Dark Web Holiday Horror: “Leaksmas” Unleashes Millions of Records on Victims

Leaksmas Dark Web
Image: Resecurity

As the world adorned its festive attire, the cybercriminal community in the shadowy realms of the Dark Web orchestrated their chilling celebration – “Leaksmas.” This event, coinciding with the Christmas season, unfolded as a sinister display of data sharing among hackers, as observed by Resecurity.

The “Free Leaksmas” tag, a twisted token of gratitude, marked the substantial data dumps resulting from breaches and intrusions across a diverse range of companies and government agencies. This malevolent generosity, however, spells dire consequences for victims worldwide, opening floodgates to account takeovers, business email compromises, identity theft, and financial fraud.

Leaksmas Event In The Dark Web | Image: Resecurity

The reach of these breaches was global, impacting nations from France to India, and exposing sensitive data in staggering volumes. A notable breach involved Peru’s Movistar, revealing over 22 million records, including critical DNI numbers, a fundamental identity document in Peru. This breach underscored the urgent need for robust Digital Identity Protection programs, especially in Latin America, a hotbed for escalating cyber-attacks.

The Asia-Pacific region wasn’t spared, with significant leaks involving major credit services in the Philippines and a Vietnamese fashion store, revealing millions of victim records. These breaches are particularly alarming due to their value to spammers and illegal affiliate marketing specialists.

Leaksmas didn’t stop there. A French company saw 1.5 million records shared freely, and Klarna, a Swedish fintech giant, was indirectly hit by a leak of 1.4 million records from a project it acquired. Additionally, a sushi restaurant network in Russia and a Mexican bank suffered significant data leaks, emphasizing the diverse nature of the targets.

SiegedSec, a group known for its past exploits, including the attack on Idaho National Labs, played a prominent role in Leaksmas. They targeted various entities, including Israel’s Shufersal and telecommunications companies BEZEQ! and Cellcom. Their activities suggest a continued threat looming over the coming year.

An alliance of hacktivist groups, known as the “Five Families,” added to the chaos, executing a leak involving a Chinese clothing store and planning more ominous activities for 2024. Their reach extended to India and South Africa, showcasing the breadth of their influence.

Leaksmas, with its release of over 50 million records, serves as a grim reminder of the omnipresent threat of cybercrime. The intricate interconnection between personal data and digital identity makes mitigating these breaches a formidable challenge. The winter holidays, traditionally a time of joy and celebration, have been marred by the dark underbelly of the cyber world, making this season a peak time for cybercriminal activities.

As we step into the new year, the Leaksmas event stands as a stark testament to the evolving landscape of cyber threats, reminding us of the ever-present need to fortify our digital defenses against these invisible yet pervasive adversaries.