Executive Summary

The usernames and passwords of billions of users have been exposed online after a company, DarkBeam left an online database unprotected. It’s worth noting that all of the leaked email addresses and passwords in this database actually came from previous data breaches. It appears DarkBeam had been collecting this information to alert its customers in regards to future data breaches.

This comes as a number of major charities have been impacted by a cyber attack on in which the supply chain of About Loyalty, who work with a number of charities, had been breached. As a result, a significant amount of donor information had been exfiltrated.

What’s the risk to me or my business?

The leaked usernames and passwords can be used by threat actors as attempts to perform account compromise or to conduct phishing campaigns. Similarly, the donor information related to the charity attacks can be used to perform phishing attacks. In both cases, the confidentiality and integrity of data can be impacted.

What can I do?

As always, Black Arrow recommend users stay vigilant and scrutinise anything that comes into their inbox.

To find out if your email address or password has featured in a data breach, you can visit:

https://haveibeenpwned.com/

More information on the leaked passwords can be found here:

https://www.tomsguide.com/news/billions-of-usernames-and-passwords-leaked-online-how-to-see-if-youre-affected

More information on the charity breach can be found here:

https://www.thirdsector.co.uk/major-charities-affected-cyber-attack/digital/article/1838552

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity