A threat actor going by the alias “Dominatrix” has uploaded a massive trove of 332 million emails allegedly scraped from SocRadar, making them freely available on BreachForums.
The threat actor posted on BreachForums on August 3, 2024, claiming that the emails were scraped from SocRadar.io in July 2024 by another hacker known as “USDoD,” who offered them for purchase for $7,000.
The data, originally obtained through scraping, was then sold to Dominatrix, who decided to share it with the hacking community.
Dominatrix's post reads: “In July 2024, @USDoD scraped socradar.io extracting 332 million emails parsed from stealer logs and combolists. I have purchased the data to share with you all today.”
This incident is not considered a traditional data breach, as it involves data scraping—an automated process of extracting information from websites, typically by mimicking human behavior to bypass anti-scraping measures. In SocRadar's case, the hacker might have exploited API flaws or other vulnerabilities to gather the data.
SocRadar disputes the claims
The name “USDoD” is familiar in the cybercriminal community. This hacker has previously been involved in high-profile incidents, such as leaking sensitive data of Airbus vendors in September 2023 after breaching Turkish Airlines. In another case from November 2023, the hacker leaked 35 million LinkedIn user records, highlighting his capabilities in scraping large datasets from prominent platforms.
SocRadar is a cybersecurity firm specializing in providing threat intelligence, digital risk protection, and attack surface management. They collect vast amounts of data to offer insights into potential security threats, vulnerabilities, and other cyber risks. The extensive email database could have originated from stealer logs and combolists—databases compiled from various sources, including malware and phishing campaigns.
When we asked SocRadar about this possibility, the firm flatly denied it via a statement, saying that neither threat actors have provided evidence the data was gathered from its platform.
“The threat actors impersonated a legitimate company and subscribed to our platform to collect data. They then obtained the names of Telegram channels used to gather email addresses and falsely represented this data as being sourced from SOCRadar,” explained the firm's Chief Security Officer Ensar Seker.
“We emphasize that these actors have been consistently targeting the US government and military, and now US companies, which necessitates a heightened level of caution regarding their claims,” added Seker.
Impact and precautions
Scraping isn’t as dangerous as data breaches and hacks since it concerns already publicly available information. However, these data sets are structured and allow correlating people with online services, enabling threat actors to perform more targeted bruteforcing or phishing attacks, and creating complete profiles when combining with other leaked data sets. Ultimately, these incidents constitute a privacy breach for exposed users no matter where the data leak point lies exactly.
It is advisable to always enable multi-factor authentication to protect your account from hijacking attempts, monitor all your online accounts for unusual activity, and treat unsolicited communications with extra caution.
U.S. Court Rules Against Google in Landmark Antitrust Case
Leave a Reply