data leakage data leakage

ElevenPaths’ analyst team presents the case of the website that was affected by an information leak on 14 August 2016 which exposed personal data including the alias used in the log, the access passwords and the associated e-mails of more than 10.000 users.

According to the official YouTube [1] channel it is a platform which rents out servers for performing DDoS (Distributed Denial of Service) attacks, while it also provides other services free of charge. The information leak was disclosed by a moderator of the forum under the alias of Smoky, to whom the authorship is attributed in collaboration with Les2Dieux. This alias was also found in a account in which the leaked credentials were hosted. Conversely, other cyberidentities have stated in the forum that the data were exposed by a former partner.

Given the nature of the affected platform, we can rule out the identification of corporate accounts in the leak. The presence of e-mails potentially linked to the contracting of DoS services is also valuable within the framework of the investigation of other security incidents in which these accounts may have been involved, although at the time of the writing of this report the relationship between specific accounts and other actions has not been confirmed.

» Download the full report “ data leakage