Data Breach Summary
In June 2023, a significant security breach happened at Hyperface.co, a technology company specializing in facial recognition services. Our team at InsecureWeb detected the breach on June 22nd, 2023. The hacker, known as “sumo,” accessed the database of Hyperface.co and published stolen information on the dark web forum “Sumo.”
Sumo obtained access to a database containing sensitive customer information from Hyperface.co. The information stolen includes sensitive financial data, including customer IDs, account numbers, card numbers, card expiry dates, and approved credit limits.
Where and How?
Further investigation revealed that the breach happened on a dark web forum called Cronos, a well-known channel for trading stolen data and services. The hacker Sumo is believed to have breached Hyperface.co’s firewall as there was no indication of physical intrusion or extraction of devices.
The compromised data includes crucial financial information, such as client IDs, account numbers, card numbers, card expiry dates, approved credit limits, available credit limits, current balance, and block codes. The stolen data also contains sensitive information such as retail spends this cycle and a callback URL.
A Screenshot of the data can be found below:
Company Data Breach History
There is no known history of security breaches at Hyperface.co. However, the breach serves as a reminder to all technology companies that data breaches remain a constant threat.
Hyperface.co’s management is working closely with its cybersecurity team to prevent future similar events. The company has assured its customers that additional measures will be put in place to ensure the safety of their data.
Recommendations for Personal Data Protection
How Users Can Protect Their Information
To protect their personal information and accounts from being compromised, users should take the following steps:
– Change their passwords frequently, with a combination of letters, numbers, and symbols.
– Enable two-factor authentication whenever possible.
– Use unique passwords for each account, to prevent hackers from accessing multiple accounts with the same password.
– Be cautious of suspicious emails or messages, as they may contain phishing links that can compromise their accounts.
– Regularly monitor their accounts for any suspicious activity.
What is InsecureWeb?
InsecureWeb is a Dark Web monitoring service that keeps track of recent data breaches and tracks their impact by monitoring the darkest places of the internet. InsecureWeb notifies users and enterprises when their data has been found online and helps them mitigate the impact.