Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Infostealer. Show all posts
Malware Attack
Data Breach Database Breach Database Compromised Infostealer Infostealer Malware Malware Attack

Unsecured Database Exposes 149 Million Logins Linked to Infostealer Malware Operations

 

Appearing without warning on the internet, a massive collection of personal login details became reachable to any passerby. This trove - spanning about 96 gigabytes - included close to 150 million distinct credentials gathered from various sources. Not shielded by locks or scrambled coding, its contents lay fully exposed. Inside, endless spreadsheets paired emails with user handles, access codes, plus entry points to accounts. Examination showed evidence of widespread digital theft, driven by aggressive software designed to harvest private information. Such leaks reveal how deeply automated attacks now penetrate everyday online activity. 

Credentials came from people across the globe, tied to many different websites. Access information showed up for big social networks, romance apps, subscription video sites, games, and money-handling services. Among them: login pairs for digital currency storage, bank entry points, and systems linked to payment cards. A mix like that points not to one hacked business but likely stems from software designed to gather passwords automatically.  

What stood out most was the appearance of login details tied to government-backed email addresses in various nations. Though these accounts do not always grant entry to critical infrastructure, basic official credentials might still be exploited - serving as tools for focused scams or fake identities. Starting from minor access points, attackers could work their way deeper into secure environments. The level of danger shifts with each individual's privileges; when higher-access .gov logins fall into the wrong hands, consequences can stretch well beyond a single agency. 

Appearing first in the analysis was a database organized much like those seen in infostealer activities. Keylog results sat alongside extra details - hostnames flipped intentionally to sort thefts by target and origin. Though built on hashes, every record carried its own distinct ID, likely meant to prevent repeats while easing bulk sorting tasks. From this setup emerges something functional: a system shaped for gathering, handling, even passing along login information. Last noted - the traits match what supports credential trafficking behind the scenes. 

With unclear responsibility for the database, reporting went straight to the hosting company. Still, fixing the issue dragged on - weeks passed, with multiple alerts needed before entry was blocked. While delays continued, more data kept flowing in, expanding the volume of sensitive records exposed. Who controlled the system, how long it stayed open online, or whether others harvested its contents stays unanswered. One wrong move here leads to serious trouble. 

When hackers get full logins alongside active URLs, they run automated break-ins across many accounts - this raises chances of stolen identities, fake messages that seem real, repeated fraud, and unauthorized access. Personal habits emerge through used platforms, painting a clearer picture of who someone is online, which deepens threats to private data and future safety. 

Midway through this event lies proof: stealing login details now operates like mass production, fueled by weak cloud setups. Because information-harvesting software grows sharper every month, staying protected means doing basics well - shielding devices, practicing careful habits online, using separate codes everywhere, while adding extra identity checks. Found gaps here reveal something odd at first glance - not just legitimate systems fail from poor setup, but illegal networks do too; when they collapse, masses of people get caught unaware, their private pieces scattered without knowing a breach ever happened.
Read more »
Password
Credentials Data Breach Data Leak Gmail Google Infostealer Password

Gmail Credentials Appear in Massive 183 Million Infostealer Data Leak, but Google Confirms No New Breach




A vast cache of 183 million email addresses and passwords has surfaced in the Have I Been Pwned (HIBP) database, raising concern among Gmail users and prompting Google to issue an official clarification. The newly indexed dataset stems from infostealer malware logs and credential-stuffing lists collected over time, rather than a fresh attack targeting Gmail or any other single provider.


The Origin of the Dataset

The large collection, analyzed by HIBP founder Troy Hunt, contains records captured by infostealer malware that had been active for nearly a year. The data, supplied by Synthient, amounted to roughly 3.5 terabytes, comprising nearly 23 billion rows of stolen information. Each entry typically includes a website name, an email address, and its corresponding password, exposing a wide range of online accounts across various platforms.

Synthient’s Benjamin Brundage explained that this compilation was drawn from continuous monitoring of underground marketplaces and malware operations. The dataset, referred to as the “Synthient threat data,” was later forwarded to HIBP for indexing and public awareness.


