… And other things they do “for fun”.
When hackers find unprotected or weakly secured servers, they abuse them in order to get “useful” information, that we otherwise call PII data: Personally identifiable information. This information directly identifies an individual (e.g., name, address, social security number, telephone number, email address, etc.). When this kind of data gets into hackers’ hands, it opens up various attack vectors, depending on the cyber criminal’s goals. It might be an attack on the victim’s employer, or, an attempt of getting money directly from the victim by, for example, hacking other accounts belonging to the victim, blackmailing or infecting with a malware.
If hacked services are caught to be neglect to cyber security, threat actors prefer to mock them on underground hacking platforms.
What has happened?
On August 30, 2022 an online platform for independent landlords and renters Renting Authority has been hacked. The threat actors have shared online sensitive information extracted from the platform the very same day.
Renting Authority proposes online tools for landlords in order to connect with the perfect tenants. According to the website, landlords users get access to potential tenants’ applications, including information about their background, employment and credit reports. Online agency states that it has helped 265,000 clients.
What is so special about this data leak?
Data leak has affected the total of 376k users. The breach led to the exposure of various PII data including Email addresses, Dates of birth, Phone numbers, Full names, Divers License Numbers, SSNs (Partial) and Passwords stored in Plaintext.
Wait, what? Is it even legal to store passwords in plaintext(without any encryption) in 2022?
Guess, that is the same thing hackers have thought when they broke into service’s database. They rushed to share their finding with the audience, supported by the message:
The Kaduu Team verified the leaked credentials and was able to log into one of the accounts, which confirms the authenticity of the data leak. From what our team has been able to detect is that personal accounts have been indeed widely modified by the third parties, including evicting tenants, wiping out real estate information, changing landlords name etc.
As of September 1, 2022 Renting Authority has not released any statements about the incident.
Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.