CTRL + ALT + SEC

Tag: credential stuffing

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/2/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Largest ever data leak exposes over 4 billion user records

The recent exposure of over 4 billion user records in China represents an unprecedented cybersecurity catastrophe, highlighting the extreme vulnerability of personal data in the digital age. This colossal leak, comprising 631 gigabytes of unsecure data, contained a vast array of sensitive information, including financial details, WeChat and Alipay records, residential addresses, and potentially even communication logs. The sheer scale and diversity of the exposed data — ranging from over 800 million WeChat IDs to 630 million bank records and 610 million “three-factor checks” with IDs and phone numbers — strongly suggest a centralized aggregation point, possibly for surveillance, profiling, or data enrichment purposes. This incident underscores a critical failure in data security, leaving hundreds of millions of individuals susceptible to a wide range of malicious activities.

With access to correlated data points on residential information, spending habits, financial details, and personal identifiers, threat actors could orchestrate large-scale phishing scams, blackmail schemes, and sophisticated fraud. The inclusion of Alipay card and token information further raises the risk of unauthorized payments and account takeovers, potentially leading to significant financial losses for users. Beyond individual exploitation, the possibility of state-sponsored intelligence gathering and disinformation campaigns cannot be overlooked, given the perceived nature of the data collection as a comprehensive profile of Chinese citizens. The swift removal of the database after discovery, coupled with the anonymity of its owners, further complicates efforts to understand the breach’s origins and implement protective measures for impacted individuals.

The inability to identify the database’s owners or provide direct recourse for affected users exemplifies the precarious position individuals find themselves in when their data is compromised on such a grand scale. While China has experienced significant data breaches in the past, this incident stands as the largest ever recorded, dwarfing previous exposures.

Projects
- TryHackMe – Hashing Basics – In Progress
Papers
- Research on insider threat detection based on personalized federated learning and behavior log analysis
Articles
- ‘Russian Market’ emerges as a go-to shop for stolen credentials – The “Russian Market” cybercrime marketplace has emerged as one of the most popular platforms for buying and selling credentials stolen by information stealer malware.
- Cartier discloses data breach amid fashion brand cyberattacks – Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers’ personal information after its systems were compromised.
- Meta stopped covert operations from Iran, China, and Romania spreading propaganda – Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread propaganda on social media platforms.
- Victoria’s Secret hit by outages as it battles security incident – Fashion retail giant Victoria’s Secret said it is addressing a “security incident,” as its website and online orders face ongoing disruption.
- Crooks fleece The North Face accounts with recycled logins – Outdoorsy brand blames credential stuffing
- Coinbase breach tied to bribed TaskUs support agents in India – A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange.
- Scattered Spider: Three things the news doesn’t tell you – With the recent attacks on UK retailers Marks & Spencer and Co-op, so-called Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption — currently looking like hundreds of millions in lost profits for M&S alone.
- Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs – Hackers leak data of 88 million AT&T customers with decrypted SSNs; latest breach raises questions about links to earlier Snowflake-related attack.
- FBI: Play ransomware breached 900 victims, including critical orgs – In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023.
- Largest ever data leak exposes over 4 billion user records – In what’s likely the biggest data leak to ever hit China, billions of documents with financial data, WeChat and Alipay details, as well as other sensitive personal data, were exposed to the public. Worryingly, there’s little that impacted users can do to protect themselves.
Podcasts
- Smashing Security 419: Star Wars, the CIA, and a WhatsApp malware mirage
June 9, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/24/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Mike Waltz takes ‘full responsibility’ for Signal group chat leak

The accidental inclusion of a journalist in a high-level Signal group chat discussing military strikes in Yemen has exposed significant vulnerabilities in the US National Security apparatus. While Signal offers strong encryption, this incident underscores that human error remains a critical weak point, as evidenced by the unexplained addition of the reporter. The debate over classified information sharing and the alleged use of auto-delete features raise serious questions about adherence to security protocols and federal record-keeping laws. This event highlights the inherent risks of using civilian communication apps for sensitive government matters, even with robust encryption, and emphasizes the critical need for stringent access controls, comprehensive training, and the consistent use of secure, government-approved platforms.

This “glitch,” as downplayed by some, serves as a stark reminder for cybersecurity professionals that technology alone cannot guarantee security. Robust operational security practices, including strict verification procedures and adherence to data retention policies, are paramount. The incident underscores the necessity of cultivating a security-conscious culture within government and prioritizing the use of dedicated, secure communication channels over potentially vulnerable civilian alternatives. The political fallout and calls for investigation further emphasize the gravity of this lapse and its potential implications for national security and trust.

Projects
- TryHackMe – Networking Essentials – Complete
- TryHackMe – Networking Core Protocols – In Progress
Articles
- Former Michigan assistant coach Matt Weiss charged with hacking college athletes’ computer accounts for intimate photos – Former NFL and University of Michigan assistant football coach Matt Weiss hacked into the computer accounts of thousands of college athletes seeking intimate photos and videos, according to an indictment filed Thursday.
- [Paywall] The Trump Administration Accidentally Texted Me Its War Plans – U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.
- Chinese Weaver Ant hackers spied on telco network for 4 years – A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers
- Police arrests 300 suspects linked to African cybercrime rings – African law enforcement authorities have arrested 306 suspects as part of ‘Operation Red Card,’ an INTERPOL-led international crackdown targeting cross-border cybercriminal networks
- Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach – Infosys McCamish System has agreed to pay $17.5 million to settle six class action lawsuits filed over a 2023 data breach
- New Atlantis AIO platform automates credential stuffing on 140 services – A new cybercrime platform named ‘Atlantis AIO’ provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs.
- After DDOS attacks, Blizzard rolls back Hardcore WoW deaths for the first time – New policy comes as OnlyFangs streaming guild planned to quit over DDOS disruptions.
Podcasts
March 31, 2025
Smishing Example
What is Smishing?

Smishing, a portmanteau of “phishing” and “SMS,” the latter being the protocol used by most phone text messaging services, is a cyberattack that uses misleading text messages to deceive victims. The goal is to trick you into believing that a message has arrived from a trusted person or organization, and then convincing you to take action that gives the attacker exploitable information (like bank account login credentials, for example) or access to your mobile device.

I received this lately and I wanted to share it so you see a real-life example. I’ve blocked out the link for safety.

I did not go to this website, but you can bet they copied the look of USPS’s website along with a login page. This login page will not work for you to login, because this is a fake site. What it will do is capture you’re password and email.

So what, right? No harm done. Well here is another term to learn. Credential stuffing.

What is Credential Stuffing?

Credential stuffing is the automated injection of stolen username and password pairs (“credentials”) in to website login forms, in order to fraudulently gain access to user accounts.

Since many users will re-use the same password and username/email, when those credentials are exposed (by a database breach or phishing attack, for example) submitting those sets of stolen credentials into dozens or hundreds of other sites can allow an attacker to compromise those accounts too.

Credential Stuffing is a subset of the brute force attack category. Brute forcing will attempt to try multiple passwords against one or multiple accounts; guessing a password, in other words. Credential Stuffing typically refers to specifically using known (breached) username / password pairs against other websites.
https://owasp.org/www-community/attacks/Credential_stuffing

This is exactly what these bad guys or hackers will do. They might also sell the list that they get to other hackers. which will then in turn try the same thing. So use a password manager and don’t use the same password on more than one site. Don’t click on anything you are not expecting. If you’re unsure, contact the source directly. In this case, I am not expecting anything from USPS, and I see so many red flags on this I know it is smishing.

Those red flags are:
- I’m not expecting it.
- The senders address – It is not usps.gov which is what I would expect instead it is ups.gidaew24lw@usps.tw. What the heck is that?!
- The URL didn’t make sense either. I would expect usps.gov, but it is a .com and it wasn’t usps.com either. So strange, right?
November 10, 2023