These 199 Domains Have Been Breached by Hackers

• Researchers have discovered a collection of 199 websites that have been breached by hackers.
• The websites may not have realized the security incident, or they may have chosen not to disclose it.
• Moreover, the was a data leak over the weekend, affecting millions of Indian job seekers.

The dark and deep web monitoring platform “Cyble” has discovered the breach of a set of 199 websites, and it is publishing the data to help internet users protect themselves. In total, there are approximately 4.3 million user accounts that are being risked due to this incident. Of course, there’s potential for even more if people keep on visiting the sites and creating new accounts there. The websites belong in various categories, from pornography to accounting services, and from event planning to online consumer electronic stores. The 199 breached websites are the following:

If you have visited any of these websites in the past, and especially if you have created an account there, it means that you should now treat it as compromised. Thus, visit the breached domain and reset your credentials. Moreover, you should change your credentials on all the platforms where you could use the same email and/or password to avoid falling victim to stuffing attacks. If you don’t have the time to check the list entries one by one or want to be certain about the findings, you may also use Cyble’s search engine. Note that these websites may not have realized that they have been breached or have chosen not to disclose the incident publicly.

Over the weekend, the same platform has made yet another discovery which involves the leaking of Indian job seeker data. At first, the hackers announced that they have 29.1 million records containing the personal details of unemployed Indians - indeed, Cyble’s researchers located several databases that were exposed by distinct groups and which affect people from different states in the country. The source of the 29.1 million records is most likely a resume aggregator service used by various companies and organizations in India. The exposed information includes names, email addresses, physical addresses, skills, qualifications, work experience, and more.

Soon after the first online appearance of the databases, various actors started leaking the data on dark web forums. First, there was a set containing 1.8 million details of people from the Madhya Pradesh state that was published on a private forum. Yesterday, a different group of actors released 2,000 Aadhaar cards (national IDs) on another well-known dark web forum. Interestingly, most actors decided to leak these subsets of data for free, and a possible explanation is that the data has already reached a large number of individuals. The initial breach appears to have occurred last year, so this information may have already been maliciously used quite a while back.