Major Data Breach Uncovered, Trickbot Developer Sentenced, and Other Cybersecurity Events

We have compiled the most significant cybersecurity news of the week.

12 TB Data Leak from Popular Social Networks and Messengers Discovered

Researchers at Cybernews have uncovered the largest data leak in history from popular resources worldwide, dubbed the “Mother of All Breaches” (MOAB).

The Mother of All Breaches combines historic breaches and new material. In total, 26 billion records were revealed.
Learn more in ?⤵️#MOAB #cybersecurity #datasecurity #databreach #password pic.twitter.com/7uLcvh5CmO

— CyberNews (@CyberNews) January 26, 2024

In addition to information from past leaks, MOAB includes previously unpublished data. The 12 TB dataset contains 26 billion records in 3800 folders, each corresponding to a separate breach.

The affected services include:

• Chinese chat platform Tencent — 1.4 billion records;
• Weibo — 504 million;
• MySpace — 360 million;
• Twitter — 281 million;
• Music platform Deezer — 258 million;
• LinkedIn — 251 million;
• VK — 101 million;
• Telegram — 41 million and others.

Government organizations in various countries were also affected. 

Experts warned that the sensitive information contained in the dataset could be used for a wide range of attacks. They recommended users change all their passwords and check for specific data leaks using a special tool.

Trickbot Developer Sentenced to Five Years and Four Months in Prison

A U.S. court has sentenced Russian national Vladimir Dunaev, involved in the development of the Trickbot botnet, to five years and four months in prison. 

Since 2016, the malware has functioned as an infostealer and banking trojan, used to attack financial organizations, government agencies, private companies, and individuals.

Dunaev, also known by the alias FFX, was arrested in South Korea in September 2021 and later extradited to the U.S. After his arrest, he pleaded guilty to charges of conspiracy to commit computer and bank fraud, as well as identity theft.

Six of his accomplices are also involved in the case.

The activities of Trickbot, which caused tens of millions of dollars in damages, were halted in 2022.

LockBit Claims Data Theft from Subway

The hacker group LockBit has posted information about a breach of the Subway restaurant chain on its leak site, according to Cybernews.

The perpetrators claim to have downloaded the company’s internal system, amounting to hundreds of gigabytes of data, including the network’s finances, franchise payments, and branch turnovers.

The hackers have yet to present data samples, giving Subway’s administration until February 2 to pay the ransom.

The company is conducting an internal investigation.

Microsoft and Hewlett Packard Enterprise Accuse Russian Hackers of System Attacks

Microsoft identified the Russian group Midnight Blizzard as responsible for a recent attack on its corporate systems.

Preliminary investigations revealed that in late November 2023, hackers brute-forced access to an old test account. Through this, they infiltrated the email environment and compromised the mailboxes of company executives, legal department staff, and cybersecurity specialists.

Microsoft claims the hackers initially sought information about themselves in the emails. 

The incident was only discovered on January 12, 2024. The company assured that the client environment, production systems, and source code were not affected.

The second victim of Midnight Blizzard was Hewlett Packard Enterprise, from whose corporate email information about cybersecurity specialists and employees was also stolen. The hackers had been in the system since May 2023, but were only discovered on December 12.

Both companies continue their investigations.

Data of 15 Million Trello Users Up for Sale on Darknet

An unknown perpetrator used scraping the Trello API to link email addresses to over 15 million user profiles, reports Bleeping Computer.

The database is currently for sale on a hacker forum. It contains:

• First and last name;
• Email address;
• Username;
• Profile link.

The hacker noted that the public availability of the API allowed access without logging into a Trello account or using an authentication key. IP access restrictions were bypassed using proxies. 

Trello confirmed the abuse and stated that only registered users will now be able to access the API. 

Nevertheless, the obtained information could be used in phishing campaigns impersonating Trello to steal more sensitive information, including passwords.

Russian Lawmakers Pass Bill “Against Journalistic Investigations” in First Reading

The Russian State Duma has passed in the first reading a package of bills tightening liability for data leaks. The documents include a direct ban on working with databases often used by investigative journalists. 

Officials could face fines of up to 2 million rubles for leaking personal information of citizens, and legal entities up to 15 million. The fines vary depending on the scale of the incident.

Criminal liability is also introduced for the use, transfer, collection, and storage of personal data obtained illegally, and for creating information resources that distribute such data. The maximum prison term is up to 10 years. 

Fraudsters Turn to Voice Deepfakes for Money Scams

Since the beginning of 2024, there has been an increase in the use of audio deepfakes in Russia, according to F.A.C.C.T. specialists. 

Fraudsters create a fake account of an organization’s leader using photos from official websites or social media. They then use artificial intelligence to mimic the leader’s voice in chats with subordinates.

The goal is to gain trust and persuade an employee, such as the company’s chief accountant, to make payments to the criminals’ accounts.

Also on ForkLog:

• A hacker breached the X account of Algorand’s CEO to criticize the project.
• Researchers discovered a critical vulnerability in Bitcoin ATMs.
• A former Orbit Bridge employee is suspected of aiding an $80 million attack.
• North Korean hackers’ attacks on the crypto market have become less profitable.
• “Privacy is not a crime”: Tornado Cash developers have started a fundraising campaign.
• macOS malware was found installing infected Bitcoin wallets.
• Phishing of crypto firm clients through a hacked email service netted hackers $600,000.
• Socket recovered 1032 ETH after a security incident.
• EigenLayer to offer applications a “shared security” mechanism.
• The SEC explained the reason for the X account hack.
• Report: Losses from hacks in the BNB Chain network decreased by 85%.
• Nethermind fixed a critical bug in the Ethereum client.
• Hackers accessed data of 66,000 Trezor users.
• Experts uncovered an automated scam scheme worth $32 million.

What to Read Over the Weekend?

Exchange OKX revealed how it stores and protects users’ bitcoins.