The unattributable “db8151dd” data breach

309 点作者 iDemonix将近 5 年前

23 条评论

Dataset for sale: [redacted]Similar data structure: <a href="https://stackblitz.com/edit/angular-soswe4?file=src%2Fapp%2Fapp.component.ts" rel="nofollow">https://stackblitz.com/edit/angular-soswe4?file=src%2Fapp%2F...</a>Owner works for: <a href="https://covve.com" rel="nofollow">https://covve.com</a>Covve: This simple yet state-of-the-art app will revolutionise your business relations like you've never seen.Edit: Response: <a href="https://twitter.com/covve/status/1261287954967941120" rel="nofollow">https://twitter.com/covve/status/1261287954967941120</a>

评论 #23200810 未加载

评论 #23192662 未加载

评论 #23192633 未加载

评论 #23191419 未加载

评论 #23191539 未加载

评论 #23197390 未加载

alexproto将近 5 年前

Hi all, Alex here, CTO at Covve. Just got alerted of incident db8151dd in . We’re investigating as top priority with our security experts what relation this may have with Covve. We are monitoring the feedback in this blog and would really appreciate any additional information you may have on this as we investigate (alex@covve.com).

评论 #23193517 未加载

评论 #23193875 未加载

评论 #23193511 未加载

评论 #23193588 未加载

评论 #23210332 未加载

评论 #23194369 未加载

xenophonf将近 5 年前

Troy's fighting the good fight, but it's so freaking depressing. If he has hundreds of millions of records worth of personal data from just the breaches that have been shared with him, what _else_ is out there in the hands of criminals and corporations, neither of which have the public interest at heart—only naked self interest in exploiting members of the public for as much money as they can get?

评论 #23196123 未加载

评论 #23193528 未加载

Nextgrid将近 5 年前

For the people that use unique per-merchant e-mail addresses (like someone+amazon@...), could you try some of those aliases on HaveIBeenPwned and see which ones come up in this breach? That might shed some light onto its origin.

评论 #23190319 未加载

评论 #23190491 未加载

评论 #23192369 未加载

评论 #23190274 未加载

评论 #23190547 未加载

评论 #23190472 未加载

评论 #23191135 未加载

评论 #23190253 未加载

评论 #23191037 未加载

评论 #23198573 未加载

评论 #23190769 未加载

评论 #23197284 未加载

评论 #23191320 未加载

评论 #23191031 未加载

评论 #23191324 未加载

评论 #23191775 未加载

dgellow将近 5 年前

> Why load it at all? Because every single time I ask about whether I should add data from an unattributable source, the answer is an overwhelming "yes"To be fair, you’re asking your followers on twitter. That’s as biased as you can have, I would be really surprised if the majority would say no.

评论 #23193772 未加载

评论 #23192033 未加载

numpad0将近 5 年前

Could it be Google+? 3 of 3 my Gmail addresses associated with their profile in some way were on it. Two of it I might have used to register a domain, but the last one I used for G+ and one other website only and none of any friends know this. Also I'm not in US or have US background, can't be from American friends' phones or retailer CRM.

评论 #23192012 未加载

评论 #23191304 未加载

londons_explore将近 5 年前

> Recommended by Andie [redacted last name]. Arranged for carpenter apprentice Devon [redacted last name] to replace bathroom vanity top at [redacted street address], Vancouver, on 02 October 2007.Given that, surely Troy can contact those people and ask "who knew this info?". Not many people would know who replaced my bathroom vanity top...

评论 #23190429 未加载

typpo将近 5 年前

I use a unique email on my personal domain for everything I sign up for.The email contained in this breach is the one I provided to Facebook. It was probably hacked or sold from one of the handful of apps I've connected with FB over the years.

secfirstmd将近 5 年前

One of my emails is currently on:"Pwned on 19 breached sites and found 5 pastes.If this is public breaches, I would guess in reality I can probably assume it's on double/triple that for sites that have been breached but the data hasn't been posted online.

wincent将近 5 年前

I don't really get the utility of HIBP. The answer to the "have I been pawned?" question is, of course, yes, multiple times. I think about the only way to keep your email out of the hands of the bad guys is to not use it or give it to anyone ever, at which point you don't need an email address.What am I supposed to do whenever I'm involved in a new breach? Burn all my accounts and start again?

评论 #23192545 未加载

评论 #23190932 未加载

评论 #23193590 未加载

评论 #23203964 未加载

评论 #23192161 未加载

评论 #23192214 未加载

评论 #23191986 未加载

评论 #23213896 未加载

polote将近 5 年前

After how many breach of ES clusters, Elastic will decide to make their db not accessible from external IP by default ?

评论 #23195203 未加载

r1ch将近 5 年前

Is this dump online anywhere? I got the notification from HIBP but it only tells me my email address appeared and I'm curious how accurate the rest of the data is.

