FBI finds al Qaeda link after breaking encryption on Pensacola attacker's iPhone

Washington (CNN)The Saudi military trainee who killed three US sailors and wounded several others in a terror attack last year on a military base in Pensacola, Florida, was in touch with a suspected al Qaeda operative, according to multiple US officials briefed on the matter.
US investigators uncovered the al Qaeda connection after the FBI broke through the encryption protecting the Saudi attacker's iPhones, the officials said. Attorney General William Barr and the FBI are expected to announce the finding Monday in a news conference.

Mohammed Alshamrani, a member of the Royal Saudi Air Force who had been training at Naval Air Station Pensacola, was killed by law enforcement during the attack.

A breakthrough on the shooter's phone encryption for now temporarily disarms a standoff between the Justice Department and Apple over national security and the limits of encryption and privacy. The government has complained in recent years that stronger encryption, without the ability of law enforcement to get court-ordered access to data, endangers the public.
If Alshamrani was directed or trained by al Qaeda, it would mark the first time since 9/11 that a foreign terrorist organization had done so in a deadly attack in the US, according to New America, a think tank.

The Justice Department has previously called the attack an act of terrorism that was motivated by "jihadist ideology." Alshamrani had made anti-American, anti-Israel and jihadi posts on social media, including one on the September 11 anniversary, that stated "the countdown has begun," and another two hours before the attack that referenced the words of an al Qaeda cleric.

👉🏼 Read more:
https://edition.cnn.com/2020/05/18/politics/pensacola-shooting-al-qaeda/index.html

#usa #fbi #iphone #apple #pensacola #shooting #qaeda
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Now Google wants you to control devices with your hoodie

Everything can be smarter, and fashion is no exception.

In the quest to make computers ever-more pervasive, and invisible, Google's AI research team has now unveiled a new way to weave technology directly into our garments. The so-called "e-textile" concept could let users control electronic devices through a flick or a twist of their hoodie strings.

The team's work focused on cords, specifically because strings are a popular fashion staple but also constitute an intuitive way to control consumer devices. The smart cord developed by the researchers can recognize six types of operation: twisting, flicking, sliding, pinching, grabbing and patting. There is a bonus: because users can perform some of these gestures, such as flicking, at different speeds and in different directions, there is actually an even greater variety of actions that the technology can respond to.

👉🏼 Enabling E-Textile Microinteractions: Gestures and Light through Helical Structures:
https://ai.googleblog.com/2020/05/enabling-e-textile-microinteractions.html

👉🏼 Read more:
https://www.zdnet.com/article/now-google-wants-you-to-control-devices-with-your-hoodie/

#google #DeleteGoogle #smart #devices #fashion #hoodie #etextile #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Ukraine Nabs Suspect in 773M Password ‘Megabreach’

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches. Earlier today, authorities in Ukraine said they’d apprehended a suspect in the case.

The Security Service of Ukraine (SBU) on Tuesday announced the detention of a hacker known as Sanix (a.k.a. “Sanixer“) from the Ivano-Frankivsk region of the country. The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Sanix became famous last year for posting to hacker forums that he was selling the 87GB password dump, labeled “Collection #1.” Shortly after his sale was first detailed by Troy Hunt, who operates the HaveIBeenPwned breach notification service, KrebsOnSecurity contacted Sanix to find out what all the fuss was about. From that story: https://krebsonsecurity.com/2019/01/773m-password-megabreach-is-years-old/

👉🏼 Read more:
https://krebsonsecurity.com/2020/05/ukraine-nabs-suspect-in-773m-password-megabreach/

#password #breach #ukraine
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Contact tracing in Europe, cell-tower vandalism in the US, and a look at the Dark Web.

Contact tracing and privacy in France.
France is proceeding with its centralized approach to COVID-19 contact tracing, ZDNet reports. Authorities maintain that this is being done with due regard for preserving users' privacy. The government is particularly interested in the utility the system, StopCOVID, might have in containing a recurrence of the virus. Earlier this month Medium offered a summary of the app's development, including its goals and prospects.

COVID-19 virus scams and other pandemic curiosa on the Dark Web.
Researchers at Trustwave's SpiderLabs describe the various pandemic-related scams they're finding on the Dark Web, and note some of the underworld reaction to them. They do note that the criminals follow the news (like everyone else), swap advice about staying healthy, express concerns about the consequences of the pandemic for their own enterprises, etc.—in short an inverted version of the kind of chatter one sees in legitimate channels.