How Much of the Data Is New

Upon analysis, Hunt discovered that most of the credentials had appeared in previous breaches. Out of a 94,000-record sample, about 92 percent matched older data, while approximately 8 percent represented new and unseen credentials. This translates to over 16 million previously unrecorded email addresses, fresh data that had not been part of any known breaches or stealer logs before.

To test authenticity, Hunt contacted several users whose credentials appeared in the sample. One respondent verified that the password listed alongside their Gmail address was indeed correct, confirming that the dataset contained legitimate credentials rather than fabricated or corrupted data.


Gmail Accounts Included, but No Evidence of a Gmail Hack

The inclusion of Gmail addresses led some reports to suggest that Gmail itself had been breached. However, Google has publicly refuted these claims, stating that no new compromise has taken place. According to Google, the reports stem from a misunderstanding of how infostealer databases operate, they simply aggregate previously stolen credentials from different malware incidents, not from a new intrusion into Gmail systems.

Google emphasized that Gmail’s security systems remain robust and that users are protected through ongoing monitoring and proactive account protection measures. The company said it routinely detects large credential dumps and initiates password resets to protect affected accounts.

In a statement, Google advised users to adopt stronger account protection measures: “Reports of a Gmail breach are false. Infostealer databases gather credentials from across the web, not from a targeted Gmail attack. Users can enhance their safety by enabling two-step verification and adopting passkeys as a secure alternative to passwords.”


What Users Should Do

Experts recommend that individuals check their accounts on Have I Been Pwned to determine whether their credentials appear in this dataset. Users are also advised to enable multi-factor authentication, switch to passkeys, and avoid reusing passwords across multiple accounts.

Gmail users can utilize Google’s built-in Password Manager to identify weak or compromised passwords. The password checkup feature, accessible from Chrome’s settings, can alert users about reused or exposed credentials and prompt immediate password changes.

If an account cannot be accessed, users should proceed to Google’s account recovery page and follow the verification steps provided. Google also reminded users that it automatically requests password resets when it detects exposure in large credential leaks.


The Broader Security Implications

Cybersecurity professionals stress that while this incident does not involve a new system breach, it reinforces the ongoing threat posed by infostealer malware and poor password hygiene. Sachin Jade, Chief Product Officer at Cyware, highlighted that credential monitoring has become a vital part of any mature cybersecurity strategy. He explained that although this dataset results from older breaches, “credential-based attacks remain one of the leading causes of data compromise.”

Jade further noted that organizations should integrate credential monitoring into their broader risk management frameworks. This helps security teams prioritize response strategies, enforce adaptive authentication, and limit lateral movement by attackers using stolen passwords.

Ultimately, this collection of 183 million credentials serves as a reminder that password leaks, whether new or recycled, continue to feed cybercriminal activity. Continuous vigilance, proactive password management, and layered security practices remain the strongest defenses against such risks.


Read more »
Phishing Attack
ClickFix Cyber Attacks CyberThreat fake alerts FileFix Infostealer Infostealer Malware Malware Attack Meta Phishing Attack

FileFix Attack Uses Fake Meta Suspensions to Spread StealC Malware

 

A new cyber threat known as the FileFix attack is gaining traction, using deceptive tactics to trick users into downloading malware. According to Acronis, which first identified the campaign, hackers are sending fake Meta account suspension notices to lure victims into installing the StealC infostealer. Reported by Bleeping Computer, the attack relies on social engineering techniques that exploit urgency and fear to convince targets to act quickly without suspicion. 

The StealC malware is designed to extract sensitive information from multiple sources, including cloud-stored credentials, browser cookies, authentication tokens, messaging platforms, cryptocurrency wallets, VPNs, and gaming accounts. It can also capture desktop screenshots. Victims are directed to a fake Meta support webpage available in multiple languages, warning them of imminent account suspension. The page urges users to review an “incident report,” which is disguised as a PowerShell command. Once executed, the command installs StealC on the victim’s device. 

