While the world continues to battle the outbreak of COVID-19, the situation in the digital world isn’t fairing much better. There were numerous reports of new security breaches in 2020, one of the most notable incidents being a data breach of Quidd.
The incident remains rather strange, as Quidd, a major digital collectibles platform, still remains quiet on the breach. Researchers at Risk Based Security managed to confirm that the data of as many as four million users is at risk.
Quidd Data Leak goes Public
Security researchers also verified that the passwords remain encrypted. However, many of them do not belong to regular users but to major corporations. Some of the names that immediately stood out include AIGM Target, Microsoft, and Tuatanota.
The database traveled around private hacking forums for over a month. The data first appeared on Pastebin on March 12 of this year. [ZDNet]
It eventually went public on March 29, finally leaving the shadows of private forums, and is now available to everyone.
Leak Affects Companies and Regular Users Alike
According to reports, the actor behind the leak calls himself ProTag. He has a history of trading emails, passwords, and similar credentials. Now, he seems to have released nearly four million login credentials belonging to Quidd users.
As mentioned, a good portion of the accounts appears to belong to large companies. Even so, the majority of users on Quidd are still teenagers and young adults. All those affected by the data leak should remain on high alert, as it is more than likely that a number of phishing attacks will follow.
Meanwhile, Quidd remains silent, as it still avoids to notify its users of the breach. Regardless, all Quidd users should immediately change their login credentials.
Millions More Affected in Similar Incidents
While the Quidd data leak is a massive incident, it is not the only or even the biggest breach in 2020.
Marriott International was also hit once again at the end of March. The breach affected 5.2 million of the hotel chain’s guests. The new incident comes less than two years after a previous incident that affected 500 million guests over several years.
Not to mention reports of half a million Zoom accounts offered for sale on the dark web, as Bleeping Computer recently revealed. The data included emails, passwords, meeting URLs, and even the users’ Hostkeys.