BreachExchange mailing list archives
Skyline.com Ransomware Attackers Claim 200+ GB of Cleartext Financial, Passport, and Personal Data Leaked
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 24 Sep 2020 09:33:07 -0500
https://www.riskbasedsecurity.com/2020/09/23/skyline-com-ransomware-attackers-claim-200-gb-of-cleartext-financial-passport-and-personal-data-leaked/ Ransomware has had a massive impact on 2020’s data breach landscape, contributing towards the 27 billion records exposed in the first half of the year alone. Just two breaches were responsible for leaking 18 billion of those records. It’s an example of an alarming trend our researchers have noted, where a handful of major breaches are responsible for jeopardizing the privacy and safety of billions. Unfortunately, we may see something similar happening now with Skyline. Over 200 GB of Data Leaked Skyline Displays, Inc. is a large company that specializes in exhibits for events and trade shows, which gives an indication of the type and size of data exposed. According to their website, the company has “representation in 30 countries and has served well over 100,000 clients.” On Monday, September 21st, a threat actor claiming to represent the Lockbit ransomware hacking group shared a number of files totaling over 200 GB on a prominent Russian-speaking dark web hacking forum. The threat actor who posted the data alleges it is from Skyline. According to sources, the files contain: Cleartext credit card information (Names, credit card numbers, expiration dates, CVV) Passport scans of US citizens Driver License scans W-9 scans Social Security numbers Bank and account information Payroll information Email addresses and phone numbers Risk Based Security has reached out to Skyline to confirm the claim’s legitimacy, but at this time they have not responded to our inquiries. However, the forum is frequented by notorious ransomware operators, which suggests that the threat actor’s claims are valid. Our researchers are in the process of independently confirming the source of the data. The Full Impact Is Still Unknown The files contain many document scans, making it difficult at first pass to ascertain the full extent of the data exposed and number of individuals impacted. Regardless, the large file size implies the impact of the breach may be extensive. When compared to some of the other major data breaches analyzed by Risk Based Security, it shows that the impact of the data exfiltration may be substantial: Breached OrganizationFile SizeNumber of Individuals Affected Wattpad128 GB268 million Zynga 72 GB218 million Skyline Displays200 GBTBD While file size can be heavily dependent on the type of documents included, nevertheless the unusually large size is of serious concern because it points to an alarming breach for Skyline. It is important to note that our research has previously uncovered recent ransomware events where actors are grabbing any files they can find, meaning the leak may not be entirely made up of sensitive or confidential information. Regardless of how many individuals do end up being affected, we believe that we can expect that number to disproportionately include US information, given that the majority of Skyline locations are centered in the US. Unlike the Wattpad and Zynga incidents, the Skyline data breach contains cleartext credit card information, and since Skyline is primarily a B2B organization, this leak could have far reaching implications for Skyline’s customers. Another Data Drop Expected When the data was shared on September 21st, it was originally limited to forum administrators and premium users. However, the data was shared publicly the next day, September 22nd. The post also claimed that a further data archive will be shared on Thursday, September 24th. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Skyline.com Ransomware Attackers Claim 200+ GB of Cleartext Financial, Passport, and Personal Data Leaked Destry Winant (Sep 24)