To execute the attack, users are instructed to copy a path that appears legitimate but contains hidden malicious code and subtle formatting tricks, such as extra spaces, making it harder to detect. Unlike traditional ClickFix attacks, which use the Windows Run dialog box, FileFix leverages the Windows File Explorer address bar to execute malicious commands. This method, attributed to a researcher known as mr.fox, makes the attack harder for casual users to recognize. 

Acronis has emphasized the importance of user awareness and training, particularly educating people on the risks of copying commands or paths from suspicious websites into system interfaces. Recognizing common phishing red flags—such as urgent language, unexpected warnings, and suspicious links—remains critical. Security experts recommend that users verify account issues by directly visiting official websites rather than following embedded links in unsolicited emails. 

Additional protective measures include enabling two-factor authentication (2FA), which provides an extra security layer even if login credentials are stolen, and ensuring that devices are protected with up-to-date antivirus solutions. Advanced features such as VPNs and hardened browsers can also reduce exposure to such threats. 

Cybersecurity researchers warn that both FileFix and its predecessor ClickFix are likely to remain popular among attackers until awareness becomes widespread. As these techniques evolve, sharing knowledge within organizations and communities is seen as a key defense. At the same time, maintaining strong cyber hygiene and securing personal devices are essential to reduce the risk of falling victim to these increasingly sophisticated phishing campaigns.
Read more »
Shamos
ClickFix Attacks Cookie Spider Infostealer Mac Users malware Shamos

New Shamos Malware Targets Mac Users Through Fake Tech Support Sites

 

Cybersecurity researchers have unearthed a new Mac-targeting malware called Shamos that deceives users through fake troubleshooting guides and repair solutions. This information-stealing malware, developed by the cybercriminal organization "COOKIE SPIDER," represents a variant of the previously known Atomic macOS Stealer (AMOS).

Modus operandi

The malware spreads through ClickFix attacks, which utilize malicious advertisements and counterfeit GitHub repositories to trick victims. Attackers create deceptive websites such as mac-safer[.]com and rescue-mac[.]com that appear to offer legitimate macOS problem-solving assistance. These sites instruct users to copy and paste Terminal commands that supposedly fix common system issues. 

However, these commands actually decode Base64-encoded URLs and retrieve malicious Bash scripts from remote servers. The scripts capture user passwords, download the Shamos executable, and use system tools like 'xattr' and 'chmod' to bypass Apple's Gatekeeper security feature. 

Data theft capabilities

Once installed, Shamos performs comprehensive data collection targeting multiple sensitive areas. The malware searches for cryptocurrency wallet files, Keychain credentials, Apple Notes content, and browser-stored information. It employs anti-virtual machine commands to avoid detection in security sandboxes and uses AppleScript for system reconnaissance.

All stolen data gets compressed into an archive file named 'out.zip' before transmission to the attackers via curl commands. When operating with administrator privileges, Shamos establishes persistence by creating a Plist file in the LaunchDaemons directory, ensuring automatic execution during system startup. 

CrowdStrike's monitoring has detected Shamos attempting infections across more than 300 environments globally since June 2025. The security firm has also observed instances where attackers deployed additional malicious components, including fake Ledger Live cryptocurrency applications and botnet modules. 

Safety measures

Security experts strongly advise Mac users to avoid executing any online commands they don't fully understand. Users should be particularly cautious with GitHub repositories, as the platform hosts numerous malicious projects designed to infect unsuspecting individuals.

For legitimate macOS assistance, users should bypass sponsored search results and instead consult Apple Community forums or the built-in Help system (Cmd + Space → "Help"). ClickFix attacks have proven highly effective across various platforms, appearing in TikTok videos, fake captchas, and bogus Google Meet error messages, making user awareness crucial for prevention.
Read more »
PayPal Data Breach
Credential Stuffing Cybercrime Forum Dark Web Markets Infostealer malware Multi Factor Authentication Password Security PayPal Data Breach

PayPal Password Leak Puts Millions of Users on High Alert

 


It has been reported that millions of PayPal accounts have been traded on underground forums, which has raised a new wave of alarm in the ever-evolving landscape of cybercrime. Using the moniker “Chucky_BF”, a hacker announcing the availability of a dataset of 15.8 million PayPal accounts for the startlingly low price of $750 USD has advertised what he claims is a dataset of 15.8 million PayPal accounts. 

