The Ticketmaster data breach update is distressing as the threat actors have now released records of 1 million customers for free. The Ticketmaster data leak, earlier confirmed by Live Nation, Ticketmaster's parent company, involves unauthorized access and potential leak of sensitive customer information. According to the threat actor responsible for the breach, the stolen data in this incident includes a vast trove of data belonging to 680 million Ticketmaster customers. Initially demanding $100,000 for the stolen data, the threat actors have since escalated their tactics by publicly releasing records on a popular dark web forum. 

The Fallout of Ticketmaster Data Breach

This move appears to be an attempt to pressure Ticketmaster into meeting their demands, underlining the severity of the breach and its potential repercussions. [caption id="attachment_78485" align="alignnone" width="1415"] Source: Dark Web[/caption] In its post, the threat actor claims that Ticketmaster is not responding to the request to buy data from the hacker collective. In response, the hackers assert that the organization does not care “for the privacy of 680 million customers, so give you the first 1 million users free.” The compromised data includes a wide array of personal details: names, addresses, IP addresses, emails, dates of birth, credit card types, last four digits of credit cards, and expiration dates. This extensive breach of sensitive information raises serious concerns about the privacy and security of Ticketmaster's user base. The Ticketmaster data breach, which reportedly occurred on May 20, involved a database hosted on Snowflake, a third-party cloud storage provider utilized by Ticketmaster. Live Nation has acknowledged unauthorized activity within this cloud environment but has not provided specific details regarding the breach's origins or the complete extent of data exfiltrated.

Live Nation Confirms the Ticketmaster Data Leak Incident

Live Nation confirmed the Ticketmaster data leak in a regulatory filing, stating the incident occurred on May 20. They reported that a cybercriminal had offered what appeared to be company user data for sale on the dark web. The affected personal information is believed to be related to customers. “As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing”, reads the official filing.  Ticketmaster and Live Nation are expected to collaborate closely with cybersecurity experts and regulatory authorities to investigate the incident thoroughly. They will likely focus on enhancing security measures to prevent future breaches and mitigate the impact on affected customers. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The notorious threat actor known as Intelbroker claims to have orchestrated a massive data breach of Advanced Micro Devices (AMD), a top player in the semiconductor industry. The unconfirmed AMD data breach, disclosed on the notorious BreachForums site, shared details of the intrusion, with multiple data samples shared to the dark web forum users.  Between these speculations, AMD officials released a statement that it is investigating claims of a data breach by a cybercriminal organization. "We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data," the chipmaker told Reuters.

Decoding the AMD Data Breach Claims by Intelbroker

Intelbroker claims the AMD data leak encompasses a vast array of sensitive information from AMD's databases. This includes detailed data on future AMD products, specification sheets, customer databases, property files, ROMs, source code, firmware, financial records, and comprehensive employee data such as user IDs, full names, job functions, phone numbers, and email addresses. [caption id="attachment_77588" align="alignnone" width="926"] Source: Dark Web[/caption] Samples of the stolen data shared by Intelbroker highlight the potential severity of the AMD data leak. Screenshots and snippets from AMD's internal systems, allegedly obtained by the threat actor, provide a glimpse into the breadth and depth of the compromised information. Such disclosures not only highlight the possible extent of the intrusion but also highlight potential vulnerabilities within AMD's cybersecurity infrastructure. The incident is not the first time AMD has faced a cybersecurity challenge. In 2022, the company was reportedly targeted by the RansomHouse hacking group, which claimed responsibility for extracting data from AMD's networks. The 2022 breach, similar to the current incident, prompted AMD to launch an extensive investigation to assess the breach's impact and fortify its defenses against cyber threats.

Intelbroker's Modus Operandi

Intelbroker, the alleged perpetrator behind the new AMD data breach, has gained notoriety for a series of high-profile cyber intrusions targeting diverse organizations. Operating as a lone actor, Intelbroker has a documented history of penetrating critical infrastructure, major tech corporations, and government contractors. The hacker's actions suggest a sophisticated approach to exploiting vulnerabilities and accessing sensitive information. In previous instances, the hacker has claimed responsibility for breaches at institutions like the Los Angeles International Airport and Acuity, a U.S. federal technology consulting firm.

