Data Leakage, Threat Intelligence

The 5 Primary Sites Where Data Leaks Occur

By Yzadora S. Luz on
SHARE

“Security Notice: Dear community...”

“Important information about your account...”

If you’ve recently received or had to send an email with a similar subject line, you know that this kind of official alert about hacker attacks into the databases of all sorts of popular services and platforms is recurring with ever-increasing frequency. Cases even exist where there has been no signal regarding leaks that have already occurred. The question remains: Where does all that sensitive data go?

Certainly, the intention of these hackers is anything but friendly: Their actual purpose is to collect data for future sale or leakage.

But where, in fact, does that illegal distribution of our privacy occur?

onde_ocorrem_vazamentos_dados

 

Where do Data Leaks Happen?


Several platforms exist for this shady purpose. These facilitate the
exposure of any type of information and do not require users to register, thus allowing them to remain unidentified and untraceable.

But if you think this sort of practice occurs only on macabre and unknown domains, we’re here to tell you differently!

We have isolated the five sites with the most removal requests involving data leaks detected by our Axur One platform. You may even be logged into one of them right now:

 

Pastebin

This platform allows the user to publish any information without needing to create an account. It’s possible to generate a text file that can be shared on several other channels. (Those are also mapped by us in deep and dark web monitoring). Do you see how extremely easy it is to disseminate this content?

 


Facebook

Yes! At this precise moment, we have more than 1,000 incidents of Facebook data leaks registered on the Axur One platform!

The danger here, in addition to fake profiles hosting illegal content, are closed groups, created with the intention of selling leaked data, such as logins, credit card numbers and fake screens. It’s a good thing we have deep and dark web monitoring to help find these frauds, which are not linked to the surface web!

 


GitHub

GitHub, which hosts collaborative archives and codes, is also a victim of leaks! Valuable team information can become public, exposing tokens, passwords and content that should be private. Our advice is to keep a professional nearby as a “security evangelist” to inform and guard the security of the growth process.

 

 

Docplayer

Commonly kept as an online library, Docplayer hosts articles, books, manuals and all sorts of content. In the midst of so much information, internal presentations are often leaked, along with more serious data.

 


Teliam.net

Though this platform is not very well known, you can advertise anything on it, from videos disclosing system failures to the sale of leaked cards.

 

 

The current impact of each platform:

Data_Leaks_Axur

The time interval covered in this data collection is from July 11, 2017 to the present.

 

Let us also make special mention of the TOR network, monitored by our Threat Intelligence team, since it’s one of the most famous of its kind. Because such platforms are not indexed on search engines like Google and make tracking information more restricted, they end up being perfect sources for selling leaks and other illegal materials.

 

How does the law impact data leakage?


Enactment of the General Data Protection Regulation (
GDPR) in 2016 created global changes in how we see our privacy in the digital universe, and became an important regulation that seeks to make the data collection and usage process transparent.

Since then, we have come to define personal data as any information that helps identify a person or their use of that data, including collection, access, processes, utilization and transfer to (for example) storage.

An important consequence of this new jurisdiction is the designation of a professional responsible for supervising the company’s good data protection practices, this position being the Data Protection Officer, or DPO.

This issue is so serious that, in the case of the GDPR, any data leakage or violations that might undermine freedom or rights must be reported within 72 hours!

 

How can I protect myself from leakage?


Constant monitoring of these platforms is the
solution that quickly contains that type of violation, which can occur without any warning.

Keeping in mind the data protection culture, it is essential that your business stay far away from threats, working with employee awareness so that they use their access responsibly.

Basic tips include never registering a professional email on unauthorized platforms, diversifying passwords and enabling two-factor identification.

 

To give you peace of mind regarding leakage, we at Axur offer a solution that monitors your presence in incidents related to the exposure of confidential data. That way you can act quickly and proactively, controlling the situation through our Axur One platform.

event-image

ESPECIALISTA CONVIDADO

Eduardo Schultze, Coordenador do CSIRT da Axur, formado em Segurança da Informação pela UNISINOS – Universidade do Vale do Rio dos Sinos. Trabalha desde 2010 com fraudes envolvendo o mercado brasileiro, principalmente Phishing e Malware

AUTHOR

Yzadora S. Luz

Multimedia Production student and member of Axur's Brand Protection team, I help to build a safer internet.