company logo


Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.



By Industry



IT & Telecom

By Role





Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Threat Feeds

Threat Research

White Paper

SB Blogs

Subscribe to Our Weekly Threat Digest


Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

Our Story

Our Team


Press & Media

Contact Us



The First Fashion Social Network ‘21 Buttons’ Leaks Out Users Personal Details

An alarming aspect of the entire incident is that the VPN Mentor contacted both 21 Buttons and Amazon but no one responded nor cared to secure the information.

2 min read

Related Articles


Pizza Hut

Data Leak

Over One Million Customer of Pizza Hut Australia Details Compromised in a Massiv...

In what has been a troubling year for Australian citizens concerned about their personal information, another cybersecurity incident has come to attention. This time, the victims are reportedly over a million customers of Pizza Hut Australia. The threat actors behind this data breach have identified themselves as the notorious ShinyHunters threat group. ## ShinyHunters' Intrusion via Amazon Web Services ShinyHunters, under the moniker “Shiny,” claims to have infiltrated Pizza Hut Australia's systems approximately one to two months ago. Their point of entry? [Amazon Web Services]( (AWS), which they leveraged through multiple access points. What's particularly alarming is that they assert that their presence was completely undetected during this period of unauthorized access. In 2020, the ShinyHunters gang gained infamy due to a series of cyberattacks that compromised the security of over 60 companies. Among their corporate targets were online dating platforms, a service for creating photo books known as Chatbooks, and even stock-trading services. Even tech giant Microsoft wasn't spared, as the group managed to pilfer more than 500GB of source code from Microsoft's confidential GitHub repository. Despite law enforcement efforts to apprehend suspected members of this hacking group, ShinyHunters remains an ongoing concern for businesses entrusted with the critical task of safeguarding their customers' sensitive information. ## Extent of this Data Leak The scale of this breach is staggering. ShinyHunters declares that they have successfully exfiltrated more than 30 million records. Among this treasure trove of data are customer orders and information pertaining to over one million Pizza Hut Australia customers. This includes a detailed breakdown of order history, delivery preferences, and contact details. ## Evidence of this Data Breach To substantiate their claims, ShinyHunters provided DataBreaches with two sample files. The first file contained 200,000 records of customer orders, encompassing a wide array of information, such as order IDs, customer names, contact information, payment details, and even web hook URLs. This information was startlingly comprehensive. The second sample file was in JSON format and contained the personal information of 100,000 customers. It included their names, email addresses, postal addresses, mobile phone numbers, service preferences (delivery or pickup), and credit card numbers. Although the credit card data was encrypted, it is concerning that other sensitive fields were stored in plaintext. ## Geo-Verification and Demands We conducted spot checks on customer names and discovered individuals whose details matched the geographic location provided in the data samples. This corroborates the authenticity of the stolen data. ShinyHunters has issued a ransom demand, seeking $300,000.00 in exchange for deleting all the compromised data. It's worth noting that ShinyHunters is known for selling or leaking data when their demands are not met. Thus far, Pizza Hut has not responded to their extortion attempts. ## Ransom Demands and Extortion ShinyHunters' demand for a $300,000.00 ransom underscores the financial motivations behind this data leak. Organizations must develop incident response plans that include strategies for dealing with extortion attempts. Engaging with law enforcement and cybersecurity experts is crucial in such situations. ## Franchise Data Security The presence of a "StoreID" field in the data raises questions about data management within franchise models. Security professionals should work closely with franchisees to ensure consistent cybersecurity practices and data protection measures across the entire network. ## Lack of Communication The absence of any data breach notification on Pizza Hut Australia’s website is a significant oversight. Security professionals should emphasize the importance of timely and transparent communication with affected customers, regulators, and law enforcement agencies during and after a breach. ## Pizza Hut Australia's Response to the Data Breach In the wake of the data breach affecting Pizza Hut Australia, the company has taken several steps to address the situation. Let's examine their response from a cybersecurity perspective: ### Prompt Notification Pizza Hut Australia reacted promptly by notifying affected customers via email. Timely notification is a crucial component of incident response, helping individuals take necessary precautions to protect themselves from potential threats. ### Transparency and Reassurance The company's communication emphasized no evidence of personal information misuse and that the exposed data cannot directly lead to identity theft or fraud. This transparency helps mitigate panic among affected customers and demonstrates a commitment to their security. ### Data Breach Reporting Pizza Hut Australia reported the breach to the Australian Information Commissioner. This is a legal obligation in many jurisdictions and showcases the organization's commitment to complying with data protection regulations. ### Protection of Credit Card Details Pizza Hut's assurance that credit card details remain secure due to processing by an approved payment platform is reassuring. It underscores the importance of secure payment processing mechanisms as an additional layer of defense against data breaches. ### Customer Vigilance Encouraging customers to remain vigilant regarding suspicious emails, SMS messages, and phone calls is a proactive measure. Education and awareness are critical aspects of cybersecurity, as they empower individuals to identify and report potential threats. ### Scam Reporting Pizza Hut Australia advises customers to report scams to Scamwatch. This collaborative approach to combating fraud and cybercrime is commendable. It leverages established authorities to investigate and take action against threat actors. Pizza Hut Australia data breach, attributed to the ShinyHunters threat group, leaves a persistent impact experienced by fast food restaurant chains. This incident underscores the need for a comprehensive and proactive approach to cybersecurity, including: Cloud Security: Rigorous assessment of cloud infrastructure and access controls is imperative to prevent unauthorized access via cloud platforms like AWS. Data Protection: Strong encryption and hashing practices should be employed to safeguard sensitive information, especially when stored in plaintext. Incident Response: Organizations must develop robust incident response plans that encompass strategies for handling ransom demands and engaging with law enforcement. Franchise Collaboration: For businesses with franchise models, consistent cybersecurity practices and data protection measures should be enforced across the entire network. Communication: Timely and transparent communication with affected parties, regulatory bodies, and law enforcement is critical in mitigating the fallout of a data breach. As the threat landscape continues to evolve, proactive measures and a commitment to best practices are essential for organizations to protect themselves and their customers from the ever-present threat of cyberattacks.

