Εργαστήριο Αναγνώρισης Προτύπων Hacked by AlbSec, Administrator Login Credentials Leaked Online

Earlier today the Computational Biology and Bioinformatics Group of the Department of Electrical Engineering of the University of Patras, Greece compromised via data leak by a group of hackers calling themselves “albsec.” Researching the group a little further, there appears to be no information about the group available on the ClearNet and it doesn’t appear as though they are active on social media venues either. 

It remains unknown what the motivation behind the hack and leak was, but exposed by the data breach are the usernames, emails and passwords of 26 users stolen from one of the sites internal databases entitled BioInfo. The login credentials theoretically allow anyone to log onto the website and gain access to whatever information each individual user has uploaded about themselves. Given that the credentials of one of the sites admins was also exposed in the breach, the leak also allows for root administrator level access over the website as well.  

Target: hxxp://prlab.ceid.upatras.gr/
Raw Leak: https://pastebin.com/raw/fXKsQJ8d
Leak Backup: https://anonfile.com/T1v04evbbb/leak_by_albsec_txt

Corpo de Bombeiros Militares de Tocantins Hacked by Al1ne3737, 32.24 KB of Data Leaked Online

Earlier this morning, February 26th 2019, the Military Fire Brigade of Tocantins, Brasil was compromised by a massive data breach. The hack/leak itself was claimed by “Al1ne3737” of the international hacking group known as “M1n3 B0ys,” whom managed to leak approximately 32.24 KB of data across 6 databases via the text file provided below. The leak itself features some interesting information, including the login user name, email address and password of 26 users, along with the National Cadastro de Pessoas Físicas (CPF) numbers, email addresses and passwords of 29 employees/personnel, as well as the login username, email address and password of 361 members of the Brigade.

Alvo: hxxp://bombeiros.to.gov.br
Raw Leak: https://pastebin.com/raw/ykFuNgH5
Database Download (32.4KB): https://anonfile.com/z7i1nevfba/Military_Fire_Brigade_of_Tacontins_txt

Admin Login: hxxps://intranet.bombeiros.to.gov.br/
CPF: 65872665172
PASS: 53749273

Screen Shot from Hacked Database:

No photo description available.

Companhia de Águas E Esgotos do Estado de Rondônia Hacked by H4XSEC, Database Credentials Leaked Online

Earlier today a new group of Brasilian hackers going by the name of “H4XSEC” announced a hack and leak of the Company of Waters and Sewers of The State of Rondônia (CAERD), Brasil. Included in the leaked information provided below are the login user names and passwords of two site administrators, granting full access to two site databases hosting information related to site downloads, documents, events, videos, postings and online reports – along with much more. The leak also includes the personal email addresses of 255 staff members belonging to the company.

Alvo: hxxp://caerd-ro.com.br/
Raw Leak: https://ghostbin.com/paste/36qg2

No photo description available.

Browse Through All Leaked Data:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/01/36qg2-Ghostbin.pdf” title=”36qg2 – Ghostbin”]

#OpSudan: Corporate Data from Tirhal Taxi Service Hacked by Mr. Sniper

In conjunction with the ongoing web attacks launched in solidarity with the people of Sudan as they launch a new revolution against their Government, a hacker going by the name of “Mr. Sniper” has announced a hack and data leak effecting a Sudanese company known as Tirhal – the self proclaimed Uber of Sudan. While not much is known about the hacker or hack in question, nor how much data was physically stolen from Tirhal servers, Mr. Sniper has released several screen shots of the hack as he browsed his way through the databases compromised – providing small insight into the breach.

Analyzing some of the pictures from the hack/leak, it appears as though he was able to steal sensitive information tied to Tirhal taxi drivers, including but not limited to their names, state drivers license numbers, registered car makes and models, as well as individual license plate numbers – along with trip logs from some of the drivers customers/clients. Rogue Media Labs has reached out to Mr. Sniper for comment on the hack or access to the leaked information, but as of January 24th 2019 has yet to receive a response.

Website Compromised: hxxp://tirhal.net/

Screen Shots from Hack:

Lenovo Website Servers Haxxed, Data of +1 Million Users Compromised by New World Hackers

Just before the new year broke, Eastern Standard Time, “Qurlla” of New World Hackers announced a major leak of Lenovo web servers, releasing what was perhaps the single largest data dump I have ever seen. According to the hackers behind the leak, even after the initial leak was posted online downloads from the website were still ongoing.