There has been widespread discussion across social media about the trove, which allegedly contains a 1.1 gigabyte text file that stores plaintext email and password combinations, making them accessible and ready for immediate use for malicious purposes. According to the hacker, the records he created cover a wide range of email providers, such as Gmail, Yahoo, Hotmail, among others, suggesting that the victims are spread around the globe. 

A concern, however, may be the inclusion of PayPal-specific login URLs and mobile URLs, which appear to be structured in such a way as to facilitate an automated exploit. The stolen credentials are organized along with direct links to PayPal sign-in portals that you can use to sign into PayPal—for example, the /signin, /signup, /connect, and the Android application URIs—in a way that makes them easy for cybercriminals to deploy as a toolkit. 

According to screenshots of the offer being circulated on the internet, there are rows of raw email:password:url entries, an information dump format commonly used in underground credential dumps. Even though the authenticity of the data has not been confirmed, due to its structured nature and low asking price, concerns have been raised that the data could rapidly be acquired by cybercriminals eager to exploit any portion of the data.

Those who would want to be attackers could use a dataset like this as the foundation for credential stuffing attacks, phishing campaigns, or even large-scale fraud against PayPal users across multiple countries if they wanted to make such a purchase. 

Not just because of the numbers, but because PayPal is a trusted platform for millions of businesses and individuals throughout the world, the hacker’s bold claims have caught the attention of the world. The central player in the global ecosystem of digital payments, even unverified reports of a massive leak raise immediate questions regarding the potential financial loss, the reputational damage, and the security of user identities in an environment that is becoming increasingly hostile. 

It is important to note, however, that while the alleged dataset has sparked headlines, experts emphasise that a thorough analysis of the situation is necessary. Neither PayPal nor any of its subsidiaries have ever been directly breached by large-scale attackers who have taken millions of user records from the company's systems. This distinction is crucial because previous incidents related to PayPal—such as one involving around 35,000 users—were attributed to credential stuffing or the use of previously stolen data, not to flaws within PayPal's own infrastructure. 

If the claims made by "Chucky_BF" are accurate, it appears as though the dataset has more likely come from an infostealer malware infection than from PayPal's servers themselves. A malicious program, known as an infostealer malware infection, infects computers and mobile devices and can often be delivered through phishing emails, malicious downloads, or compromised websites in order to gain access to personal data. 

It has been shown that the malware is silently extracting stored login information, browser history, cookies, and autofill information from a system once inside, then sending this information to cybercriminals. This theory is supported by the fact that the hacker shared samples that included PayPal login URLs and Android URIs. In contrast to the centralised dump that PayPal's systems may have produced, this dataset may have gathered stolen logs from compromised personal devices all over the world, carefully restructured to appear as if they were stolen from PayPal. 

The practice of rebranding or repackaging stolen data is common within cybercrime markets, where rebranding can enhance a person's perception of how valuable it is. Recent discoveries strengthen this belief. Researchers identified 184 million login credentials, including unique usernames and passwords, that had been exposed through a misconfigured cloud server in May of 2025, according to cybersecurity researcher Jeremiah Fowler. 

In the same way that PayPal credentials are believed to have been retrieved via infostealer malware rather than through a direct company breach, those credentials are almost certainly the result of infostealer malware. Information-stealing malware is extremely destructive. In Hudson Rock's research, it has been determined that such malware is not only readily available on the dark web but has been successfully infiltrating not just individual users, but also critical institutions, according to Hudson Rock's research. 

