Mastodawn

Skeevie May 20, 2024

Very interesting article about how the founder of the largest forum for selling stolen data was found. In this case, leaks and a serious attack on his site helped to find his real name, but the researcher was able to link many pompompurin's accounts even without that.

Which is a good reminder: use different usernames and emails on different services. And using an email with your real name in the address is not a good idea if you want to stay anonymous :)

https://arden22.substack.com/p/pompompurin-and-breachforums

Pompompurin and BreachForums

Something more than a year has passed since Pompompurin was detained by the FBI. I did this investigation on him when it happened, and now after some time, I’ve decided to make it public here. The goal of the investigation was simple, I just wanted to find who pompompurin was, how he became the creator of BF (BreachForums) and how he ended up detained (bad OPSEC as usual :)). Keep in mind that everything you are about to see is Open Source.

Arden’s Substack

Show thread

Skeevie Apr 23, 2024

And I always recommend all users to use ad and tracker blockers. They protect against tracking, these kinds of leaks, and also make web pages lightweight.

Show thread

Skeevie Apr 23, 2024

It is the responsibility of website owners to safeguard the data of even unregistered users. A good practice is to use alternative ethical analytics systems that do not collect personal data.

Show thread

Skeevie Apr 23, 2024

The problem is that web analytics services know too much about you. For example, the Russian service Yandex.Metrica allows website owners to record and replay all mouse movements and keystrokes of users. This service is provided by a search engine, so you can also see all the interests of each individual user (in addition to visited pages and data about ISP and location).

Skeevie Apr 23, 2024

Data leaks are getting weirder and weirder. There are posts on shadow forums about selling web analytics data.

Show thread

Skeevie Jan 29, 2024

Do not use suspicious services and Telegram bots! Their only purpose is to collect your data.

Show thread

Skeevie Jan 29, 2024

It's a good practice to periodically check yourself in leaks using specialized services. If you find yourself in a leak, I recommend changing your password and login/email. This can protect you from phishing and hacking attempts through password brute force.

I prefer these services:
- https://haveibeenpwned.com/
- https://cybernews.com/personal-data-leak-check/

Have I Been Pwned: Check if your email address has been exposed in a data breach

Have I Been Pwned allows you to check whether your email address has been exposed in a data breach.

Have I Been Pwned

Skeevie Jan 29, 2024

#PrivacyWeek this year was memorable for the largest #leak we've ever seen: 26 billion records collected in a single leak. Many of these are already known leaks, but there are also previously unpublished data.

How Apple and Amazon Security Flaws Led to My Epic Hacking

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. Here's the story of exactly how my hackers created havoc by exploiting Apple and Amazon security flaws.

WIRED

Skeevie Jan 18, 2024

Once, I wanted to contact the owner of a site. I explored this site, but didn't find any information about the owner. I thought it would be a difficult task — to find at least some traces.

I was wrong. A simple check of WHOIS info gave me full name, home address, phone number, and email of the owner.

Sometimes investigations are easier than it is shown in films.

#privacy #security #anonymity #cybersecurity #infosec