Data Breach Summary
In April 2023, we at InsecureWeb detected a data breach on the Cfire platform of Mail.ru, a leading Russian online email and instant messaging service. The breach was posted on the Telegram channel #@leakdatabreaches by an anonymous user known as “@”. The compromised information totaled 793MB and included sensitive data belonging to the platform’s clients.
Compromised Information:
The compromised information includes email addresses, passwords, and other personal information belonging to Cfire platform’s clients. The hackers now have access to this information, which can be used for identity theft, fraud, or other malicious activities. This incident puts the platform’s clients at significant risk of financial loss and damage to their personal reputation.
Where and How?
Our investigations revealed that the security breach was found on telegram.org and was posted on the Telegram channel #@leakdatabreaches. The identity of the hacker remains unknown, and it is still unclear how they gained access to the platform’s database. However, the hacker was able to extract a significant amount of sensitive information, posing a significant risk to the platform’s clients.
A Screenshot of the data can be found below:
%20Leaked%20by%20%23%40leakdatabreaches%2C%2004-20-2023.png)
Company Data Breach History
This is not the first time that Mail.ru has experienced a data breach. In 2014, the company experienced a significant breach in which the personal information of its clients was compromised, including email addresses and passwords. The company has since taken steps to improve its security measures, but this latest breach shows that there is still work to be done.
Recommendations for Personal Data Protection
How Users Can Protect Their Information
To protect their personal information and accounts from being compromised, users should take the following steps:
– Change their passwords frequently, with a combination of letters, numbers, and symbols.
– Enable two-factor authentication whenever possible.
– Use unique passwords for each account, to prevent hackers from accessing multiple accounts with the same password.
– Be cautious of suspicious emails or messages, as they may contain phishing links that can compromise their accounts.
– Regularly monitor their accounts for any suspicious activity.
What is InsecureWeb?
InsecureWeb is a Dark Web monitoring service that keeps track of recent data breaches and tracks their impact by monitoring the darkest places of the internet. InsecureWeb notifies users and enterprises when their data has been found online and helps them mitigate the impact.