It was found that employees of some of the most sensitive organisations in the United States had been infected by the virus, including the Pentagon, Lockheed Martin, Honeywell, branches of the military, and even the FBI, according to the analysis. Taking advantage of infostealers highlights that even institutions that have robust security frameworks can be compromised, which underscores how vulnerable consumers may be to similar threats that they are not aware of or are unable to protect themselves from. 

PayPal users face immediate and multifaceted risks if the data is fabricated or recycled, millions of real credentials are still in circulation despite the fact that some of the data may be fabricated or recycled. The information that cybercriminals possess can be used to launch credential stuffing attacks in which stolen email-password pairs are tested across multiple platforms in search of accounts whose credentials are reusable. Because most individuals recycle the same login information across a wide range of financial, e-commerce, and social platforms, a compromise of a single PayPal account can lead to an overall e-commerce invasion. 

Besides direct financial theft, there are also other risks associated with structured datasets such as this, including phishing campaigns that can be created to mimic PayPal login pages and lure victims into providing updated credentials. This data can also be used for social engineering purposes by attracting individuals to tailored scams that exploit their trust in financial institutions. Depending on the extent of the data, there could be a loss of revenue, fraud, and recovery costs of billions of dollars, depending on whether it was authentic. 

As of the time of writing, PayPal has not confirmed or denied the authenticity of the dataset. HackRead.com, which reported the sale, was also unable to independently confirm the claims. I have contacted the company to get their opinion, but I anticipate that any confirmation or rebuttal of the statement would affect the level of response its global user base will require. However, vigilance has not been abandoned by cybersecurity experts in cases where unverified leaks make headlines. 

In cases where unverified leaks make headlines, it would be prudent for users to assume the worst and take proactive measures to protect themselves. Analysts recommend that all PayPal users immediately: Reset their PayPal password to a strong, unique one. Enable Multi-Factor Authentication (MFA), ideally through an authenticator app instead of SMS. 

Check linked email accounts for unusual login activity. Use password managers to avoid reusing credentials across multiple platforms. Run updated antivirus and anti-malware scans on devices to detect possible infections. Monitor financial transactions closely, enabling alerts for any suspicious payments. Consider identity theft protection services, particularly for users who conduct significant business via PayPal. 

Experts also stress the importance of an overall digital hygiene program. As infostealer malware has emerged as one of the most potent and pervasive forms of cybersecurity, experts advise updating software regularly, being cautious when browsing, and being sceptical when receiving unsolicited emails or downloading files. 

A significant risk reduction can be achieved for businesses, especially those relying heavily on PayPal for e-commerce, by implementing endpoint protection solutions and employee training programs. The alleged theft of PayPal credentials serves as a stark reminder of the fragile balance between trust and e-commerce in general. 

In spite of the fact that PayPal may not have suffered any direct breaches, the reputational fallout of its brand and its users still lingers, especially when the company's brand is compromised. With the rise of cybercrime marketplaces, stolen or recycled data will likely continue to be retrieved, repackaged, and sold to eager customers for the foreseeable future. 

The only way to stay ahead of attackers is to practice proactive security, so the only way to protect yourself is to stay ahead of them. As a result, whether the 15.8 million credentials that were advertised by “Chucky_BF” represented a real new breach, a compilation of stolen logs, or simply a rebranded dump of older leaks, the underlying issue remains the same: in today's digital economy, personal data is a commodity and vigilance is not optional - it is the price of taking part. 

The lesson from this episode is clear: your password should not be changed after confirmation, but now rather than later. Considering the ever-expanding digital landscape, incidents such as the alleged sale of PayPal credentials underscore a more important truth that security is no longer just an optional layer of protection, but a fundamental responsibility of everyone involved in the online economy today. In addition to immediate countermeasures like password resets or multifactor authentication, users must adopt a mindset of continuous cyber-resilience in addition to these immediate countermeasures. 

Digital accounts should be treated in the same way as physical assets in order to prevent them from being compromised. It is essential to pay close attention to the evolving nature of threats and take the time to utilise tools that go beyond basic security hygiene to detect compromised credentials early, such as hardware security keys, zero-trust authentication models, and regular dark web monitoring. 

