A cybercriminal going by the name ‘IntelBroker’ has asserted responsibility for an alleged data breach targeting the European Central Bank (ECB). The purported ECB data breach involved the sale of a database on the dark web forum BreachForums, spanning from 2014 to 2021.
The database reportedly contained email addresses, hashed passwords, backup passwords, and tokens. However, the accuracy of these claims has not been confirmed.
IntelBroker’s post on BreachForums, dated March 23, 2024, announced the availability of the ECB 2024 database for download. Despite the lack of official confirmation, the actor’s claims assert sensitive information about the cricket board and its members.
Alleged ECB Data Breach and Sale on Dark Web
In March 2023, ecb.co.uk, the official website of the England and Wales Cricket Board, allegedly suffered a data breach affecting approximately 43,000 users, as per the threat actor’s claim. The compromised data included email addresses, hashed passwords, backup passwords, and tokens.
The Cyber Express has reached out to the English Cricket Board to learn more about this alleged ECB data leak and its implications. However, at the time of writing this, no official confirmation or response has been received, leaving the claims for the ECB data breach standing unconfirmed right now.
Upon analysis of the sample data provided by IntelBroker, The Cyber Express determined that it likely originated from a system associated with a cricket organization or club. The dataset contained various user account information, such as email addresses, hashed passwords, and dates of registration and last login.
These details indicated that the data encompassed both active and inactive accounts, with registration dates ranging from 2014 to 2015 and last login dates extending up to 2020.
Cyberattacks on the Cricket Industry: A Growing Concern!
Given the sensitive nature of the exposed information, it appeared to be a database dump or export possibly intended for administrative or archival purposes. The ECB data leak echoes previous cyber threats faced by cricket organizations, including a cyberattack on the Pakistan Super League (PSL) ticket-booking website ahead of its ninth season.
Such attacks not only disrupt operations but also undermine the trust and confidence of fans eagerly anticipating sporting events. TCE had previously highlighted the imperative for heightened cybersecurity measures, particularly in light of major cricket tournaments like the ICC Men’s Cricket World Cup 2023.
Data breaches, often stemming from sophisticated phishing attacks, remain a threat in the sports industry, with opportunistic scammers exploiting crises for illicit gains. Even platforms providing cricket analytics and tournament data to fans, players, and authorities are not immune to cyber threats, as evidenced by incidents involving platforms like CricketSocial.
As for the ECB data leak claims, this is an going story and The Cyber Express will be closely monitoring the situation and we’ll update this post once we have more information or any official confirmation from the cricket board.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.