A hacker known as USDoD claims to have scraped 332 million email addresses from SOCRadar.io, which were later dumped online by another threat actor, Dominatrix. This dump raises a significant security concern as SOCRadar.io is a prominent threat intelligence platform.
A threat actor known as Dominatrix has published a trove of 332 million email addresses on Breach Forums, allegedly scraped from SOCRadar.io, a comprehensive cyber intelligence platform that provides a range of services to help organizations protect against cyber threats.
Incident Details
This incident, which is NOT a data breach, took place in July 2024. The announcement on cybercrime and hacker platform Breach Forums detailed that USDoD, known for previous high-profile data breaches, was responsible for scraping SOCRadar.io.
The 14GB worth of CSV file containing only the email addresses and no passwords, was parsed from stealer logs and combolists, which typically contain data harvested through malware infections and aggregated from various data breaches.
USDoD was initially selling the scraped data for $7,000 on 28 July 2024. However, Dominatrix, who claimed to have purchased the data from USDoD, made the data publicly available on August 3, 2024, stating:
“Hello BreachForums Community, Today I have uploaded a SocRadar database for you to download, thanks for reading and enjoy! In July 2024, @USDoD scraped socradar.io extracting 332 million emails parsed from stealer logs and combolists. I have purchased the data to share with you all today.”
The Hacker USDoD
USDoD is a well-known figure in the cybercrime community, with a history of breaches and data leaks. Some of the notable incidents include:
- FBI’s Security Platform InfraGard: A breach that exposed sensitive data from one of the FBI’s security platforms.
- CrowdStrike IoC List: The scraping and leaking of a 100,000-line list of Indicators of Compromise (IoCs) from CrowdStrike.
- LinkedIn Users: In November 2023, USDoD scraped and leaked data of 35 million LinkedIn users.
Implications of the Incident
Although the exposure only contains email addresses without passwords, PII (Personally Identifiable Information), or KYC (Know Your Customer) data, it still has several serious implications. One of the primary concerns is the increased risk of phishing and spam. With such a large dataset, individuals and organizations can expect a surge in phishing attacks and spam campaigns.
Additionally, the leak opens the door to brute force attacks, where cybercriminals attempt to log in to existing accounts on various websites. Additionally, by using email addresses from the breach, hackers can find corresponding passwords from previous data breaches and compromise target accounts. This makes it essential for individuals to use unique passwords across different sites and enable multi-factor authentication where possible.
SOCRadar.io’s Response
In a statement to Hackread.com, Ensar Seker, SOCRadar’s Chief Security Officer denied that the platform was scraped. Ensar argued that the threat actors claiming the data leak did not provide any proof that the data was scraped from SOCRadar.
“The threat actors impersonated a legitimate company and subscribed to our platform to collect data like any other customers could,” Ensar explained. “They then obtained the names of Telegram channels used to gather email addresses and falsely represented this data as being sourced from SOCRadar.“
“We can provide detailed logs of the threat actor’s activities and demonstrate how the email addresses were downloaded from the Telegram channel, not from SOCRadar,” he added.
The statement is similar to what Crowstrike claimed when the USDoD hacker leaked a list of 100,000 Indicators of Compromise (IoC) list. “This threat intel data is available to tens of thousands of customers, partners, and prospects,” Crowstrike said at that time.
However, in response to SOCRadar’s statement, USDoD maintained that providing proof would “expose” their identity but agreed to provide Hackread.com with “off the record” evidence. The publication did not proceed with this since the details could not be disclosed to the public.
RELATED TOPICS
- Twitter Scraping Breach: 209 Million Accounts Leaked
- Hacker Leaks 800,000 Scraped Chess.com User Records
- Data scraping firm leaks 235m Instagram, TikTok, YouTube records
- Facebook sues Ukrainian man for scraping, selling 178m users’ data
- This Website is Selling Billions of Private Messages of Discord Users