According to research conducted by Resecurity, during the Christmas season of 2023, cybercriminals launched a massive data leak campaign in the Dark Web, exposing millions of personal and sensitive records from various companies and government agencies around the world.

The leaks were tagged with “Free Leaksmas”, indicating that they were shared freely among the cybercriminal community as a form of mutual gratitude. However, this generosity came at a high cost for the victims, who faced increased risks of identity theft, fraud, and other cyberattacks.

Some of the notable leaks included:

  • Over 22 million records from Movistar, a leading telecommunications provider in Peru, containing customers’ phone numbers and DNI numbers (Documento Nacional de Identidad). The DNI is the sole identity card recognized by the Peruvian Government and its exposure could lead to widespread identity theft and fraud.
  • Over 15.77 GB of data from one of the major credit services in the Philippines, which could be used for financial fraud and account takeovers.
  • Approximately 1.5 million records from a French company, which could be used for business email compromises and phishing campaigns.
  • 1.4 million records from a project that was later acquired by Klarna, a Swedish fintech company, which could be used for online shopping fraud and identity theft.

Click the button below to read more.