A significant security concern has arisen after a large number of email addresses were exposed online, allegedly scraped from security intelligence platform SOCRadar.io.
The data dump, containing an estimated 332 million email addresses, was posted on a cybercrime forum by a threat actor known as Dominatrix, according to Hackread. As per the post, the data was originally scraped by another actor, “USDoD,” who has a history of involvement in previous data breaches.
Details of the SOCRadar.io Data Scraping Incident
The leaked data was reportedly extracted from “stealer logs and combolists,” suggesting that malware infections played a role in the initial data collection. This indicates a broader issue of malware distribution and the subsequent exploitation of compromised systems.
The data scraping incident, according to Hackread, took place in July 2024. The announcement on popular underground hacker forum called Breach Forums said that 14GB worth of CSV file containing only the email addresses aggregated from various data breaches was obtained.
The forum user under the alias USDoD was initially selling the scraped data for $7,000 on 28 July 2024. But Dominatrix, who allegedly purchased the data from USDoD, made it public on August 3, stating:
“Hello BreachForums Community, Today I have uploaded a SocRadar database for you to download, thanks for reading and enjoy! In July 2024, @USDoD scraped socradar.io extracting 332 million emails parsed from stealer logs and combolists. I have purchased the data to share with you all today.”
While not technically a data breach as it reportedly only involved email addresses and no passwords, the incident raises concerns for individuals and organizations whose email addresses may be included. This type of exposure can be used for malicious purposes such as:
- Phishing Attacks: Criminals can utilize the email list for large-scale phishing campaigns, attempting to trick recipients into revealing personal information or clicking on malicious links.
- Brute-Force Attacks: Hackers may use the email addresses to attempt unauthorized access to accounts on various platforms.
- Credential Stuffing: By comparing the emails with previously leaked data breaches containing passwords, attackers could potentially gain access to compromised accounts.
Threat Actors Used Data from Telegram
SOCRadar’s Chief Security Officer Ensar Seker said there were “inaccuracies” in the public reporting of the incident.
“Firstly, it is important to note that neither the threat actor nor the sources alleging a data leak from SOCRadar have provided any proof that this data was actually gathered from our platform,” Seker told The Cyber Express. “This method of reporting serves no purpose other than to further the aims of threat actors.
“We emphasize that these actors have been consistently targeting the U.S. government and military, and now U.S. companies, which necessitates a heightened level of caution regarding their claims. We are pursuing legal avenues to address this issue and fully cooperating with law enforcement agencies, sharing all our investigation results and findings with them,” Seker added.
Regarding the data scraping incident Seker said, “The threat actors impersonated a legitimate company and subscribed to our platform to collect data. They then obtained the names of Telegram channels used to gather email addresses and falsely represented this data as being sourced from SOCRadar.”
Seker emphasized that “the email addresses were downloaded from the Telegram channel, not from SOCRadar.”
Importance of Cybersecurity Measures
This incident highlights the importance of strong cybersecurity practices for both individuals and organizations. Here are some key recommendations:
- Unique Passwords: Never use the same password for multiple accounts. Implement strong, unique passwords for each online service you use.
- Multi-Factor Authentication: Whenever possible, enable multi-factor authentication (MFA) as an additional layer of security for your accounts. MFA requires a second verification step beyond just a username and password.
- Vigilance: Be cautious of unsolicited emails, even if they appear to come from a familiar source. Do not click on suspicious links or attachments.
* Updated on August 7, 2024 (11:50 AM ET): The article was updated with SOCRadar’s Chief Security Officer Ensar Seker’s response.
