companies. One method of protecting oneself is to use passwords that are unique to the login and increasingly complex through the use of numbers, uppercase and lowercase letters and special characters. To help with organizing all the different passwords there are a multitude of password managers available that organize and protect credentials. It is suggested that the password manager only keeps your data locally. This way if the company that supports the program is breached, your data will not be included in the breach. Binary Defense provides Counterintelligence services for clients that includes monitoring third-party data breaches and notification of employee accounts involved, so that passwords can be reset quickly after a compromise.

To read more: