< Back to Searchlight Blog

Have COVID-19 Health Organisations been hacked?

Published on 27 Apr 2020 by Illy

Pastebin and Twitter are actively removing files containing thousands of email addresses and passwords, allegedly belonging to various health organisations involved in the fight against COVID-19.

Pastebin and Twitter are actively removing files containing thousands of email addresses and passwords, allegedly belonging to various health organisations involved in the fight against COVID-19. The breach also contains several logins that users have claimed to have used to access private directories in relation to COVID-19 research. The title of some of these lists however, references a credentials database that has been shared amongst criminals since 2016. Suggesting that the contents of the recently shared lists may be cherry picked and outdated data from previous breaches and thus they pose little risk.
alt text The data appeared to first emerge on the forum 4chan before being uploaded to Pastebin and shared on Twitter. This began when a user [1] posted a now deleted tweet containing Pastebin and archive links to multiple data dumps. The content of these sites were quickly archived and re-uploaded on external forums such as Kiwifarms.net, leading the data to remain available despite efforts to take them down. alt text

References:

[1] https://twitter.com/17karnage.

Try our Darknet Intelligence/Forensics tool for free, contact enquiries@slcyber.io


Latest News from Searchlight

20 May 2020

Europa market allegedly seized

The darknet market Europa, which offered a place of haven for users looking to buy drugs and weapons, including firearms, has become inaccessible. It is unclear as to whether the market was seized by authorities or if the seizure notice is just a ploy by the site admins in an attempt to avoid blame from its customers during an exit scam.

Read more...

19 May 2020

9 Million EasyJet customers details accessed in cyber attack.

Budget airliner EasyJet has released a statement notifying its customers that the email addresses and travel details of around 9 million user accounts were compromised in what it calls a “highly sophisticated attack", back in as early as January of this year.

Read more...

18 May 2020

Hackers claim to have "dirty laundry" on US President Donald Trump alongside many celebrities in law firm breach

One of the worlds largest entertainment lawyers who allegedly also worked for President Trump has been the victim of ransomware, with hackers threatening to sell off the acquired data to the highest bidder on the darknet.

Read more...

13 May 2020

Hacker sells millions of recently breached accounts on the darknet.

Unacademy, a service that claims to be “India’s largest learning platform” has reportedly had a data breach, with 28 million user accounts for sale on a darknet market.

Read more...