A hacker operating under the alias USDoD has reportedly gathered and leaked 332 million email addresses from SOCRadar.io, a significant threat intelligence platform. This incident, which was later disseminated by another actor known as Dominatrix, poses serious security threats given the sensitive nature of the dataset.
The breach was brought to light on Breach Forums, a well-known cybercriminal platform, where Dominatrix released the extensive cache of email addresses allegedly scraped from SOCRadar.io. This platform provides a variety of cyber intelligence services aimed at helping organizations protect against emerging threats.
Incident Details
This incident, which does not classify as a data breach in the traditional sense, occurred in July 2024. USDoD, a hacker with a notable history, was identified as the perpetrator who scraped SOCRadar.io’s data. The 14GB CSV file unveiled contained solely email addresses, devoid of any passwords or personally identifiable information (PII). This data is believed to have originated from stealer logs and combolists, which compile information harvested through malware infections and various previous breaches.
The hacker initially sought to sell this database for $7,000 as of July 28, 2024. The situation escalated when Dominatrix, claiming to have acquired the dataset, shared it freely on August 3, 2024. In a message to BreachForums, Dominatrix stated, “Hello BreachForums Community, today I have uploaded a SocRadar database for you to download, thanks for reading and enjoy! In July 2024, @USDoD scraped socradar.io extracting 332 million emails parsed from stealer logs and combolists. I have purchased the data to share with you all today.”
The Hacker USDoD
USDoD has established a reputation within the cybercrime ecosystem for orchestrating past data breaches and leaks. The magnitude of their latest act reinforces their notoriety as a significant adversary in the landscape of cyber threats.
Implications of the Incident
Despite the exposed dataset containing only email addresses without associated passwords, the implications of this cyber incident are considerable. The increase in email exposure heightens vulnerabilities to phishing schemes and spam activities. Both individuals and organizations may experience a corresponding increase in phishing attempts directly related to the volume of leaked addresses.
The leak also provides cybercriminals with opportunities for brute force attacks, wherein they may target existing accounts across various platforms. Utilizing the leaked email addresses, attackers may retrieve associated passwords from past breaches to facilitate unauthorized account access. This further underscores the necessity for robust security measures, such as unique passwords and multi-factor authentication, across all accounts.
SOCRadar.io’s Response
In response to the incident, Ensar Seker, the Chief Security Officer at SOCRadar, denied the allegations of data scraping, emphasizing a lack of proof from the claimants. He stated, “The threat actors impersonated a legitimate company and subscribed to our platform to collect data like any other customers could. They then obtained the names of Telegram channels used to gather email addresses and falsely represented this data as being sourced from SOCRadar.”
Seker added that the organization maintains detailed logs that contradict the claims, asserting that the data was acquired from these channels, not from their platform. This assertion bears resemblance to previous claims by organizations like Crowstrike, which defended against allegations following a data leak linked to USDoD.
USDoD, upon acknowledging SOCRadar’s rebuttal, underscored that disclosing direct proof could jeopardize their identity, while they did offer to provide “off the record” insights to Hackread.com. The publication opted not to pursue this route due to confidentiality concerns.
RELATED TOPICS
- Twitter Scraping Breach: 209 Million Accounts Leaked
- Hacker Leaks 800,000 Scraped Chess.com User Records
- Data Scraping Firm Leaks 235M Instagram, TikTok, YouTube Records
- Facebook Sues Ukrainian Man for Scraping, Selling 178M Users’ Data
- This Website is Selling Billions of Private Messages of Discord Users
