A concerning data breach has reportedly impacted VirtualMacOSX, a company specializing in cloud-based Apple Macintosh computing since 2012, serving customers across 102 countries. Data belonging to 10,000 of its customers has allegedly been leaked on a clear web forum notorious for cybercrime activities and data dumps. The full dataset was made freely accessible on the forum, which is a known hub for database downloads, leaks, and cracks. This particular platform has previously hosted sales of a fabricated 1.2 billion-record Facebook database, an old yet updated AT&T database, and purportedly stolen data from Coca-Cola Europacific Partners (CCEP).
The alleged breach and subsequent data exposure were uncovered by the SafetyDetectives Cybersecurity Team. Their research, shared with Hackread.com, indicated that the leaked dataset appeared authentic upon initial review. It was distributed across three text files named ‘tblcontacts,’ ‘tbltickets,’ and ‘tblclients,’ collectively containing 176,000 lines of information. While SafetyDetectives has not definitively confirmed that the entire exposed dataset belongs to VirtualMacOSX due to ethical limitations on testing credentials, the volume and nature of the data suggest a significant compromise.
The alleged database, leaked on June 11, 2024, contains highly sensitive customer information.
This includes full names, company names, email addresses, complete physical addresses, and phone numbers. Of particular concern are the included passwords and password reset keys. Furthermore, financial details suchives as bank names, bank types, bank codes, and bank account numbers are also present. The leak also encompasses user support tickets, revealing user IDs, IP addresses, full names, emails, and the complete content of customer interactions.
The exposure of such comprehensive and sensitive data poses substantial risks to the affected individuals.
Malicious actors could exploit this information for numerous harmful activities, including account takeovers due to the presence of password reset information. The financial data could facilitate fraudulent transfers, and the combination of personal details, including IP addresses, could even lead to physical risks by enabling cybercriminals to track a user’s real-world location.
Reference:
