Ransomware

Admin Of LeakBase Claims Knowmad Mood Data Breach

Stolen data allegedly stems from the company's .

by Alan J May 20, 2024 in Firewall Daily Reading Time: 2 mins read 0

586 SHARES 3.3k VIEWS Share on LinkedInShare on Twitter

The threat actor and the owner of the English language cybercrime forum , Chucky, has leaked a database allegedly stolen from the the Spanish IT services company Knowmad Mood. The Knowmad Mood reportedly contains sensitive employee data.

Knowmad Mood who recently shifted it's name and branding from the earlier name , had been established in 1994 and provides consulting and software development services, with offices present in Spain, Italy, Portugal, the United States, Morocco, the United Kingdom, and Uruguay.

LeakBase is a data leak forum that gained popularity as an alternative source for sharing hacked data or leaked databases and credentials following the 2023 takedown.

Knowmad Mood Data Breach Stems from CRM System

The stolen data was allegedly exported from the company's CRM system, and Chucky shared screenshots to further cement his responsibility for the Knowmad mood data breach. The screenshots appeared to reveal a cache of sensitive files, including HTML, Excel, and Word documents.

Source: LeakBase Forum

Further, a CSV file had been shared and was stated to contain workplace information and performance metrics of employees, including fields such as names, email addresses, h.input, h.exit, effective h., STE, STE Percentage, and h.STE. The leaked data raises serious concerns about the security measures in place at Knowmad mood, and the potential impact it may have on employees and customers.

The Cyber Express team has reached out to Knowmad Mood for further information or updates on the alleged data breach claims; however, no updates were received at the time of writing.

Earlier Activities of Threat Actor Chucky

The , admin of LeakBase has previously operated under the names LeakBase, Sqlrip, and Chuckies on various underground forums. After the mid-March 2023 shutdown of BreachForums, the threat actor's own forum LeakBase started gaining traction among the cybercriminal community.

Chucky had been a regular participant and contributor on BreachForums, sharing breached databases and selling admin/unauthorized access to websites while also being the top active poster on their own LeakBase leak forums.

The threat actor had disclosed to Cyble researchers that their primary tactic involved a customized brute forcing technique. While the researchers confirmed that the technique might serve as a plausible method for the threat actor's data breach attacks, the full tactics, techniques, and procedures (TTPs) employed by the TA remained unconfirmed.

Chucky previously claimed responsibility for massive leaks from sources such as the Indian government's Swachh City initiative, OnePlus-Oppo & Realme in a data breach attack affecting users from Thailand, Gamekaking and American automotive digital marketing service Purecars .

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button