Data Samples and Technical Details

The data shared by Intelbroker includes technical specifications, product details, and internal communications purportedly from AMD's secure servers. These samples, posted on breach forums, reportedly reveal intricate details about AMD's upcoming products, financial documents, and proprietary software codes. Such disclosures not only could compromise AMD's competitive advantage but also raise concerns about intellectual property theft and corporate espionage. Technical codes and alphanumeric sequences, allegedly extracted from AMD's databases, have been posted alongside screenshots on BreachForums. These snippets, though cryptic to the untrained eye, contain critical information about AMD's internal systems and operational protocols. The exposure of such technical data could pose significant risks to AMD's reputation and operational integrity.

Response and Investigation

The Cyber Express has reached out to AMD to learn more about the potential data breach. However, at the time of publication, no official statement or response has been received, leaving the claims for the AMD data leak unconfirmed for now. Moreover, the official AMD website seems to be operational at the moment and doesn’t show any immediate sign of a cyberattack. The hacker could possibly have targeted the backend of the website or the databases instead of launching a front-end assault like a DDoS or a website defacement. AMD's response strategy will likely involve comprehensive forensic analysis, collaboration with cybersecurity agencies, and the implementation of enhanced security measures to mitigate future risks.

Previous Cyber Incidents Linked to Intelbroker

Intelbroker has demonstrated massive cyber operations beyond the alleged AMD data breach, targeting multinational corporations, government entities, and prominent tech firms globally. Notable breaches attributed to Intelbroker include infiltrations at Los Angeles International Airport (LAX), compromising millions of records encompassing personal and flight details. The hacker also accessed sensitive data from U.S. federal agencies via Acuity, exposing vulnerabilities in government IT systems. Furthermore, Intelbroker claimed responsibility for a cyberattack on Shoprite, Africa's largest retailer, highlighting their widespread impact. These incidents highlight Intelbroker's skill at exploiting security vulnerabilities to extract valuable data, posing significant challenges to affected organizations and cybersecurity professionals. The motivations driving Intelbroker's cyber activities range from financial gain through selling stolen data on dark web platforms to potential geopolitical agendas aimed at disrupting critical infrastructure and corporate operations. The Cyber Express will update readers as we get more information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A threat actor on a dark web forum has listed data from Truist Bank for sale following a cyberattack on the banking institution. Meanwhile, Kulicke and Soffa Industries, Inc. (K&S) is also dealing with a data breach. Reports indicate that Truist Bank client data, including sensitive information such as employee details and bank transactions, has been put up for sale on the dark web. The alleged Truist Bank data leak is attributed to a threat actor known as Sp1d3r. The data, reportedly obtained via the Snowflake breach, raises questions about the security measures in place at Truist Bank.

Truist Bank Data Breach Allegedly Goes on Sale on Dark Web

According to the threat actor’s post, the Truist Bank data breach is now selling for $1 million. The compromised data includes details of 65,000 employees, bank transactions containing names, account numbers, balances, and the source code for IVR funds transfers. [caption id="attachment_77051" align="alignnone" width="595"] Source: Dark Web[/caption] The post by the threat actor provides specific information about the data for sale and contact details for purchase. Additionally, the post includes various usernames, threads, reputation points, and contact information such as XMPP handles and email addresses associated with the threat actor. Meanwhile, Kulicke and Soffa Industries, a renowned semiconductor and electronics manufacturing company, disclosed a breach compromising millions of files. Initially detected on May 12, 2024, the breach exposed critical data, including source codes, engineering information, and personally identifiable information.

Two Cybersecurity Incidents at Once

In response to the Kulicke and Soffa data breach, K&S swiftly initiated containment measures in collaboration with cybersecurity experts and law enforcement agencies. The company's cybersecurity team worked diligently to isolate affected servers and prevent further intrusion. Despite the breach, K&S remains committed to safeguarding its systems and data integrity. In a filing with the U.S. Securities and Exchange Commission (SEC), K&S detailed its efforts to mitigate the impact of the breach. The company assured stakeholders that, as of the filing date, the incident had not materially disrupted its operations. However, investigations are ongoing to ascertain the full extent of the breach and increase the cybersecurity measures in place. The Truist Bank data breach and the Kulicke and Soffa cyber incident highlight the persistent threat of cyberattacks faced by organizations worldwide. While both entities are actively addressing the breaches, the incidents highlight a broader case of cybersecurity measures and their impact in safeguarding sensitive information and maintaining trust in the digital age. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A threat actor that goes by the name “enlared” surfaced on a dark web forum, offering a hacked method for online advertising: a "New Click Fraud Software for Google ADS." Priced at $700 per license, this software is promoted as an aggressive marketing tool for online fraud and taking down competitors.  The new click fraud software, according to the threat actor, had a bunch of practical features that go beyond conventional marketing practices. Specifically, the threat actor claims that the software can drain the competitor's budget and release multiple attacks.  “Tired of your competitors beating you on Google ADS? Want to level the playing field and drain their advertising budget? We have the perfect solution for you!”, reads the threat actor post. 

