Credentials of 4 Million Quidd Users Found on Dark Web 

1867

About:

In the midst of the COVID-19 pandemicvogue of data leaks continues and has been confirmed by the security reports. Over 4 million quidd user’s credentials have been found unprotected and accessible. The Reports high lightens higher risk to all teenagers using a smartphone. 

The data discovered on the dark web, RBS security researchers say, is not up for sale, but access to it is not restricted. The data was initially posted on the underground forum on March 12, self-ascribed to a threat actor called “Protag.” 

The data was quickly removed, but another anonymised individual posted it again, on March 29, and it has remained available ever since, the researchers say. The data consists email addresses, usernames, and encrypted password hashes. 

One of member of unknown dark web forum has claimed and managed to decrypt roughly around one million of the password hashes. The claims apparently come from a known hacker, and appear to be valid. 

Analysing the data breach, it has been found that over a thousand professional email addresses were also discovered within the data set. These emails prevail to well-known entities, such as AIG, Experian, Target, Microsoft, Accenture, Virgin Media, Tutanota, and the University of Pennsylvania. 

What is quidd? 

Quidd is a virtual trading and collecting app where users can acquire stickers related to their favourite pop concerts, movies, music and showcase of traditional cultures. Besides, Quidd is a social media platform where users have several options to locate friends on the platform. The Quidd app mainly draws attention from for teen users and small kids. This multipurpose social app is available on an online platforms such as apple and google play store. Quidd offers in-app purchases but no advertisements. This app claims to be safe for teens with parental supervision. 

 Quidd users can show off their collections, play with digital toys, trade with each other and hang out over their favorite TV shows, cartoons and toy stuffs. It’s just like collecting physical cards and toys to unlock some other toy stuffs. 

Quidd had raised a massive $6.75 Million of funding and had signed a deal with Cryptozoic Entertainment, who would digitize their existing series of physical collectibles and games for the app. That means Quidd users would have access to cards, toys, stickers and more from Rick and Morty, Cartoon Networks and other reputed TV shows. 

pic 5

How to check your own data leaks? 

haveibeenpwned.com is the most formal way to check data leaks for your email addresses.This is a website that allows internet users to check whether their personal data has been compromised by data breaches. The service collects and analyzes thousands of database and data archives containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address.The algorithm searches from the provided info and displays the best outcome, analyzing bundles of data.  

Types of Data Breaches 

  • Stolen Information: Having a careless employee who could mislead prototype of the datasets is incredibly hazardous 
  • Ransomware: It is a malware program that is designed to deny access to a computer system or data until a ransom is paid. 
  • Phishing/Spyware/Keylogger: phishing is a common way to gain access to people’s information, Intruder may insert a keylogger in your system and track down your credentials and passwords. 
  • Exploiting Vulnerabilities: Misusing buffer overflow vulnerabilities and SQL injection backdoors hackers exploits the database which later on results in breaches. 
  • Data Sent to Incorrect Recipient: Sending an email consisting database to the incorrect recipient can most definitely cause data leakages.

pic 6

Prevention:

There is no full-proof method for ensuring that you won’t become a victim of data leakage, but you can take steps to make your information safer. Some ethical ways to avoid a data breach include the following: 

  • Update the software/profile on a regular basis. 
  • Upgrade the software when it is no longer supported by the manufacturer 
  • Use digital signatures. They identify download sources. That way, you can be sure the files you’re downloading and running are not risky. 
  • Enforcing strong credentials and two-way encryption. 
  • Educating employees on best security practices and ways to avoid social engineered attacks 
  • Always have a data backup on your secondary drive. 
  • Do not ever use any patched/modified software, they may lure you with their free price tag. 
  • QUIDD is mainly used by teenagers so parents must have their eyes on web activities.