Massive Data Breach at LeiserTV: User Accounts and Payments Compromised

LeiserTV is a website specializing in Estonian content. It has been operating for 10 years and was known for providing its users with pirated media. The platform had a significant user base, many of whom paid for its services.

Breach Details

• Date of Breach: Over a year ago
• Type of Breach: SQL Injection on an old site
• Data Exfiltrated: Yes
• Disclosure by: Threat actor "DPD"
• Data Released:
  • users.csv: User accounts (full name, email, password, IP address, reset password token)
  • audit.csv: User login logs (email, user ID, login date, IP address)
  • helpdesk_tickets.csv: Zendesk ticket messages (title, message, IP, user agent, user email)
  • tokens.csv: User login tokens
  • socials.csv: OAuth tokens (Google, Facebook)
  • transactions.csv: User payments (user ID, email, amount)
  • transactions_out.csv: Admin Skrill payments (ID, description or name, amount, time)

Threat Actor Profile

• Alias: DPD
• Motivation: Financial gain and public exposure
• Actions:
  • Attempted to contact the site owner, Meelis Randmaa, to negotiate a deal.
  • Released the data upon receiving no response from the owner.

Impact Analysis

• Affected Users: 59,000+
• Data Compromised:
  • Personal information: Full names, email addresses, IP addresses.
  • Security information: Passwords, reset password tokens.
  • Activity logs: Login logs, support ticket messages.
  • Financial data: Payment records, admin transaction details.
• Potential Consequences:
  • Identity Theft: Personal information can be used for fraudulent activities.
  • Account Takeover: Passwords and reset tokens allow unauthorized access.
  • Financial Fraud: Payment information can lead to unauthorized transactions.
  • Reputation Damage: Exposure of user activity on a piracy site.