According to Qurlla, Lenovo’s web servers were originally compromised via SQL injection off of an outdated product ID number. Meaning that the hackers were able to find a product ID online which accidentally led them to an error page. Then, using this error page, hackers proceeded to enter a series of query strings ultimately granting them full administrator level access over the website and all its contents – allegedly over 20 GB of data.

According to the estimates of hackers involved in the breach, over 127,000 customers were effected and over 1 million registered users exposed. Browsing through different tables attached to the leaks, you can find information such as payment providers and plans, access to the websites video files, chatroom and registered email users, as well as their email exchanges/messages with Lenovo staff. You can find the shipping addresses of customers, order numbers, password history, customer account login information, mailing lists and much more. You can even find a list of IP Addresses blacklisted by the website, nearly 2,000 lines of data in total – composing of access to dozens of databases and hundreds of folders/tables.

Database IP: 66.147.244.90

Website Login: https://lenovo.com/us/en/login
Root Login Username: Lenovo
Password: 070928ee0c13fa61708001bda30fff23

Database Download (27.03 KB): https://anonfile.com/A2sfxapab2/dumps.txt_zip
Credit Card’s Stolen: https://ghostbin.com/paste/3nh4x

https://twitter.com/Qurlla/status/1079919133930737664?s=19

Vox Political Party Hacked by La Nueve, 30,000 Records Leaked Online

Last night the right-wing political party known as Vox (the Voice), founded in Madrid, Spain in 2013, was hacked by a group of Anonymous going by the name of “La Nueve.” In a posting on Twitter, La Nueve explained that they carried out the attack to troll new GDPR laws designed to encrypt and protect user data online, stating that “The RGPD-GDPR will not be applied to this gang. They will say that their data was protected and encrypted (false, passwords in plane or in MD5)” but it wasn’t. To prove this, La Nueve leaked “sensitive tables and about 30,000 records” online last night.

What makes the hack even more entertaining is the fact that La Nueve actually gave Vox greater than 20 hours heads up that an attack was immanent, and site administrators still weren’t able to harden or protect their servers in time.

https://twitter.com/La9deAnon/status/1072907757781770240

Spanish authorities have verified the legitimacy of the hack/leak. According to the Telematics Crimes Unit of the Civil Guard, though the site was hacked, La Nueve was only able to gain “access to the records of registered of the users who have signed up for Vox’s website to receive updates/information” about important political events or releases. Adding  “that the group has accessed party information, but not to the data of the affiliates or donors” – which “are hosted on other, more secure servers.” The event marked the second time in the last 2 months that Vox’s servers were either taken down or compromised. 

Website Effected: hxxp://voxespana.es

https://twitter.com/La9deAnon/status/1072930655544242179

Databases of Faculdade Faveni Hacked and Dumped Online, Exposing Information on +400 Students

Earlier today, December 11th 2018, “Ergo Hacker” of Pryzraky announced a hack of Faculdade Faveni, a post graduate university in Venda Nova do Imigrante, Brasil. The hack itself was carried out in conjunction with #OpEdu, a much broader hacking operation targeting international colleges and universities which as already seen the hack/leak of Baqai Medical University in Pakistan, l’académie de Grenoble in France, San Jose State University in the US and Academia Nacional De La Historia De La Republica Argentina – among many others.

In the press release provided below, Ergo explains how he was able to breach PHP 5.5.38 file systems attached to two MySQL 5.0 databases belonging to the hostname (sv251.faveni.edu.br). Presumably exploiting the back-end of the website via SQL Injection, Ergo then managed to uncover and extract approximately 128.27 KB of data pertaining to over 400 post-graduate students, including full names, emails, CPF, tuition rates, course enrollments and much more.

Website Effected: hxxp://posgraduacaofaveni.com.br/
Full Raw Leak: https://ghostbin.com/paste/2ovuf
Database Download (128.27 KB): https://anonfile.com/X5Z3vfn1b3/alunos_xlsx

https://twitter.com/ergo_hacker/status/1072588043222167554

Brasilian Based Cloud Storage & IT Solutions Firm Tivit Compromised by Massive Data Breach

In news first brought to my attention via Defcon Lab on December 12th 2018, various databases and cloud storage servers belonging to Tivit, a Brasilian based IT solutions and network storage provider, were hacked/compromised by unnamed assailants. In a series of leaks across Twitter over a 5 day time period, between December 7th-12th 2018, the login user names and credentials to more than a dozen Tivit cloud storage clients/accounts were dumped online. At the present moment in time no one has claimed responsibility for the hack, and it appears as though though the Twitter handle used to leak the information online (@infoleakbr) was created earlier this month exclusively for this very purpose.

