The carder forum CVV2Finder claims to have more than 150 million logins, from several popular services, including Netflix and Uber. The operators in the forum are offering the precious commodity to the VIP members.
According to the experts, the data were obtained by exploiting the recently discovered Cloudbleed, a flaw that was causing the leak of a wide range of sensitive information in the CloudFlare infrastructure, including authentication cookies and login credentials of numerous organizations using the popular service.
The Cloudbleed security issue with Cloudflare servers has a significant impact on numerous major organizations, including Uber, Fitbit, 1Password, and OKCupid. Cloudbleed also affects mobile apps, because, they are developed using the same backends as browsers for content delivery and HTTPS (SSL/TLS) termination.
The flaw was discovered by the popular researcher Tavis Ormandy from Google Project Zero Team.
The Canadian researcher Phineas (@itsphin) published on GitHub a list of more than 4 million domains possibly affected by Cloudflare’s Cloudbleed HTTPS Traffic Leak.
The list includes popular services such as 23andme, Coinbase, Patreon, Yelp, Fiverr, and Change.org.
“Cloudflare has not provided an official list of affected domains, and likely will not due to privacy concerns. I’m compiling an unofficial list here so you know what passwords to change.”
Experts at Salted Hash received via email the following screenshot the CVV2Finder carder forum.
A messaged appeared on the CVV2Finder forum clearly refers the Cloudbleed case as the source of millions of fresh credentials for popular services.
“Dear DeepWeb Users of cvv2finder, After the success of the latest attack (cloudbleed) to cloudflare servers, More than 150 Million Fresh Logins Avaliable for Uber , Netflix … and many more. After hours these data will be avaliable into a database and would sell it for 250k$. This offer only for VIP users.”
This means that the impact of CloudBleed was much larger than first thought with a serious impact for CloudFlare customers.
Experts noticed that Netflix isn’t a CloudFlare customer, so the presence of the file in the list of accounts offered for sale is suspect.
“CVV2Finder lists Netflix, Dominos, several “People Meet” dating websites, Tidal, CBS, Bitdefender, Origin, Dell, UPS, HBO Now, Spotify, and DirecTV accounts in their database as available to purchase.” reported Salted HAsh. “However, there are only 2,300 accounts, a far cry from the 150 million they are promising.”
Stay Tuned …
[adrotate banner=”9″]
(Security Affairs – Cloudbleed , hacking)
Operation ENDGAME dismantled key ransomware infrastructure, taking down 300 servers, 650 domains, and seizing €21.2M…
FBI warns Silent Ransom Group has targeted U.S. law firms for 2 years using callback…
The U.S. indicted Russian Rustam Gallyamov for leading the Qakbot botnet, which infected 700K+ devices…
Law enforcement operation codenamed 'Operation RapTor' led to the arrest of 270 dark web vendors…
A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its…
This website uses cookies.
![](data:image/svg+xml;charset=utf-8,<svg height="248px" width="1050px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)