Scraped and Exposed | 235 Million Profiles from Instagram, TikTok, and YouTube Found Online

Woman looking through social media profiles

What Happened

On August 19, 2020, researchers at Comparitech uncovered an unsecured database with 235 million Instagram, TikTok, and YouTube user profiles exposed online. The ownership of this latest data leak was traced to a defunct social media data broker, Deep Social, who forwarded the breach notification to Social Data. Continue reading

386 Million User Records from 18 Companies Leaked for Free

computer hacker selling PII on dark web

What Happened?

It was just recently confirmed that starting on July 21, 2020, multiple databases containing the stolen information of over 386 million consumers were posted online in a hacker forum — all for free. The exposed information was stolen from eighteen companies, including Wattpad (270 million user records), Mathway.com (25.8 million user records), Promo.com (22 million user records), and Drizly.com (2.4 million user records) through past data breaches. Many of the 18 companies involved in this data leak have announced security incidents had occurred in 2020, but several remain unknown or undisclosed. The Personally Identifiable Information (PII) in each database varies, but typically contain names, user names, email addresses, and hashed passwords. Hashed passwords can be deciphered, further exposing a breach victim to account takeover and credential stuffing attacks. Continue reading

What is Vishing? Voice Phishing Scams to Avoid

man on phone victim of vishing scam

What is vishing?

Vishing is a phone scam type of phishing attack. The word “vishing” comes from “voice” and “phishing”. Phishing scams are most often done through email, named by the idea that a fraudster is dangling a hook or a lure to get unsuspecting victims to reveal sensitive information, like usernames, passwords, or credit card details, through an email response or by clicking a link and entering the data on a website. In a vishing attack, a scammer uses a phone call to target their victims and steal information, money, or both.

Vishing can also be a type of social engineering scam — that is, the criminal uses specific or “vague enough to be real” details about the victim to get them to believe the scam caller is real and should be trusted. Vishing calls may come from a blocked number, or a fake or spoofed phone number used to impersonate a legitimate person or organization. Fraudsters also use robocalls to carry out vishing schemes on a larger scale. Continue reading