BeautifulPeople.com leaks 1.1 Million User’s Information

This week, we hear the latest on BeautifulPeople.com leaks 1.1 Million user’s information and ‘GozNym’ Trojan found in Europe.

Breach

BeautifulPeople.com leaks 1.1 Million user’s information

A database breach of the controversial BeautifulPeople.com dating website, which was initially thought to contain only test data from a non-production MongoDB server, has been exposed to contain actual customer information. Identifying information about 1.1M customers has been leaked and has begun to be sold around the Internet; attributes including height, weight, sexual preference, phone numbers, email addresses, and as much as 100 other qualities and interests.

BeautifulPeople.com, which claims to be “the largest network of attractive people in the world,” stored all of this information on a MongoDB database that was left open to anyone who knew the right web address. The website’s statement to Forbes claims that the server was shut down as soon as they were notified of the breach and that the breach only affected data provided by customers before mid-July 2015.

References: BeautifulPeople.com Leaks Very Private Data of 1.1 Million 'Elite' Daters | Ugly hack at dating site for 'beautiful' people | ‘Elite’ Dating Site BeautifulPeople.com Leaks Details Of 1.1m Users

Mitigation Strategies:

Malware

‘GozNym’ Trojan found in Europe

The ‘GozNym’ Trojan, discussed in last week’s Threat Report, has spread from North America and is now attacking banking customers in Europe. Researchers at IBM’s X-Force team, which observed this new Trojan only a few short weeks ago attacking banks in the United States and Canada, has now spotted it doing the same in Poland and Portugal. To date, ‘GozNym’ has affected 17 banks in Poland and one major bank in Portugal, as well as customers of Polish webmail service providers.

The Trojan is highly complex and uses a two-phase redirection scheme that fools customers and researchers to notice it. The authors behind this malware have devoted a large amount of time to mimicking websites of popular banking websites and have even embedded SSL certificates in the domain. Researchers say there are few malicious groups in the world with the capabilities to perform this type of attack, mainly the Nymaim gang standing out as a likely culprit.

References: GozNym banking malware spotted now in Europe | GozNym Trojan Targets European Users | Attackers behind GozNym Trojan set sights on Europe

Mitigation Strategies:

Top 20 IP Addresses

46.109.168.179 188.118.2.26
118.170.130.207 81.183.56.217
92.222.67.38 93.174.93.94
93.190.140.194 114.44.192.128
104.219.238.10 185.118.164.42
185.49.14.190 87.222.67.194
80.82.65.219 92.50.34.100
212.83.136.137 80.82.79.104
180.97.106.161 218.188.21.180
58.218.205.101 45.122.136.44

*IP addresses provided by Recorded Future.