• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Bitter APT Group Targeting China – Active IOCs
August 31, 2022
Rewterz Threat Advisory – Multiple Apache Geode Vulnerabilities
August 31, 2022

Rewterz Threat Update – Russian Streaming Platform Start Discloses A Data Breach Affecting 7.5M Users

August 31, 2022

Severity

High

Analysis Summary

The rumor of a massive customer data breach has been substantiated by the Russian media streaming service “START” (start.ru). The company alleges that the attackers took a 2021 database from its server and released samples online to back up their authenticity. 

Email, phone, and username information were taken from the database. Given that it cannot be utilized to take over accounts, START describes it as being uninteresting to the majority of crooks. The company also added that the stolen database did not contain information on surfing history or passwords.

According to a Russian news outlet,

As follows from the information leak, 24.6 million Start users registered from Russia, 2.3 million from Kazakhstan, 2.1 million from China, and 1.7 million from Ukraine.

They stated in a telegram message that they have already patched the issue, and access to their data is now closed. 

Start streaming service

The first rumors of a START data breach surfaced on August 28, when a 72GB MongoDB JSON dump containing information from around 44 million members began to circulate on a social network.

The entries mostly are related to test accounts. The dump, on the other hand, comprises 7,455,926 unique email addresses, which is most likely close to the actual number of exposed individuals.

Researchers claimed that in addition to information not included in the company’s first announcement, the stolen dump also contains md5crypt-hashed passwords, IP addresses, login logs, and subscription information.

The emerging and the ever-growing cyber-offensive activities against Russian internet platforms have prompted Moscow to put in place measures to protect its citizens’ data from exposure and to prevent unauthorized access to user data.

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.