But the more interesting material reveals the deliberations and plans that directly shape the criminal enterprises themselves. For example, there's chatter about demand for masks, and whether that presents an opportunity for various forms of illicit trade. Masks and other medical supplies are being offered for sale in online souks that normally hawk contraband. Those same markets also offer patently bogus nostrums, most prominently COVID-19 vaccines, which of course don't exist. Accompanying the offers are an array of bogus stories alluding to widespread cover-ups and misinformation by various authorities.

The underground markets are themselves feeling some of the pain legitimate markets are experiencing. They warn their customers that they may expect service disruptions, and they shed virtual crocodile tears over the health risks vulnerable customers (like drug abusers) face during the pandemic. And some of the subsectors of the criminal-to-criminal market seem to be feeling considerable pain. Carding in particular appears to be experiencing a rough patch. Why this is happening is unclear, and seems to call for explanation. Perhaps with the general slowing of economic activity there's been a reduction in available inventory, and with the relative scarcity of new stolen numbers, carders are recycling their wares in the souks. Criminals who have access to new stolen cards are reserving them for their own use.

👉🏼 Read more:
https://thecyberwire.com/stories/86aed89f49e94372a3e7bb56962bc664/contact-tracing-in-europe-cell-tower-vandalism-in-the-us-and-a-look-at-the-dark-web

#coronavirus #traking #tracing #eu #france #celltower #vandalism #usa #darkweb
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Goodbye Big Five

Reporter Kashmir Hill spent six weeks blocking Amazon, Facebook, Google, Microsoft, and Apple from getting her money, data, and attention, using a custom-built VPN. Here’s what happened.

I am on a mission to live without the tech giants—to discover whether such a thing is even possible. Not just through sheer willpower but technologically, with the use of a custom-built tool that would literally prevent my devices from accessing these companies, and them from accessing me and my data.

👉🏼 📺 Week 1: Amazon
https://t.iss.one/NoGoolag/764

👉🏼 📺 Week 2: Facebook
https://t.iss.one/NoGoolag/766

👉🏼 📺 Week 3: Google
https://t.iss.one/NoGoolag/767

👉🏼 📺 Week 4: Microsoft
https://t.iss.one/NoGoolag/794

👉🏼 📺 Week 5: Apple
https://t.iss.one/NoGoolag/795

👉🏼 📺 Week 6: Blocking them all
https://t.iss.one/NoGoolag/812

#BigFive #delete #facebook #google #microsoft #apple #amazon #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

ADT worker accused of using app to spy on hundreds of people, including children, over 7 years

Two Texas women are suing ADT Security Services in a pair of federal lawsuits over a breach that allowed an employee for the security giant to allegedly view footage from indoor security cameras installed in hundreds of homes over several years.

The proposed class-action lawsuits were filed in U.S. District Court in Fort Lauderdale, Fla., on behalf of hundreds of ADT clients possibly victimized the employee, identified as Telesforo Aviles, who allegedly had access to more than 200 ADT Pulse accounts over a seven-year period.

"This privacy breach occurred because ADT did not follow the most basic security procedures," a news release from the Dallas-based Fears Nachawati Law Firm said.

The loophole was discovered when a customer found an unauthorized email among the addresses given permission to access their security system. The Boca Raton, Fla.,-based company notified customers of the security lapse and tried paying them off in exchange for their silence, the lawsuits said.

👉🏼 Read more:
https://www.foxnews.com/us/adt-worker-accused-of-using-app-to-spy-on-hundreds-of-people-including-children-over-7-years

#adt #spy #app #breach #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Because privacy matters ‼️

Secure Messaging Apps Comparison:
https://www.securemessagingapps.com/

#security #privacy #messaging #apps #comparison
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Open Source Guides

Open source software is made by people just like you. Learn how to launch and grow your project.

Open Source Guides are a collection of resources for individuals, communities, and companies who want to learn how to run and contribute to an open source project.

👉🏼 Read more:
https://opensource.guide/


https://github.com/github/opensource.guide#readme

#OpenSource #software #guide
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

‘App Watch’ Allows Operators to Monitor and Ban Piracy Apps on Android Set-Top Boxes

Irdeto is mostly known for its 'Denuvo' anti-piracy tool, which protects many high profile games. However, the digital security company operates a broad suite of anti-piracy tools. This includes "App Watch," a service that allows content providers to monitor and restrict the use of pirate apps on their Android-based set-top boxes.

