Data Breach Exposes 1.1 Million user’s information

This week, we hear the latest on leaks 1.1 Million user’s information and ‘GozNym’ Trojan found in Europe.

Breach Data Breach Exposes 1.1 Million user’s information

A database breach of the controversial dating website, which was initially thought to contain only test data from a non-production MongoDB server, has been exposed to contain actual customer information. Data leak identifying information of 1.1M customers is being sold around the Internet; attributes including height, weight, sexual preference, phone numbers, email addresses, and as much as 100 other qualities and interests., which claims to be “the largest network of attractive people in the world,” stored all of this information on a MongoDB database that was left open to anyone who knew the right web address. The website’s statement to Forbes claims that the server was shut down as soon as they were notified of the breach and that the breach only affected data provided by customers before mid-July 2015.

References: Leaks Very Private Data of 1.1 Million 'Elite' Daters | Ugly hack at dating site for 'beautiful' people | ‘Elite’ Dating Site Leaks Details Of 1.1m Users

Mitigation Strategies:


‘GozNym’ Trojan found in Europe

The ‘GozNym’ Trojan, discussed in last week’s Threat Report, has spread from North America and is now attacking banking customers in Europe. Researchers at IBM’s X-Force team, which observed this new Trojan only a few short weeks ago attacking banks in the United States and Canada, has now spotted it doing the same in Poland and Portugal. To date, ‘GozNym’ has affected 17 banks in Poland and one major bank in Portugal, as well as customers of Polish webmail service providers.

The Trojan is highly complex and uses a two-phase redirection scheme that fools customers and researchers to notice it. The authors behind this malware have devoted a large amount of time to mimicking websites of popular banking websites and have even embedded SSL certificates in the domain. Researchers say there are few malicious groups in the world with the capabilities to perform this type of attack, mainly the Nymaim gang standing out as a likely culprit.

References: GozNym banking malware spotted now in Europe | GozNym Trojan Targets European Users | Attackers behind GozNym Trojan set sights on Europe

Mitigation Strategies:

  • Security Operations Center team provides around-the-clock security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Log management could detect any suspicious user account activity.
  • Mail and web filtration
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.

Top 20 IP Addresses

*IP addresses provided by Recorded Future.