There is no doubt that in an environment where a brand's reputation is fragile, cybersecurity awareness is integral to a business's daily operations, especially for small businesses that rely heavily on platforms like PayPal. By embedding cybersecurity awareness into everyday operations, businesses are not only protecting revenues but also strengthening customer trust. 

A proactive approach to layered defences can ultimately be a source of peace of mind for the individual, who is confident that he or she will not be perpetually vulnerable to unseen adversaries while transacting, communicating, and operating online. Cybersecurity may seem complicated at first glance, but it is the discipline of foresight, vigilance, and accountability that ensures digital trust remains strong in the long run.
Read more »
Piracy
Cyber Crime Infostealer Pakistani Scammer Piracy

Pakistani Cybercriminals Turn Piracy Against Pirates in $4M Malware Scheme

 

A massive cybercrime operation based in Pakistan has been exposed after running a sophisticated infostealer malware campaign for five years, generating over $4 million by targeting software pirates. 

Operation details

The criminal network, primarily operating from Bahawalpur and Faisalabad, functioned like a multi-level marketing scheme but distributed malicious code instead of legitimate products. According to research, the group used search engine optimisation poisoning and forum posts to advertise pirated software such as Adobe After Effects and Internet Download Manager. 

Victims were redirected to malicious WordPress sites where infostealer malware, including Lumma Stealer, Meta Stealer, and AMOS was hidden within password-protected archives. The operation utilised disposable domains to mask the true source of infections, making detection more difficult. 

Financial infrastructure

The scheme's backbone consisted of two Pay-Per-Install (PPI) networks: InstallBank and SpaxMedia (later rebranded as Installstera). Over 5,200 affiliates operated at least 3,500 sites, earning payments for each successful malware installation or download. Payments were processed primarily through Payoneer and Bitcoin. 

The scale was enormous, with records showing 449 million clicks and more than 1.88 million installations during the documented period. Long-running domains proved most profitable, with a small fraction generating the majority of revenue. 

Downfall and exposure

The operation was accidentally exposed when the attackers themselves became infected by infostealer malware, revealing credentials, communications, and backend access to their own systems. This breach uncovered evidence of family involvement, with recurring surnames and shared accounts throughout the infrastructure. The group evolved their tactics over time, shifting from install-based tracking in 2020 to download-focused metrics in later years, possibly to evade detection or adapt monetisation methods. 

How to stay safe 

  • Avoid cracked or pirated software; rely on official developer sites and reputable distributors to prevent infostealer exposure at the source. 
  • Keep security suites updated and configure firewalls to block outbound C2 communication, reducing post-compromise impact if malware executes. 
  • Enable multi-factor authentication so stolen credentials are insufficient for account takeovers, and monitor accounts for identity-theft signals.
  • Maintain offline or secure cloud backups for recovery, stay alert to suspicious domain activity, and distrust “free” offers for expensive software that often hide hidden risks.
Read more »
Malware Threat
Browser Credential Theft Cyber Attacks CyberThreat Data Theft Information Security Infostealer Infostealer Malware Malicious Browsers Malware Attack Malware Threat

Shuyal Malware Targets 19 Browsers with Advanced Data Theft and Evasion Capabilities

 

A newly discovered infostealing malware named “Shuyal” has entered the cyber threat landscape, posing a serious risk to users by targeting a wide range of web browsers and deploying sophisticated evasion methods. Identified by researchers at Hybrid Analysis, Shuyal is capable of stealing credentials and sensitive information from 19 different browsers, including lesser-known privacy-focused options like Tor and Brave. 

The malware is named after identifiers found in its code path and represents a new generation of data stealers with expanded surveillance capabilities. Unlike traditional malware that only focuses on login credentials, Shuyal goes deeper—harvesting system-level information, capturing screenshots, monitoring clipboard activity, and sending all of it to cybercriminals using a Telegram bot-controlled infrastructure. 

