Tag: dark web

RepKnight signs darkweb monitoring deal with StarLink

Repknight_GOPDark web monitoring outfit RepKnight has entered into an EMEA distribution agreement with StarLink, a $200 million value added distie.

StarLink will add RepKnight’s dark web monitoring tool, BreachAlert, to its portfolio of IT security offerings. BreachAlert looks for corporate data being posted on the dark web, and many other paste and dump sites used by cybercriminals. The platform works like a burglar alarm — alerting customers in real time as soon as their data appears on the dark web.

BreachAlert lets security teams configure searches around specific keywords, domains, and IP addresses, providing instant alerts if cybercriminals are discussing the customer’s applications, infrastructure or data on the dark web, or if compromised staff credentials appear in paste, dump and bin sites.

Commenting on the partnership, RepKnight’s Channel Director, Michael Koufopoulos, said: “We are building significant momentum around our BreachAlert platform as more and more enterprises wake up to the challenge of dark web monitoring. This makes scaling our channel operation a key priority for the business. StarLink’s True VAD approach, combined with their focus on security platforms and pan-European footprint makes them a natural partner for RepKnight.”

Avinash Advani, SVP Business Development & Alliances at StarLink, added: “The dark web is a key threat for enterprises across the world and organisations need to prioritise enhancing their capabilities when it comes to dark web monitoring. We were highly impressed with RepKnight’s focus on ease of use, and fast configuration. Simplicity is key for our customer base, so the fact that users can be up and running in minutes makes BreachAlert an ideal addition to any organisation’s cybersecurity measures.”

O2 customer data tips up on the dark web

giant-spider02O2 customer data is being flogged on the dark net, according to the very shocked BBC.

It is believed that the data became available when the  usernames and passwords were stolen from gaming website XSplit three years ago. When the login details matched, the hackers could access O2 customer data in a process known as “credential stuffing”.

It is highly likely that this technique will have been used to log onto other companies’ accounts including O2 partners.

The data for sale included users’ phone numbers, emails, passwords and dates of birth.

BBC reporters bought a small sample of customer details from the seller to investigate further and contacted O2. Together, the investigating teams believed it was the result of credential stuffing.

This is where a criminal uses a piece of software to repeatedly attempt to gain access to customers’ accounts by using the login details it has obtained from elsewhere – in this case, a November 2013 attack on gaming website XSplit. When successful, a customer’s details can be retrieved and sold.

O2 said in a statement: “We have not suffered a data breach. Credential stuffing is a challenge for businesses and can result in many company’s customer data being sold on the dark net.

“We have reported all the details passed to us about the seller to law enforcement and we continue to help with their investigations.”