FSBO

We noticed a significant exposure originating from FSBO, a U.S.-based platform catering to homeowners looking to sell their properties independently. The data, which surfaced on a prominent hacking forum in August 2018, is particularly concerning due to the inclusion of plaintext passwords. What struck us was the direct correlation between the website's niche focus on travel and homeowner education and the nature of the compromised credentials, suggesting a potential for targeted phishing or credential stuffing attacks against this specific user demographic.

The breach, discovered on August 24, 2018, involved a database dump affecting 23,803 records. The exposed data primarily consists of email addresses and plaintext passwords. This type of exposure is highly problematic as it directly facilitates account takeover attempts. The source structure indicates a direct database compromise, likely through SQL injection or compromised administrative credentials, leading to a comprehensive dump of user authentication information. The leak location was a well-known hacking forum, amplifying the risk of widespread dissemination and exploitation.

While this specific incident did not garner widespread media attention at the time of its discovery, the practice of selling compromised credential lists on dark web forums is a persistent threat. Research from various cybersecurity firms, including reports on the prevalence of credential stuffing attacks, consistently highlights the value of plaintext password databases for malicious actors. The FSBO breach, though seemingly localized, contributes to a larger pool of compromised credentials that can be leveraged in broader, more sophisticated attacks against individuals and potentially other interconnected services.

Our attention was drawn to a substantial data leak originating from the "MyFitnessPal" platform, which became public knowledge in March 2018. The sheer volume of compromised user accounts, coupled with the sensitive nature of the data, immediately flagged this as a high-priority incident. What particularly stood out was the breadth of personal information exfiltrated, extending beyond basic login credentials to include dietary habits and exercise routines, thereby creating a detailed user profile ripe for exploitation.

The MyFitnessPal breach, publicly disclosed on March 25, 2018, impacted an estimated 150 million user accounts. The exposed data types include usernames, email addresses, and hashed passwords, along with less commonly compromised information such as user-provided dietary information and exercise routines. The breach is believed to have originated from unauthorized access to the company's servers, with threat actors exploiting vulnerabilities to gain access to their databases. The leak was initially reported by the company itself, with further details emerging through security research and OSINT investigations. The gravity of the situation lies in the potential for this detailed personal data to be used for highly targeted social engineering, blackmail, or even identity theft.

This incident received significant media coverage globally, underscoring the widespread concern over the security of health and fitness tracking applications. News outlets such as Reuters, BBC News, and The New York Times reported extensively on the breach, highlighting the potential privacy implications for millions of users. Security researchers and threat intelligence firms subsequently analyzed the leaked data, confirming the scope and nature of the compromise. The incident served as a stark reminder of the increasing value of personal health data to cybercriminals and the need for robust data protection measures by companies operating in the digital health and wellness sector.

We observed a concerning data exposure linked to "Canva," a widely used graphic design platform, which came to light in May 2019. The incident is noteworthy not only for the number of users affected but also for the method of acquisition, which appears to have involved a sophisticated attack targeting the platform's infrastructure. What particularly caught our attention was the potential for this data to be used to compromise user accounts across other services, given the common practice of password reuse.

The Canva breach, publicly announced on May 2, 2019, involved the unauthorized access and exfiltration of data pertaining to approximately 137 million users. The compromised data includes usernames, email addresses, and hashed passwords. While the passwords were cryptographically hashed, the potential for brute-force attacks or the use of rainbow tables against weaker hashes remains a significant concern. The breach is understood to have occurred through a compromise of Canva's systems, with the threat actors gaining access to their user database. The data was subsequently discovered circulating on dark web marketplaces, indicating a clear intent for monetization by the attackers.

This breach garnered considerable attention from cybersecurity news outlets and threat intelligence platforms. Reports from sources like ZDNet and BleepingComputer detailed the technical aspects of the compromise and the potential ramifications for Canva users. OSINT investigations confirmed the presence of the leaked data on underground forums, and cybersecurity researchers have since analyzed the hashes, providing insights into the strength of the encryption used. The incident underscored the ongoing challenges in securing large-scale user databases and the persistent threat of credential harvesting for subsequent malicious activities.