Cybercriminals have leaked 50 million stolen consumer records, including credit card data and personally identifiable information (PII), in what is being billed by hackers as a “Free Leaksmas” giveaway.
Criminals posting on underground forums used the “Free Leaksmas” tag to promote the data that included tons of stolen data from companies and governments representing dozens of countries, according to researchers familiar with the cache.
Resecurity researchers monitored the activity and, in an article from December 27described it as cybercriminals displaying “a form of mutual gratitude” as the end of the year approaches.
“The actual damages resulting from this activity could potentially amount to millions of dollars. »
Wide range of government and corporate data leaked
The largest “Leaksmas” reported by Resecurity was a dataset containing 22 million records stolen from Peruvian telecommunications provider Movistar. It included customer phone numbers and DNI (Documento Nacional de Identidad) numbers.
“The DNI, being the only identity card recognized by the Peruvian government for all civil, commercial, administrative and judicial activities, makes its exposure on the Dark Web a serious threat, potentially leading to identity theft and “widespread fraud,” the researchers said. .
“This incident highlights the critical need for robust digital identity protection programs, particularly in Latin America, where there is a growing trend of cyberattacks resulting in major data breaches and significant damages.”
2.5 million customer records of a Vietnam-based online women’s fashion store, GUMAC, were also released.
“Such a database is a valuable asset for spammers and illegal affiliate marketers, providing them with the opportunity to generate substantial profits during the winter holiday season,” Resecurity said.
More than 2 million records stolen from Mexico’s second largest bank, Citibanamex, have been released, along with 1.5 million records from French company Mobbiz and more than 15 GB of data from AEON, a major service Philippine credit.
Researchers said one of the smallest, but “remarkable,” leaks they observed was a dump from Italian online military and outdoor clothing store Italia Militare.
“Although the database contains only 2,000 records, the nature of the audience – individuals interested in military equipment – makes it particularly attractive to foreign cyber actors, particularly those focused on defense-related information.” , they said.
“In addition to these individual leaks, the perpetrators also released larger data compilations, consisting of several separate data breaches. Some of these were entire packages, known as combo lists, containing millions of records including emails and passwords.
SiegedSec shares a Christmas message
While several hackers and groups were involved in the “Leaksmas” activity, Resecurity said the largest actor was the threat group SiegedSec, which claimed responsibility for the November attack. Idaho National Laboratory data breachinvolving the theft of data relating to 45,000 people.
SiegedSec shared a Christmas message on the forums that mentioned the exfiltration of citizen data, “suggesting that we can anticipate more unexpected actions from them in the coming year,” the researchers said.
SiegedSec’s post also said: “All I want for Christmas is the destruction of the government.” »
Nearly three-quarters of the 50 million information leaks observed by Resecurity on December 24 came from three countries: Peru (34%), the United States (22%) and the Philippines (18%). Other countries affected are France, Vietnam, Italy, Russia, Mexico, Switzerland, Australia, India and South Africa.
“This wide geographic distribution highlights the vast global reach and severe impact of these cybercriminal activities,” the researchers said.