“Security Notice: Dear community...”
“Important information about your account...”
If you’ve recently received or had to send an email with a similar subject line, you know that this kind of official alert about hacker attacks into the databases of all sorts of popular services and platforms is recurring with ever-increasing frequency. Cases even exist where there has been no signal regarding leaks that have already occurred. The question remains: Where does all that sensitive data go?
Certainly, the intention of these hackers is anything but friendly: Their actual purpose is to collect data for future sale or leakage.
But where, in fact, does that illegal distribution of our privacy occur?
Several platforms exist for this shady purpose. These facilitate the exposure of any type of information and do not require users to register, thus allowing them to remain unidentified and untraceable.
But if you think this sort of practice occurs only on macabre and unknown domains, we’re here to tell you differently!
We have isolated the five sites with the most removal requests involving data leaks detected by our Axur One platform. You may even be logged into one of them right now:
This platform allows the user to publish any information without needing to create an account. It’s possible to generate a text file that can be shared on several other channels. (Those are also mapped by us in deep and dark web monitoring). Do you see how extremely easy it is to disseminate this content?
Yes! At this precise moment, we have more than 1,000 incidents of Facebook data leaks registered on the Axur One platform!
The danger here, in addition to fake profiles hosting illegal content, are closed groups, created with the intention of selling leaked data, such as logins, credit card numbers and fake screens. It’s a good thing we have deep and dark web monitoring to help find these frauds, which are not linked to the surface web!
GitHub, which hosts collaborative archives and codes, is also a victim of leaks! Valuable team information can become public, exposing tokens, passwords and content that should be private. Our advice is to keep a professional nearby as a “security evangelist” to inform and guard the security of the growth process.
Commonly kept as an online library, Docplayer hosts articles, books, manuals and all sorts of content. In the midst of so much information, internal presentations are often leaked, along with more serious data.
Though this platform is not very well known, you can advertise anything on it, from videos disclosing system failures to the sale of leaked cards.
The current impact of each platform:
The time interval covered in this data collection is from July 11, 2017 to the present.
Let us also make special mention of the TOR network, monitored by our Threat Intelligence team, since it’s one of the most famous of its kind. Because such platforms are not indexed on search engines like Google and make tracking information more restricted, they end up being perfect sources for selling leaks and other illegal materials.
Enactment of the General Data Protection Regulation (GDPR) in 2016 created global changes in how we see our privacy in the digital universe, and became an important regulation that seeks to make the data collection and usage process transparent.
Since then, we have come to define personal data as any information that helps identify a person or their use of that data, including collection, access, processes, utilization and transfer to (for example) storage.
An important consequence of this new jurisdiction is the designation of a professional responsible for supervising the company’s good data protection practices, this position being the Data Protection Officer, or DPO.
This issue is so serious that, in the case of the GDPR, any data leakage or violations that might undermine freedom or rights must be reported within 72 hours!
Constant monitoring of these platforms is crucial to contain violations that can occur swiftly without warning. To promote a culture of data protection, it's essential that your company stay clear of threats and educate employees to use their access responsibly. Basic practices include never registering a work email on unauthorized platforms, diversifying passwords, and enabling two-factor authentication.
Staying informed about new and emerging cyber threats that could potentially lead to data leakage is vital for maintaining a strong defense. Continuous monitoring allows timely adjustments to your security strategies. Proactively understanding and mitigating these risks is essential for any modern business. With Polaris, you can navigate the complexities of fragmented threat intelligence data, gaining access to AI-curated, actionable insights tailored to your organization's attack surface map.
To give you peace of mind regarding leakage, we at Axur offer a solution that monitors your presence in incidents related to the exposure of confidential data. That way you can act quickly and proactively, controlling the situation through our Axur One platform.