In his analysis, Vlad Pasca from Hybrid Analysis highlighted that Shuyal performs extensive system reconnaissance. Once it infects a device, it disables the Windows Task Manager to prevent users from detecting or ending the malware’s process. It also hides its tracks by removing evidence of its activities through self-deleting mechanisms, including batch scripts that erase runtime files once the data has been exfiltrated. 

Among the browsers targeted by Shuyal are mainstream options such as Chrome and Edge, but it also compromises more obscure browsers like Waterfox, OperaGx, Comodo, Falko, and others often marketed as safer alternatives. This wide reach makes it particularly concerning for users who believe they are using secure platforms. 

Shuyal collects technical details about the system, including hard drive specifications, connected input devices like keyboards and mice, and display configurations. It compresses all collected data using PowerShell into a temporary folder before transmitting it to the attackers. This organized method of data collection and transfer demonstrates the malware’s highly stealthy design. 

The malware also ensures it remains active on compromised machines by copying itself into the Startup folder, allowing it to launch each time the system is rebooted. 

Although researchers have not yet pinpointed the exact methods attackers use to distribute Shuyal, common delivery vectors for similar malware include phishing emails, malicious social media posts, and deceptive captcha pages. Experts caution that infostealers like Shuyal often serve as precursors to more serious threats, including ransomware attacks and business email compromises. 

Hybrid Analysis encourages cybersecurity professionals to study the published indicators of compromise (IOCs) associated with Shuyal to strengthen their defense strategies. As cyber threats evolve, early detection and proactive protection remain essential.
Read more »
protecting sensitive data
Data Breach Data Sale data security Data Stolen Data Theft Database Leaked Database Security Infostealer Personal Data Personal Information protecting sensitive data

Startup Sells Stolen Personal Data Online for $50, Raising Alarms Over Privacy and Ethics

 

A new controversy is brewing over a U.S.-based startup accused of making stolen personal data widely accessible—for as little as $50. Farnsworth Intelligence, founded by 23-year-old Aidan Raney, is openly marketing a product called “Infostealers,” which allows customers to search a massive database of sensitive information, including passwords, browser autofill data, and private account credentials. 

According to investigative reporting by 404 Media, this information isn’t simply scraped from public directories or legally collected sources. Instead, it appears to come directly from major data breaches—information illegally obtained from hacked websites and platforms. Users can buy access through the company’s online portal, Infostealers.info, raising serious questions about the legality and ethics of such transactions. 

While services like people-search websites have long existed, Farnsworth’s platform seems to go far beyond what’s commonly available. Some of the information for sale includes usernames, passwords, browser history, addresses saved in auto-fill fields, and more—data types typically leaked only after breaches. Their advanced offering, the Infostealer Data Platform, promises even deeper access. Although not available to everyone, it can be granted upon request for uses like journalism, cybersecurity, private investigations, or law enforcement. The company doesn’t appear to require a court order or warrant for access. 

Farnsworth Intelligence makes bold claims about its reach and capabilities. Its website boasts about human intelligence operations and even claims to have infiltrated a North Korean laptop farm via social engineering. It promotes use cases like “corporate due diligence,” “background checks,” and “asset searches,” without clearly explaining how it acquires its “trillions” of data points. The lack of transparency, coupled with the open sale of sensitive data, is alarming. 

Experts argue that while security researchers and cybersecurity firms often monitor breach data to help protect users, monetizing it so brazenly is a different matter entirely. As Cooper Quintin from the Electronic Frontier Foundation notes, “It would be illegal and unethical to sell stolen cell phones even if you didn’t steal them yourself, and I don’t see how this is any different.”  

Even more concerning is the potential for abuse. With no real verification or oversight, bad actors—including stalkers or authoritarian agencies—could exploit this platform to target individuals, especially those already at risk. The implications for personal safety, privacy rights, and digital ethics are profound. 

This development underscores how data breaches don’t just disappear—they become weapons for profit in the wrong hands.
Read more »
Subscribe to: Comments (Atom)