In a recent discovery, SafetyDetectives’ Cybersecurity Team stumbled upon a clear web forum post where a threat actor publicized a database that allegedly belongs to VirtualMacOSX.com. The data purportedly belongs to 10,000 of its customers.

What Is VirtualMacOSX.com?

According to its website, VirtualMacOSX serves 102 countries and has offered “Apple Macintosh cloud based computing since 2012. With the greatest range of cloud based Apple products and services available anywhere on the Web.”

Where Was The Data Found?

The data was found in a forum post available on the clear surface web. This well-known forum operates message boards dedicated to database downloads, leaks, cracks, and more.

What Was Leaked?

The author of the post included a 34-line sample of the database, the full database was set to be freely accessible to anyone with an account on the forum willing to either reply or like the post.

Our Cybersecurity Team analyzed a segment of the dataset to validate its authenticity. Although the data appeared genuine and we saw indicatives in invoices sent to VirtualMacOSX, we could not definitively confirm that the data belonged to VirtualMacOSX’s customers as, due to ethical considerations, we refrained from testing the exposed credentials.

The entire dataset consisted of 176,000 lines split across three separate .txt files named ‘tblcontacts,’ ‘tbltickets,’ and ‘tblclients.’

The sensitive information allegedly belonging to VirtualMacOSX’s customers included:

  • User ID
  • Full name
  • Company name
  • Email
  • Full physical address
  • Phone number
  • Password
  • Password reset key

We also saw customers’ financial data such as:

  • Bank name
  • Bank type
  • Bank code
  • Bank account

And User’s Support tickets containing:

  • User ID
  • IP Address
  • Full name
  • Email
  • Full Message

This type of data is critical as it might be employed by potential wrongdoers to plan and perform various types of attacks on the impacted clients.

This is a screenshot of the clearweb forum post where the data is shared for free.

What Risks Does This Data Exposure Pose?

Should the data actually belong to VirtualMacOSX’s customers, it puts the safety and privacy of the users involved under threat. If you believe your data to have been compromised, you should be aware of the potential risks:

  • Your identity can be faked: Phishing attempts, Business Email Compromise scams, and account impersonation are made easier when a hacker has access to this kind of data.
  • Your accounts are at risk of hacking: By knowing a user’s password reset information, attackers have a greater chance of taking over different online accounts to steal data, gain more logins, or escalate their attack.
  • Your sensitive data could be misused: If financial details leak, a malicious actor could send fraudulent wire transfers to their own account or perform other actions that could endanger the account owner’s financial stability.
  • You could be tracked and made vulnerable: By having all this information, cybercriminals could quickly find a user’s address using their IP Address. This significantly raises the risks of physical risks.

What to Do If You Believe Your Data Was Exposed

If you suspect that your personal information was compromised in this data leak, you can take these steps to protect yourself:

  • Be vigilant. Monitor your bank statements, credit reports, and accounts closely for any signs of fraudulent activity. Consider enabling multi-factor authentication on vulnerable services and changing your password as soon as possible.
  • Limit exposure. Avoid posting personal data on social media, and reduce the amount of personally identifiable information used by companies to increase your privacy.
  • Secure your digital footprint. Use a strong, unique password for each of your accounts. You could even consider using a Password Manager to help you come up with and keep track of all the passwords you need.
  • Use services such as Have I Been Pwned periodically to check if your email address has been compromised in any recent data breach.

What Are Clearweb Leaks and Why Should You Care?

Hackers utilize various parts of the internet to coordinate attacks, share information, and discuss data breaches. One of the most popular channels hackers use for these purposes are clearweb forums, which are online networks — available to anyone with an internet connection — that allow users to share information about breaches and leaks. These forums provide a sense of anonymity to their members as well as features like paywalling for those users who require compensation to access the information they are sharing.

By reporting on these incidents, we aim to proactively inform potentially affected parties earlier so that they can act quickly to protect their data. Our disclosures are rooted in meticulous research and are intended solely for informational and preventive purposes. In no way should these reports be construed as allegations, insinuations, or indicators of fault or negligence by any individual or organization.

Similar Cybersecurity Incidents

In a recent discovery, SafetyDetectives’ Cybersecurity Team stumbled upon a clear web forum post where a threat actor offered a database allegedly belonging to The Epoch Times, purportedly exposing 32 million records.