Many content providers and networks have their own set-top boxes that can be connected to any modern TV.

These devices are often running on Android and sometimes allow users to install third-party apps, via Google’s Play store, for example.

This opens the door to a wide range of other apps which can be problematic, especially when they offer a gateway to pirated content that directly competes with the operator’s service.

To address this potential threat, digital security company Irdeto is offering an ‘App Watch’ service. This is part of the company’s broad range of piracy tools and services which also includes the game anti-tamper software Denuvo, which recently expanded with an anti-cheat service.

App Watch is targeted at providers of streaming services who have their own set-top boxes. It’s meant to safeguard these companies against abuse and prevent consumers from using their boxes as piracy tools.

“The problem with giving consumers choice is that they may get distracted from your services, on your platform,” Irdeto writes, pointing out the worst-case scenario.

👉🏼 Read more:
https://torrentfreak.com/app-watch-allows-operators-to-monitor-and-ban-piracy-apps-on-android-set-top-boxes-200523/

#AppWatch #piracy #apps #android #SetTopBox #safeguard
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The entire database is being sold for $30,000 on a hacker forum.

Last month a hacker was selling 267 million Facebook user data on a dark web marketplace. Now, a hacker or call them a threat actor is claiming to have access to a database with 500 million Facebook user data from 82 countries.

What’s worse is that the data is currently being sold on an infamous hacking forum, Hackread.com has learned.

As seen on the forum, the hacker has been offering the treasure trove of data since May 15th, 2020 and includes personal information such as,

Names
Gender
location
City name
Surnames
Actual job
Marital status
Mobile number
Email addresses
Facebook profile links

Furthermore, the hacker has divided the price of the data into three parts, for instance, $1500 per million, $450 per 100,000, and $30,000 for 500 million for the entire database. The listing also states that the information in the database was stolen between November 2019 to May 2020.

👉🏼 Read more:
https://www.hackread.com/hacker-selling-500-million-facebook-user-data/

https://www.hackread.com/hacker-forum-sell-267-million-facebook-records/

#hacker #hacked #breach #facebook #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

‼️ Last call for your questions to StartPage.com‼️

Deadline for questions to StartPage.com runs until 1 June!

Please keep in mind: Ask your questions in a consistently constructive manner! With hostility or the like we will not get anywhere. Either way, the deadline will expire on 1.6.2020. Unfortunately we cannot accept any further questions after that date.

We hope for a lively participation in this exciting topic !!

👉🏼 Please ask your questions in one of the following TG-Groups:

@BlackBox▪️Security

@NoGoolag

@Tarnkappe_info or @ the Tarnkappe-Forum

❗️please mark your questions with #startpage

Read more 🇩🇪:
https://tarnkappe.info/die-suchmaschine-startpage-com-im-interview-bitte-fragen-einreichen/

Background info 👇🏼
Startpage sold to System1 👀

💡 https://www.startpage.com/blog/company-updates/startpage-and-privacy-one-group/

💡 https://www.kuketz-blog.de/ist-die-suchmaschine-startpage-noch-empfehlenswert/

💡 https://tarnkappe.info/startpage-verkauft-firmen-anteile-an-system1-llc/

📺 https://www.youtube.com/watch?v=aAwtQvt1P_c

#startpage #interview #system1
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Gates Foundation Buys Up Amazon, Apple, Twitter Stock; Trims Berkshire Hathaway Stake

The Bill & Melinda Gates Foundation Trust has built up new positions in tech giants Amazon.com Inc. (AMZN), Apple Inc. (AAPL) and Twitter (TWTR) in the first quarter of the year, while trimming its investment in Warren Buffett’s Berkshire Hathaway.

In the first three months of the year, the Gates Foundation Trust bought up 501,044 in Apple shares, according to a SEC filing. The iPhone maker’s stock, which dropped 15% in the first quarter, has since been on a recovery path, appreciating some 25% to trade at $318.89 as of Friday’s close. Given the recent rally, the $318.93 average price target by analysts indicates shares are fully priced (See Apple stock analysis on TipRanks).

Microsoft founder Bill Gates and his wife established the world’s largest private foundation back in 2000. The foundation holds over $40 billion in assets.

The trust also built up new positions in Twitter, which has soared 48% in the past two months, by purchasing 272,420 shares. In e-commerce giant Amazon it acquired 60,460 shares. It also bought 552,383 shares of Alibaba.

