Rewterz Threat Alert – Bitter APT Group Targeting China – Active IOCs
August 31, 2022Rewterz Threat Advisory – Multiple Apache Geode Vulnerabilities
August 31, 2022Severity
High
Analysis Summary
The rumor of a massive customer data breach has been substantiated by the Russian media streaming service “START” (start.ru). The company alleges that the attackers took a 2021 database from its server and released samples online to back up their authenticity.
Email, phone, and username information were taken from the database. Given that it cannot be utilized to take over accounts, START describes it as being uninteresting to the majority of crooks. The company also added that the stolen database did not contain information on surfing history or passwords.
According to a Russian news outlet,
As follows from the information leak, 24.6 million Start users registered from Russia, 2.3 million from Kazakhstan, 2.1 million from China, and 1.7 million from Ukraine.
They stated in a telegram message that they have already patched the issue, and access to their data is now closed.
The first rumors of a START data breach surfaced on August 28, when a 72GB MongoDB JSON dump containing information from around 44 million members began to circulate on a social network.
The entries mostly are related to test accounts. The dump, on the other hand, comprises 7,455,926 unique email addresses, which is most likely close to the actual number of exposed individuals.
Researchers claimed that in addition to information not included in the company’s first announcement, the stolen dump also contains md5crypt-hashed passwords, IP addresses, login logs, and subscription information.
The emerging and the ever-growing cyber-offensive activities against Russian internet platforms have prompted Moscow to put in place measures to protect its citizens’ data from exposure and to prevent unauthorized access to user data.