评论 #23190321 未加载

评论 #23190264 未加载

guessmyname将近 5 年前

> Email addresses, Job titles, Names, Phone numbers, Physical addresses, Social media profilesI just got the email notification from HIBP (Have I Been Pwned) a few minutes ago [1], but I am not worried about the compromised data because 1) my personal email address, job title and phone number are all visible in my resume which is publicly available in my website, I actually encourage people —mostly tech recruiters— to download the PDF and contact me via email or phone all the time and 2) my physical address is irrelevant because I have been moving houses every year for the last seven (7) years (even across countries a couple of times. All the social media accounts I have are completely empty, I just keep them around to get a hold on to my nickname.I recently found, in my website’s HTTP logs, several requests from a web crawler controlled by ZoomInfo [3] an American subscription-based software as a service (SaaS) company that sells access to its database of information about business people and companies to sales, marketing and recruiting professionals. I was going to configure my firewall to block these requests but then I remembered —hey! my website only has information I am comfortable sharing, so it doesn’t matter— but I’ve been thinking it is just a matter of time before someone hacks one of their systems and leaks their database.In my previous-previous job I found a fairly simple (persistent) XSS vulnerability in BambooHR that allowed non-authorized users to access data from all employees registered in the website including Social Security Numbers (SSN). I told my boss and we immediately edited everything before migrating to a different system. We never knew if BambooHR fixed the vulnerabilities and I wouldn’t be surprised if the data was leaked before or after I found the security hole.Software security is such a Whac-A-Mole game, even if you get the budget to conduct security audits on your code, there is always going to be a weak link somewhere in the chain and that will be your doom. This is one of the many reasons why I left that job as a Security Engineer, the other reasons were Meltdown [3] and Spectre [4] they both made me realize I was fighting for a lost cause.[1] <a href="https://haveibeenpwned.com/NotifyMe" rel="nofollow">https://haveibeenpwned.com/NotifyMe</a>[2] <a href="https://en.wikipedia.org/wiki/ZoomInfo" rel="nofollow">https://en.wikipedia.org/wiki/ZoomInfo</a>[3] <a href="https://en.wikipedia.org/wiki/Meltdown_%28security_vulnerability%29" rel="nofollow">https://en.wikipedia.org/wiki/Meltdown_%28security_vulnerabi...</a>[4] <a href="https://en.wikipedia.org/wiki/Spectre_%28security_vulnerability%29" rel="nofollow">https://en.wikipedia.org/wiki/Spectre_%28security_vulnerabil...</a>

评论 #23190611 未加载

评论 #23198686 未加载

评论 #23190540 未加载

throwaway834792将近 5 年前

Based on a large (over 50 results) domain search for a company I work for, the data I found was very old, circa 2014.I know this because almost everyone in the domain search stopped working for the company on or after 2014. Everyone else has worked at the company since 2013 or earlier.

评论 #23193411 未加载

评论 #23196649 未加载

评论 #23192525 未加载

tru3_power将近 5 年前

I did some quick searching for the dataformat included in the snippets from the article. Lots of repos with stored secrets that match:<a href="https://github.com/acalvoa/SRID_CHANGER/blob/da367e68433b3fd8a3a04e679e3d74b45bc051e3/src/de/micromata/opengis/kml/v_2_2_0/xal/AdministrativeArea.java" rel="nofollow">https://github.com/acalvoa/SRID_CHANGER/blob/da367e68433b3fd...</a>Stored secret:<a href="https://github.com/acalvoa/SRID_CHANGER/blob/master/config.properties" rel="nofollow">https://github.com/acalvoa/SRID_CHANGER/blob/master/config.p...</a>Will look more into this later

评论 #23200864 未加载

killswitched将近 5 年前

Some emails that turned up on my end: Dr. Dobbs and New Relic, although the leaks occurred from parties to whom these sites had provided my data, including at least unique email addresses.

forgotmypw23将近 5 年前

The first thing that comes to mind is recaptcha with some overlays. they would know almost every account you've registered for.

cm2187将近 5 年前

Does elasticsearch have no authentication by default like mongodb or did someone deliberately make it public?

评论 #23191947 未加载

评论 #23191931 未加载

wnevets将近 5 年前

Am I the only one who dislikes some of those column names?isNonIndividual, IsNonVisibleToOthers, ShowableNonVisibleToOthers

评论 #23197383 未加载

评论 #23197988 未加载

wjnc将近 5 年前

Question: It was my understanding that a lawyer could sue the cloud provider for customer details of the cloud service in detail? It would be relevant information in determining liability for leaking this PII.

voidmain0001将近 5 年前

Firefox Monitor includes the db8151dd data: <a href="https://monitor.firefox.com/?breach=db8151dd" rel="nofollow">https://monitor.firefox.com/?breach=db8151dd</a>

评论 #23196616 未加载

jonykakarov将近 5 年前

what I can't understand is that I never heard of this covve app neither most of the affected users in the comment section on reddit or troy website or even here as no one thought of it , and my email does exist on the breach, also the data seem to be huge (103,150,616 rows/90GB)for an app that have about 100k install, need some explanations here.

bluesign将近 5 年前

It’s contact data from iOS and android phones probably scraped via some malware app/apps

评论 #23192745 未加载