About the incident in question, as was explained by Defcon Labs, “São quase mil linhas de código que aparentam conter rotinas internas da empresa, além de credenciais de acesso de diferentes clientes empresariais de grande porte.” Adding that “Os dados parecem ser documentação de processo interna da própria empresa, sendo incerto se foram produto de uma ação ofensiva ou publicados involuntariamente por equívoco.” You can view all the leaks in their entirety below.

Translation:

About the incident in question, as was explained by Defcon Labs,”there are almost a thousand lines of code that appear to contain internal company routines, as well as access credentials of different large enterprise customers.” Adding that “The data seem to be internal process documentation of the company itself, and it is uncertain whether they were the product of an offensive action or published involuntarily by misunderstanding.” You can view all the leaks in their entirety below.

Identifiable Clients Exposed By The Breach:

CIP – hxxps://www.cip-bancos.org.br/SitePages/Home.aspx
BROOKFIELD ENERGIA – hxxps://renewableops.brookfield.com/en/presence/latin-america
JMACEDO – hxxp://www.jmacedo.com.br/
MULTIPLAN – hxxp://multiplan.com.br/
BRASKEM – hxxps://www.braskem.com.br/
BANCO ORIGINAL – hxxps://www.original.com.br/
FABER – hxxp://www.faber-castell.com.br/
SAE – hxxp://portal.saebrasil.org.br/
MITSUI – hxxps://www.mitsui.com/br/en/index.html
ZURICH – hxxps://www.zurich.com.br/
KLABIN – hxxps://www.klabin.com.br/en/home/
VOTORANTIM – hxxp://www.votorantim.com.br/
SEBRAE – hxxp://www.sebrae.com.br/sites/PortalSebrae

Raw Client Credentials Leak: https://pastebin.com/7RZCj45S
Database File Download 1 (18.31 MB): https://anonfile.com/M7ObI0k1b0/Leak_zip
Database File Download 2 (617.68 KB): https://anonfile.com/X6Vbpanfb3/KBA00052701-TOPOLOGIA_DE_REDE_CHEQUE_LEGAL_SP_RJ_v344_pdf
Database File Download 3 (266.83 KB): https://anonfile.com/i5W0pan9bb/KBA00051808-Topologia-CIP_Ambiente_STD_pdf
Email Database Download (149.69 MB): https://bayfiles.com/76Jej8lbbf/Emails_7z

Hundreds of French Police Officers Doxxed by Anonymous In Retaliation for Crimes/Brutality Against Protesters This Weekend

** WARNING: This article contains graphic content that may be offensive to some Sheeple **

In retaliation for the brutality and crimes of at least SOME police officers in France this weekend, in conjunction with #OpFrance, members of the Anonymous Hacker Collective have managed to hack various databases affiliated with French national police force, leaking sensitive information online. The hack was announced by self proclaimed “Anarchists” working for a new group calling themselves the “Anonymous Anarchist Agency,” whom somehow managed to obtain the identities of hundreds of police officers. In the leak/doxx provided below, you can find the email address, phone number, name and titles of hundreds of police officers across France.

Raw Leak 1: https: https://zerobin.net/?40e5d0662b3d1f49#WWf9QP0CGlkjAUntrg01twjoXvjB8AZ63LsS0c5ROp4=
Raw Leak 2: http://zerobinqmdqd236y.onion/?49df651e784d0e78#mNvFlU9ws0i97A6NzH8p+U8urS8jDXRfFV36MLMOdUA=

In a message to the international public, the Anonymous Anarchist Agency stated:

NO JUSTICE NO PEACE

The logic of state and capitolof punishment and imprisonment must be replaced by a rejection of oppression and exploitation. This call is one step in that direction. We come together to break the loneliness and isolation. Offensive solidarity with our comrades who face repression in France and other regions around the Earth. The memory of our comrades is fuel to stoke the flames of our lives in permanent revolt.

Salut

Anonymous Anarchist Agency

https://twitter.com/AdoptedYooper/status/1071752757609025537?s=19

https://twitter.com/karenfelizlive/status/1071934778587447296?s=19

https://twitter.com/Yemenai2/status/1071524902191157248?s=19

City Council of Rio de Janeiro Hacked by Shawty Boy, Access To Thousands of Records Released Online

Earlier today, “Shawty Boy” of Pryzraky announced a hack of the website belonging to the City Counsil of Rio de Janeiro, Brasil, managing to leak the credentials belonging to dozens of site administrators online. In a press release dated December 6th 2018, Shawty Boy explains how the Council website was vulnerable to SQL Injection, allowing him to gain administrator level access to the website back end – though the specific URL effected was not disclosed. Exposed in the leak featured below, you can find the account username, email address and password for 34 website users/administrators, providing access to 58 site databases containing thousands of records.

Interestingly enough, browsing through the contents of the leak, it appears as though this was not the first time this particular website has been hacked. I say this because under one of the exposed databases I found a user name and data table belonging to a different Anonymous hacker that I used to do business with throughout the past. For the purposes of this article, I am choosing to keep their name “redacted.” In a conversation with a member of Pryzraky, they claim to have no knowledge of the Anonymous hacker implicated, indicating that they must have hacked the website and set up an account tied to the back-end of the City Council website at some point in the past, essentially serving as a de factoWorm” to access the website at any time they want throughout the future – lulz. Perhaps it goes without saying, but I think the IT director for Rio de Janeiro should officially consider himself fired.

Website Effected: hxxp://camara.rj.gov.br
Raw Leak: https://ghostbin.com/paste/ugmbz/raw

https://twitter.com/Lil_Sh4wtyy/status/1071037817587945473

UK Parliament Publishes Seized Facebook Documents from Cambridge Analytica Scandal/Investigation

I’m going to keep this one short and sweet. Yesterday, December 5th 2018, U.K. lawmaker Damian Collins released the entire trove of Facebook documents seized as a result of the 2018 Cambridge Analytica scandal and subsequent investigation, 250 pages in total. Among other things, the documents are said to detail Facebook‘s strategy/tactics when competing with other Apps or social platforms online, as well as how the company was known to White-list or protect the data from high paying companies/customers, whilst simultaneously exposing/exploiting the data of others.

Despite months of investigation, UK’s Parliament maintains that they have not been getting “straight answers” from Mark Zuckerberg or his company, which is why the decided to release the documents to the public this week – to step up public pressure on the company. Perhaps more importantly, the documents were also released as to give US authorities a chance to look over the information for themselves, especially considering that tens of millions of American voters were the ones implicated in the 2018 Cambridge Analytica data breach. If US authorities deem necessary, Facebook could face serious fines from the Federal Trade Commission in the near future- though that still remains to be seen.

For now, you have equal opportunity to view the documents in live time just as our own Government does – and honestly, how rare of an opportunity is that? This is why, along with UK’s Parliament, so too is Rogue Media Labs publishing the documents.

Download The Documents for Yourself: https://www.parliament.uk/documents/commons-committees/culture-media-and-sport/Note-by-Chair-and-selected-documents-ordered-from-Six4Three.pdf

Browse Through The Full Release:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2018/12/facebook-cambridge-analytica.pdf”]

Academia Nacional De La Historia De La Republica Argentina Hacked by Pryzraky

On December 6th 2018, the website of the Academia Nacional De La Historia De La Republica Argentina (the National Academy of History of the Argentine Republic) was hacked, and sensitive information tied to clients of the website were leaked online. The hack was claimed as a result of a joint operation conducted by Brasilian Based hacking group “Pryzraky,” including members @Mecz1nho@Ergo_hacker@SH4RPSH0OTER@Purpl3P@Lil_Sh4wtyy@zglobal_@Penichemito.

According to SHIZEN, hackers were able to exploit an Apache 2, PHP 7.0.30 file server attached to the back end of the website via SQL Injection – though they declined to share the exact payload or specific URL address effected. Among the data exposed, includes the first and last names, telephone numbers, email addresses, physical addresses and identification numbers of various clients belonging to the website.

Website Effected: hxxp://www.anh.org.ar/
Raw Full Leak: https://ghostbin.com/paste/nmw7d

https://twitter.com/zglobal_/status/1070775158414237696