Dark Web's 'Leaksmas' Unveils Cybercriminals Holiday Data Leak Spree

An unsettling holiday surprised was revealed by researchers from RSecurity, as cybercriminals celebrated a "Leaksmas" event during the Christmas holiday, resulting in the release of a staggering trove of critical data. This event saw multiple actors on the Dark Web release substantial data dumps obtained from data breaches and network intrusions targeting various companies and government agencies. These malicious acts were tagged with 'Free Leaksmas,' symbolizing the cybercriminals' mutual exchange of stolen data as a form of dark gratitude. What's concerning is the global impact of these data breaches, affecting individuals in countries ranging from France, Peru, and Vietnam to India, Mexico, and South Africa. RSecurity emphasizes that these leaks puts victims at risk of identity theft, financial fraud, account takeovers, and business email compromises (BEC) due to these widespread leaks.

One significant incident during the 'Leaksmas' involved a major telecommunications provider in Peru, Movistar, which suffered a massive data breach. Over 22 million records, including customers' phone numbers and identity card information, were exposed, posing severe threats like identity theft and fraud. Other major leaks documented have affected a major credit service in the Philippines, a French company, a Vietnam-based fashion store, an online military gear shop in Italy, and an online banking leak in Mexico.

The 'Leaksmas' event also brought notoriety to certain hacking groups. SiegedSec, a prominent actor, claimed responsibility for hacking into government resources and targeted several high-profile entities, including Israel's largest supermarket chain. Another alliance known as the "Five Families" conducted multiple data leaks, including a Chinese clothing store, an Indian resource, and a South African medico-legal association. The cybercriminal underground took advantage of the holiday season to offer discounted stolen payment data, 'look-up services,' and credit card information.

'Leaksmas' served as a stark reminder of the relentless and global nature of cybercriminal activities. As we embark on 2024, reflecting on the previous year's trends, the pervasive use of legitimate accounts, such as RDP and VPN access, by threat actors for initial access underscores the critical importance of safeguarding digital identities, as highlighted in RSecurity's concerning 'Leaksmas' report.