loading..   20-Sep-2023
loading..   6 min read


Security Breach


International Criminal Court Cyberattack Unveiled: Breach, Investigation, and De...

The International Criminal Court (ICC) disclosed a cybersecurity breach last week when anomalous activity was detected within its information systems. This [Threatfeed]( delves into the technical intricacies of the security breach, highlighting the investigative efforts, security measures, and the potential impact on the ICC's critical functions. ## **Immediate Response and Collaborative Investigation** The ICC swiftly responded to the breach by implementing immediate measures to contain the incident and mitigate its repercussions. It's worth noting that the ICC is collaborating closely with Dutch authorities, as the Netherlands serves as the host country for the court. This collaboration underscores the importance of international cooperation in cybersecurity incidents of such gravity. The ICC expressed its gratitude for the prompt response from the host country, highlighting the critical role of coordinated efforts in addressing cyber threats at an enterprise level. This incident emphasizes organizations' need to maintain strong ties with their host countries' security apparatus. ## **Enhancing Cybersecurity Defenses: The Role of Cloud Technology** As part of its response strategy, the ICC intended to bolster its cybersecurity defenses. One notable approach is the expedited adoption of cloud technology. This decision aligns with contemporary enterprise cybersecurity trends, where cloud platforms offer enhanced security features and rapid scalability. The move towards cloud technology is not merely a reaction to the breach but a proactive step to fortify the ICC's cyber resilience. This adaptation showcases the recognition that cybersecurity is an ever-evolving field, and organizations must continuously evolve their defensive strategies to stay ahead of threat actors. ## **Nature and Extent of the Security Breach** At this juncture, critical questions arise regarding the nature and extent of the cyberattack on the ICC's systems. Regrettably, the available information does not provide clarity on whether the attackers managed to access or exfiltrate any data or files from the network. The absence of such details underscores the complexity of cyber investigations, especially in the context of high-stakes organizations like the ICC. The ICC's statement emphasizes its commitment to analyzing and mitigating the breach's impact, primarily focusing on ensuring the continuity of its core operations. This is a testament to the organization's resilience in a cybersecurity crisis. ## **ICC's Limited Disclosure** Fadi El-Adballah, the ICC's spokesperson, informed BleepingComputer that the organization cannot divulge further details or information. This cautious approach aligns with best practices in cybersecurity incident response, as sharing sensitive information prematurely could inadvertently aid threat actors. The ICC's reluctance to disclose additional details may be attributed to several factors, including ongoing investigations, potential legal implications, and the sensitivity of the information handled by the court. This approach mirrors the principles of prudent information security management within the enterprise context. ## **The ICC's Role in International Justice** Before delving into the technical aspects of the breach, it's crucial to understand the ICC's significance in international justice. The ICC is an international tribunal responsible for investigating and prosecuting the gravest offenses that impact the global community. These offenses include war crimes, genocide, and crimes against humanity. An example of the ICC's pivotal role can be seen in its issuance of an arrest warrant for Russian President Vladimir Putin in March 2023 concerning crimes related to Russia's invasion of Ukraine. This case highlights the ICC's capacity to hold even the highest-ranking officials accountable for their actions on the international stage. ## **Technical Analysis of the Security Breach** Now, let's shift our focus to the technical aspects of the breach. While the specific details are limited, we can draw upon cybersecurity expertise to speculate on potential attack vectors and strategies employed by the threat actors. ### **Attack Vector and Entry Points** To breach the ICC's systems, threat actors likely exploited one or more vulnerabilities within the organization's network. Possible entry points could include: 1. **Phishing Attacks**: Threat actors may have targeted ICC employees or affiliated personnel with phishing emails containing malicious attachments or links. Once clicked, these could lead to malware infiltration. 2. **Zero-Day Exploits**: Using undisclosed and unpatched vulnerabilities, known as zero-day exploits, is a common tactic among advanced threat actors. These exploits provide an entry point that security measures have not yet addressed. 3. **Insider Threat**: It's also essential to consider the possibility of an insider threat, where a compromised or disgruntled employee could have facilitated the breach intentionally or unintentionally. ### **Malware Deployment and Propagation** Upon gaining access, threat actors likely deployed malware to infiltrate the ICC's systems further. Common malware types include: - **Trojans**: These stealthy programs can operate undetected, granting attackers remote access and control over compromised systems. - **Ransomware**: Ransomware is a growing concern in cyberattacks. It encrypts data, rendering it inaccessible until a ransom is paid. - **Spyware**: This malicious software is designed to monitor and exfiltrate sensitive information, which can significantly threaten an organization like the ICC. ### **Data Exfiltration and Covering Tracks** If the breach involved data exfiltration, threat actors may have employed various techniques to cover their tracks and avoid detection, such as: - **Data Compression**: Compressing stolen data before exfiltration can help threat actors minimize network traffic and reduce the likelihood of detection. - **Encryption**: Encrypting exfiltrated data makes it challenging for security systems to inspect the content of outbound traffic. - **Steganography**: Concealing data within other files or using steganographic techniques can hide the exfiltration of sensitive information. ### **Evasion and Persistence** For a successful breach, threat actors often aim to establish persistence within the victim's network. They may use tactics like: - **Backdoors**: Creating hidden entry points for future access, ensuring that even if the initial breach is discovered and mitigated, they can return. - **Privilege Escalation**: Exploiting vulnerabilities to gain higher levels of access within the network, which allows for more extensive compromise. - **Data Manipulation**: Altering or deleting logs and event records to remove traces of their activities and evade detection. ## **The Ongoing Investigation and Future Implications** The ICC's collaboration with Dutch authorities is pivotal to understanding the full scope of the breach. The ICC and other organizations need to share insights and intelligence with cybersecurity experts and law enforcement agencies to prevent future attacks. As this incident unfolds, it serves as a stark reminder to all enterprises, especially those handling sensitive and international matters, to prioritize cybersecurity. Vigilance, proactive defense measures, and continuous assessment of security postures are imperative to thwart the relentless and evolving tactics of cyber threat actors.