👉🏼 Read more:
https://www.smarteranalyst.com/yahoo/gates-foundation-buys-up-amazon-apple-twitter-stock-trims-berkshire-hathaway-stake/

#BillGates #GatesFoundation #amazon #apple #twitter #berkshire #hathaway #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Facebook's new App Catchup is designed to make calls easier - For each contact it shows whether the person has time to make a call.

Facebook is testing a new app in the USA that only offers audio calls. Catchup was developed by Facebook's New Product Experimentation Team, NPE for short. The team regularly tests experimental apps. With Catchup, group and individual calls can be started with just a few clicks.

https://techcrunch.com/2020/05/26/facebook-launches-catchup-an-audio-only-group-calling-app-that-shows-whos-ready-to-chat-now

https://t3n.de/news/app-experiment-facebook-catchup-1284532/

#DeleteFacebook #Catchup #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Silk-Road - Casefile True Crime (part 1 - 3)

Pennsylvania State University student Ross Ulbricht had been fascinated with mathematics and science from a young age. During his college years, he developed a new fascination with libertarianism, a political philosophy that values individual freedom above all else. For Ross, this became more of an interest – it became a way of life.

Combining his libertarianism beliefs with his interest in computers, Ross came up with the idea to create a free trade, an untraceable online market that operated outside of government regulations. His vision soon became a reality, and The Silk Road was born.

👉🏼 🎧 Silk Road Part 1
https://t.iss.one/BlackBox_Archiv/212

👉🏼 🎧 Silk Road Part 2
https://t.iss.one/BlackBox_Archiv/213

👉🏼 🎧 Silk Road Part 3
https://t.iss.one/BlackBox_Archiv/214

Nob and the Dread Pirate Roberts started to communicate regularly. The Dread Pirate Roberts had no idea he was really speaking to a DEA agent. And the DEA agent had no idea about the true identity of the Dread Pirate Roberts.

#SilkRoad #darknet #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag

Hacking Team Founder: ‘Hacking Team is Dead’

The founder and former CEO of the infamous surveillance technology company Hacking Team wrote a bizarre obituary for his old company on its official LinkedIn account.

David Vincenzetti posted a short message saying “Hacking Team is dead” on Tuesday, more than a year after the Italian company was acquired by another cybersecurity firm and rebranded as Memento Labs. As Motherboard reported earlier this year, Memento Labs is struggling to take off after several key Hacking Team employees have left, slowing down the development of new products that it would need to compete with companies such as NSO Group.

https://www.thinkingport.com/2020/05/26/news-94365/

https://t3n.de/news/spionagesoftware-hacking-team-tot-1284946

#HackingTeam #MementoLabs #nso #finfisher #surveillance #cybersecurity #Vincenzetti
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Top EU data protection agency under pressure to act against Internet giants as GDPR turns 2 years old

A few weeks ago, this blog noted that there were questions hanging over the GDPR, not least the fact that no major fines had been issued against top Internet companies. The GDPR has just passed the two-year mark, and many have taken the opportunity to weigh in on this issue. For example, the data protection agency in Ireland, which would be responsible for issuing fines against the main online players, has just written a post on its GDPR enforcement plans. It says that the country’s Data Protection Commissioner (DPC) has submitted a draft decision about a Twitter data breach to the other data protection authorities in the EU, as it is required to do under the GDPR. This means a public statement on the case should follow fairly soon.

Perhaps more interesting are some other cases involving well-known Internet names. One concerns WhatsApp, and how information about its users is shared with Facebook, which bought WhatsApp for $19 billion in 2014. Three others are cases brought by the privacy expert Max Schrems, discussed on this blog two years ago. Schrems says that top Internet services like Facebook, WhatsApp and Instagram are guilty of “forced consent”. This is the practice of offering two basic choices to users of an online service: agree to be tracked for the purposes of serving up ads, or be thrown off the service. It’s a crucially important issue, since many Web sites adopt the same approach. If the DPC rules against it, the impact on the digital sector in the EU would be huge.

👉🏼 Read more:
https://www.privateinternetaccess.com/blog/top-eu-data-protection-agency-under-pressure-to-act-against-internet-giants-as-gdpr-turns-2-years-old/

#eu #GDPR #DPC #data #protection
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Data offered in Darknet: Austrian Federal Office for the Protection of the Constitution investigates

In Darknet, data of Austrian citizens have been offered. Investigations are currently leading to the Broadcasting Fees Office.

