Darknet forums enable cybercriminals to promote their hacking skills and trade stolen digital assets to other threat actor groups in the community. A large amount of compromised sensitive information is being dumped across various hacking forums regularly. Recently, security experts from Cybernews discovered an unknown hacker allegedly selling stolen credentials belonging to Adecco Group. Headquartered in Switzerland, Adecco Group is a Fortune 500 global human resource and temporary staffing company.
The database kept for sale contained over five million records from six Latin American/South American countries: Peru, Brazil, Argentina, Colombia, Chile, and Ecuador.
The Leaked Data
The data dump, which was later taken down by the hacker, supposedly contained different categories of data:
- “Candidatos_datos_personales” (candidates’ personal data) with 4,543,938 lines
- “Candidatos_candidatos_by_email” with 3,763,836 lines
- “Candidatos_login” with 5,321,943 lines
In common, all the categories exposed candidates’ sensitive information including full name, gender, marital status, birth dates, email addresses, passwords, and country of residence.
The Impact
While it is unclear why the post was taken down by the threat actor, Cybernews suspects that the database was sold out. The data could be misused for various malicious purposes, including:
- Targeted spear-phishing attacks
- Collecting and spamming users’ emails and phones
- Brute-forcing users’ other online accounts
Mitigation Measures
Cybernews also recommended certain security measures for users whose data may have been compromised in the security incident. These include:
- Change your passwords immediately. You should be using a unique password for each account you create.
- Add two-factor authentication (2FA) on your most sensitive accounts, including your primary email account. That way, even if a bad actor were able to uncover your credentials, they wouldn’t be able to get into your account.
- Watch out for suspicious emails, as they may be phishing attempts. Avoid clicking on links from suspicious emails.
- Watch out for suspicious activity on your financial accounts and set up identity theft monitoring.
Researchers suspected that the latest security incident appears to be from the same threat actors responsible for the recent VPN leaks, in which cybercriminals traded three databases that contained user credentials and device data from three Android Virtual Private Network (VPN) services – SuperVPN, GeckoVPN, and ChatVPN. Read more…