Data Breach Summary
In March 2023, InsecureWeb discovered a data breach affecting bitaksi.com, a popular ride-hailing and delivery service in Turkey. The breach was posted by Pavlov, a notorious dark web hacker, on HydraMarket on March 24, 2023. The breach resulted in the theft of sensitive data of 10 million people, including names, addresses, phone numbers, emails, credit card digits, and passwords.
Where and How?
The breach was discovered on a dark web forum, hydramarket.co, where Pavlov advertised the data dump. The data dump contained sensitive information such as user tokens, shopping information, trip information, and hashed passwords of customers. The data was likely obtained through a SQL injection attack, a common method used by hackers to exploit vulnerabilities in websites.
A Screenshot of the data can be found below:
Company Data Breach History
Bitaksi.com has a history of data breaches, with several incidents reported in the past. In 2018, the company suffered a data breach that resulted in the theft of personal data of 13,000 drivers. The company has been criticized for its lack of adequate security measures to protect user data. This site is working with cybersecurity experts to further investigate the incident and is taking steps to strengthen its security measures in order to prevent similar breaches from occurring in the future.
Recommendations for Personal Data Protection
How Users Can Protect Their Information
To protect their personal information and accounts from being compromised, users should take the following steps:
– Change their passwords frequently, with a combination of letters, numbers, and symbols.
– Enable two-factor authentication whenever possible.
– Use unique passwords for each account, to prevent hackers from accessing multiple accounts with the same password.
– Be cautious of suspicious emails or messages, as they may contain phishing links that can compromise their accounts.
– Regularly monitor their accounts for any suspicious activity.
What is InsecureWeb?
InsecureWeb is a Dark Web monitoring service that keeps track of recent data breaches and tracks their impact by monitoring the darkest places of the internet. InsecureWeb notifies users and enterprises when their data has been found online and helps them mitigate the impact.