Data of Austrians have been offered in the Darknet. Now the Office for the Protection of the Constitution and the Federal Criminal Police Office are investigating. There is a suspicion of data theft at the Gebühren-Info-Service (GIS), a subsidiary of the ORF, which is responsible for collecting and processing broadcasting fees.

Initially it was still said that the data was allegedly from an attack on the Ministry of the Interior. The Ministry immediately denied that there had been any unauthorised access to the Central Register of Residents. However, the GIS is supposed to be able to retrieve data from the Central Register of Residents.

Screenshot of the offer on Twitter
In concrete terms, the offer, which the politician Douglas Hoyes of the liberal Neos Party published on Twitter with a screenshot, states that addresses, telephone numbers and bank details of politicians, police officers, civil servants and journalists are offered. The composition of the data now points to GIS, the daily Der Standard quotes the Austrian press agency APA as saying

"As it became known today, it is likely that large amounts of data have been stolen, although it cannot be ruled out that this data originates from the sphere of influence of the GIS." The managing director of GIS, Harald Kräuter, also explains that the company's own data protection experts assured that there had been no omissions on the part of GIS. In February there had been an ISO certification of the IT systems.

Read more 🇩🇪:
https://www.heise.de/news/Daten-im-Darknet-angeboten-Oesterreichischer-Verfassungsschutz-ermittelt-4766505.html

https://apps.derstandard.at/privacywall/story/2000117738719/verdacht-auf-datendiebstahl-bei-gis

#austria #federaloffice #breach #GIS #ORF #darknet
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Trump threatens to shut down Facebook, Twitter and all social networks

Donald Trump should sign a decree this Thursday modifying a law that previously protected social media operators from liability for content posted by their users.

The move follows threats from the President to regulate or shut down social networks accused of trying to stifle conservative voices. This comes after Twitter posted a warning to urge users to check the veracity of Donald Trump’s messages.

The current White House tenant, who is running for a second term in November, considers this warning to be interference in the presidential election to which he will be opposed to Democrat Joe Biden.

The draft decree, confirmed by a source close to the situation, could still be modified before it was signed. Representatives of the White House said on Wednesday that Donald Trump will sign a decree on social media operators this Thursday.

👉🏼 Read more:
https://www.gizchina.com/2020/05/28/trump-threatens-to-shut-down-facebook-twitter-and-all-social-networks/

#usa #trump #ToddlerTrump #twitter #socialmedia #shutdown #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Lockdown your linux install. The simple zero config linux hardening script

💡Read more 💡
https://github.com/x08d/lockdown.sh/blob/master/lockdown.sh

‼️ use at your own risk, as it can lead to system crashes for noobies.. ‼️

#lockdown #linux #hardening #recommendation #tip
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites

It's one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It's, however, an entirely different thing to leave a digital trail that leads cybersecurity researchers right to their doorsteps.

That's exactly what happened in the case of a #hacktivist under the name of #VandaTheGod, who has been attributed to a series of #attacks on #government #websites since July 2019.

In a report shared with The Hacker News, #researchers from #CheckPoint said they were able to map VandaTheGod's activity over the years, and eventually zero down the attacker's real identity to a #Brazilian individual from the city of Uberlândia.

👉🏼 Read more:
https://thehackernews.com/2020/05/brazilian-hacker-vandathegod.html

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Report: Indian e-Payments App Exposes Millions of Users in Massive Data Breach

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a massive amount of incredibly sensitive financial data connected to India’s mobile payment app BHIM that was exposed to the public.

The website was being used in a campaign to sign large numbers of users and business merchants to the app from communities across India. All related data from this campaign was being stored on a misconfigured Amazon Web Services S3 bucket and was publicly accessible.

The scale of the exposed data is extraordinary, affecting millions of people all over India and exposing them to potentially devastating fraud, theft, and attack from hackers and cybercriminals.

👀 Data Breach Summary 👀

Company/Website: https://cscbhim.in/
Located: India
Industry: Mobile banking; e-payments; personal finance
Size of data in gigabytes: 409 GB
Suspected no. of records: ~7.26 million
No. of people exposed: Millions
Geographical scope: Nationwide across India
Types of data exposed: PII data
Potential impact: Identity theft, fraud, theft, viral attacks
Data storage format: AWS S3 bucket

👉🏼 Read more:
https://www.vpnmentor.com/blog/report-csc-bhim-leak/

#BHIM #india #data #brach #leak #epayment #app
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN