TL;DR: Open VPN Database (21st Week)

A VPN service claiming that it does not log communications had again logs leaked. An illegal IPTV service was taken down in the Netherlands; and a large amount of medical and financial information was leaked in the US. An 18 year old hacker was discovered and charged with serious crimes by security forces; the founder of the scam service was also convicted; and the ransomware gang may have confused the victims.

Another SuperVPN data leak

Free VPN service provider SuperVPN has exposed a database containing 360 million records. While SuperVPN claims in its terms of service that it does not store user logs, the leak shows otherwise. Up to 133 GB of leaked data contains user emails, IP addresses, geolocation data, device information (e.g. operating systems, Internet connection types and VPN application versions), and identifiers that may be used to assign additional information.

Ransomware attack

A subsidiary company of healthcare provider Point32Health – Harward Pilgrim Health Care has become a target of a ransomware attack. Investigations revealed that, among other things, full personal and health information, including Social Security numbers of subscribers, clients and current contracted providers, may have been leaked. The misuse of the data has not yet been proven.

Illegal service taken down

Europol, in cooperation with Dutch security forces, has taken down an illegal IPTV service. The service provided subscribers with 10,000 TV channels and a library of 15,000 films and TV shows. Suspects of the operation were also arrested and a swoop on the hosting provider GLOBE Datacenter whose website is currently unavailable was made too.

Young cybercriminal

An 18-year-old hacker from Wisconsin USA has been accused of cyberattack that targeted users of DraftKings and BetMGM casinos. He gained access to 60,000 user accounts by testing a stolen list of emails and passwords. If convicted, he faces a maximum sentence of 57 years in prison (for computer intrusion, unauthorised access to a protected computer, wire fraud conspiracy and aggravated identity theft).

Data breach

Home healthcare equipment company Apria Healthcare has disclosed that the data of 1.8 million users of its systems has been compromised after a cyberattack on its servers. The data breach includes, among other things, names, Social Security numbers, medical records and financial records (account numbers, including all credit card details). The misuse of this data has not yet been confirmed.


  • The German automotive and arms manufacturer Rheinmetall has become a target of a Black Basta ransomware attack. The attack is under investigation and has limited the operations of the automotive sector.
  • The British hacker faces a prison sentence of 77 years after pleading guilty to cybercrime offenses including computer hacking, extortion, cyberstalking, wire fraud and money laundering.
  • The founder of the fraud website iSpoof has been sentenced to 13 years and 4 months in prison. He pleaded guilty to manufacturing and providing fraudulent materials, aiding and abetting criminal offences, possessing criminal assets and transferring illicit funds.
  • US newspaper’s publisher The Philadelphia Inquirer figured on the list of victims of the Cuba ransomware gang. The Inquirer analysed the data stolen and published by the gang and found nothing that appeared to come from the company itself. The gang subsequently removed them from the list of victims.
  • Luxottica, the world’s largest eyewear company, has confirmed that one of its partners suffered a data breach. The breach involved 70 million customers and included their email addresses, home addresses, first and last names and dates of birth.

« Späť na zoznam