Understanding the New Click Fraud Software for Google Ads

The new click fraud software offers a range of features aimed at fraudsters and creating a hack in the competitive realm of online marketing. Its functionalities include location search change, allowing users to simulate clicks from different geographical areas to bypass detection algorithms used by advertising platforms.  Additionally, the software utilizes a network of proxies to generate clicks from multiple IP addresses, ensuring user anonymity. Users can also target specific ad domains and customize campaigns by selecting keywords, maximizing their campaigns' impact and relevance.

How It Operates and Pricing

The software integrates a user-friendly interface, facilitating quick setup and configuration in a matter of minutes. Users have full control over the parameters of their campaigns, from defining target locations and domains to specifying keyword targets. The results are immediate, says the threat actor, with competitors witnessing a rapid depletion of their advertising budgets as the software executes its strategy with ruthless efficiency. Additionally, the new click fraud software offers remote desktop demonstrations, providing potential buyers with a glimpse into the tool's potency before making a purchase decision. Priced at USD 700 per license, the software offers a compelling hack proposition for businesses seeking to gain an edge in the world of online advertising. Escrow payments are accepted to ensure security for both parties involved in the transaction. With its arsenal of advanced features and promise of tangible results, the new click fraud software for Google Ads represents a darker method for competing in the online advertising game. As businesses vie for visibility and market share in an increasingly competitive online sphere, this dark web tool offers a means of cheating and targeting competitors for a very cheap price.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A threat actor has come forward, asserting responsibility for a significant breach in the security infrastructure of HopSkipDrive, a well-known rideshare service connecting families with reliable drivers. This HopSkipDrive data breach, allegedly occurring in June 2023, has led to the unauthorized access of sensitive data belonging to the company's drivers. According to the claims made by the hackers, HopSkipDrive's network and cloud infrastructure fell victim to this breach, resulting in the exposure of detailed personal information stored within its database. This compromised data reportedly includes a trove of 60,000 folders, each containing comprehensive details about individual users, ranging from driving licenses and insurance documents to vehicle inspection records and more.

Decoding the HopSkipDrive Data Breach Claims

The threat actor has purportedly made public a staggering 500GB of sensitive information, encompassing various personal identifiers such as first and last names, email addresses, Social Security Numbers (SSNs), home addresses, zip codes, and even countries of residence.  Additionally, the leaked data from this data leak HopSkipDriveallegedly includes source code snippets, including private admin panel information, alongside driving licenses, insurance particulars, vehicle inspection records, selfie photographs, and even criminal records. In a dark web post, the threat actor claimed responsibility, stating, "We disclose all HopSkipDrive data publicly. Indeed, in June 2023, we compromised the company's network and cloud infrastructure of HopSkipDrive." The HopSkipDrive data leak post further details the nature of the compromised data, providing evidence of the breach's magnitude and the extent of information exposed.

HopSkipDrive Data Leak Investigation

Efforts to verify these claims have been met with silence from HopSkipDrive, as the organization has yet to issue an official statement or response regarding the alleged data breach. Despite this lack of confirmation, the severity of the situation cannot be overstated, with the potential implications for affected drivers and their privacy remaining a cause for concern. Interestingly, despite the reported breach, the HopSkipDrive website appears to be operational, showing no immediate signs of an attack. This suggests that the threat actor may have gained access to the data without launching a visible front-end assault, such as a Distributed Denial of Service (DDoS) attack or website defacement. As the investigation into the HopSkipDrive data breach continues, the priority lies in addressing the security vulnerabilities that allowed such unauthorized access to occur. Additionally, affected individuals must remain vigilant and take necessary precautions to safeguard their personal information against potential misuse or exploitation in the aftermath of this breach. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged HopSkipDrive data leak or any official confirmation from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Digital security is about so much more than malware. That wasn’t always the case. 

When I started Malwarebytes more than 16 years ago, malware was the primary security concern—the annoying pop-ups, the fast-spreading viruses, the catastrophic worms—and throughout our company’s history, Malwarebytes routinely excelled against this threat. We caught malware that other vendors missed, and we pioneered malware detection methods beyond the signature-based industry standard.  

I’m proud of our success, but it wasn’t just our technology that got us here. It was our attitude.  

At Malwarebytes, we believe that everyone has the right to a secure digital life, no matter their budget, which is why our malware removal tool was free when it launched and remains free today. Our ad blocking tool, Browser Guard is also available to all without a charge. This was very much not the norm in cybersecurity, but I believe it was—and will always be—the right thing to do.  

Today, I am proud to add to our legacy of empowering individuals regardless of their wallet by releasing a new, free tool that better educates and prepares people for modern threats that abuse exposed data to target online identities. I’d like to welcome everyone to try our new Digital Footprint Portal.  

See your exposed data in our new Digital Footprint Portal.

By simply entering an email address, anyone can discover what information of theirs is available on the dark web to hackers, cybercriminals, and scammers. From our safe portal, everyday people can view past password breaches, active social media profiles, potential leaks of government ID info, and more.  

More than a decade ago, Malwarebytes revolutionized the antivirus industry by prioritizing the security of all individuals. Today, Malwarebytes is now also revolutionizing digital life protection by safeguarding the data that serves as the backbone of your identity, your privacy, your reputation, and your well-being online.  

Why data matters 

I can’t tell you how many times I’ve read that “data is the new oil” without reading any explanations as to why people should care.  

Here’s my attempt at clarifying the matter: Too much of our lives are put online without our control.  

Creating a social media account requires handing over your full name and birthdate. Completing any online shopping order requires detailing your address and credit card number. Getting approved for a mortgage requires the exchange of several documents that reveal your salary and your employer. Buying a plane ticket could necessitate your passport info. Messaging your doctor could involve sending a few photos that you’d like to keep private.  

As we know, a lot of this data is valuable to advertisers—this is what pundits focus on when they invoke the value of “oil” in discussing modern data collection—but this data is also valuable to an entirely separate group that has learned to abuse private information in novel and frightening ways: Cybercriminals.  

Long ago, cybercriminals would steal your username and password by fooling you with an urgently worded phishing email. Today, while this tactic is still being used, there’s a much easier path to data theft. Cybercriminals can simply buy your information on the dark web.  

That information can include credit card numbers—where the risk of financial fraud is obvious—and even more regulated forms of identity, like Social Security Numbers and passport info. Equipped with enough forms of “proof,” online thieves can fool a bank into routing your money elsewhere or trick a lender into opening a new line of credit in your name.  

Where the risk truly lies, however, is in fraudulent account access.  

If you’ve ever been involved in a company’s data breach (which is extremely likely), there’s a chance that the username and password that were associated with that data breach can be bought on the dark web for just pennies. Even though each data breach involves just one username and password for each account, cybercriminals know that many people frequently reuse passwords across multiple accounts. After illegally purchasing your login credentials that were exposed in one data breach, thieves will use those same credentials to try to log into more popular, sensitive online accounts, like your online banking, your email, and your social media.  

If any of these attempts at digital safe-cracking works, the potential for harm is enormous.  

With just your email login and password, cybercriminals can ransack photos that are stored in an associated cloud drive and use those for extortion. They can search for attachments that reveal credit card numbers, passport info, and ID cards and then use that information to fool a bank into letting them access your funds. They can pose as you in bogus emails and make fraudulent requests for money from your family and friends. They can even change your password and lock you out forever. 

This is the future of personal cybercrime, and as a company committed to stopping cyberthreats everywhere, we understand that we have a role to play in protecting people.  

We will always stop malware. We will always advise to create and use unique passwords and multifactor authentication. But today, we’re expanding our responsibility and helping you truly see the modern threats that could leverage your data.  

With the Digital Footprint Portal, who you are online is finally visible to you—not just cybercriminals. Use it today to understand where your data has been leaked, what passwords have been exposed, and how you can protect yourself online.  

Digitally safe 

Malwarebytes and the cybersecurity industry at large could not have predicted today’s most pressing threats against online identities and reputations, but that doesn’t mean we get to ignore them. The truth is that Malwarebytes was founded with a belief broader than anti-malware protection. Malwarebytes was founded to keep people safe.  

As cybercriminals change their tactics, as scammers needle their way onto online platforms, and as thieves steal and abuse the sensitive data that everyone places online, Malwarebytes will always stay one step ahead. The future isn’t about worms, viruses, Trojans, scams, pig butchering, or any other single scam. It’s about holistic digital life protection. We’re excited to help you get there.