Top online marketplace leak sees thousands of user accounts exposed

A Chinese online marketplace apparently unknowingly leaked hundreds of thousands of highly sensitive customer records which could have easily been used for identity fraud and other forms of cybercrime, a new report has claimed. 

Researcher Jeremiah Fowler found a shady marketplace called Z2U keeping an unlocked database on a cloud server hosting roughly 600,000 records. 

While Z2U advertises itself as a “reliable trade environment” for gamers, Fowler discovered many items on sale which could easily be classified as illegal, including Facebook and Instagram accounts, access to HBO, Netflix, Disney+ and other streaming services, Windows license keys, malware, viruses, and more, were all available for purchase.

Sensitive information

To register on the site, a user must pass KYC (Know Your Customer) verification and must provide an unaltered image of an identity document, such as an ID card, or passport. 

However this information, including photographs of users holding their identity documents, was sitting in the unprotected database Fowler discovered. 

Furthermore, the database held records showing bank transaction payments that included IBAN numbers, user logins, emails, account passwords, order confirmations with the buyers’ names, emails, purchase details, and more. 

The database was hosted on a server located in China, Fowler further explained, saying he saw a “large number” of documents and file names in Chinese. 

“There could be significant intellectual property implications of selling accounts, license keys, and access to games, services and licensed software applications,” he says. 

Many of the account login email addresses he was for sale used Russian email accounts, too. “It is well known in the security community that Russia and China are among the most active locations for cybercrime and both countries have a reputation of being deeply engaged in dark web or malicious activity online.”

A week after discovering the database and notifying Z2U, the company locked the database, and Fowler did not mention finding any evidence of the data actually being used in the wild - however users should still act with caution.



from TechRadar - All the latest technology news https://ift.tt/5eyM2Di
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us