loading..   20-Sep-2023
loading..   6 min read


Data Breach

An in-depth analysis of the recent CardX data breach, detailing the incident, i...

Thailand's digital financial ecosystem, CardX, a significant player in the sector, fell victim to a data breach. This [Threatfeed]( offers a detailed analysis of the data breach, highlighting the specifics, the repercussions, and critical security measures. ## About the Data Breach On September 15th, CardX issued an [official statement]( disclosing a data breach that had exposed sensitive customer information linked to personal loan and cash card applications. The compromised data encompassed customers' first and last names, residential addresses, phone numbers, and email addresses. Although CardX assured its customers that this information couldn't be used for financial transactions, it sounded an alarm about the potential for fraudsters to exploit the data for phishing schemes, phone scams, and spam emails. ## CardX's Swift Response Recognizing the gravity of the breach, CardX acted swiftly to fortify its defenses and mitigate the potential fallout. Importantly, the breach did not compromise customers' financial data. The company engaged cybersecurity experts to implement stringent monitoring and auditing protocols to thwart future attacks. Furthermore, CardX undertook a comprehensive system upgrade, bolstering security measures to prevent future data leaks. ## CardX within the SCB X Group It's worth noting that CardX operates as a subsidiary within the SCB X Group, a well-established conglomerate in the Thai financial landscape. CardX, however, was quick to clarify that this data breach was unrelated to Siam Commercial Bank (SCB) or any other entities within their group. SCB, with over 1,100 branches nationwide, is Thailand's third-largest bank, boasting a storied history dating back to 1904 under the guidance of Prince Mahisorn. ## Customer Support and Proactive Measures In an effort to assist affected customers and regain their trust, CardX extended its [apologies for the data breach]( . Customers who have been impacted are encouraged to reach out to the CardX hotline at 02-999-1991 or contact the company's data protection officer (DPO) via In addition to providing support, CardX emphasized the importance of proactive measures for customers to protect themselves against fraudulent online activities. Following industry best practices and staying vigilant are key components of safeguarding personal information in an increasingly interconnected world.

loading..   19-Sep-2023
loading..   2 min read