EUROPE’S LARGEST TRADING FIRM BDSWISS SUFFERS DATA BREACH; HACKERS ACCUSE THE OWNER OF MONEY LAUNDERING, MURDER AND SCAM LEAK SENSITIVE DATA INCLUDING NEO-NAZI PICTURES, NUDE PICTURES OF HOLLYWOOD CELEBRITIES, PASSPORTS AND CREDIT CARDS SAVED ON THE SERVER.
On September 5th, 2016 hackers calling themselves The Control (l) Group hacked into the official website of BDSwiss, a Cyprus-based Trading company with offices throughout Europe and stole a trove of highly sensitive data. A sample set was leaked publicly on a file sharing site.
The group behind the hack set out to expose money laundering and alleged scams by BDSwiss. They specifically accused BDSwiss of laundering money from Cyprus to Kosovo through Raiffeisen Bank.
The Control (l) Group also left a brief message in German accusing the owner of BDSwiss of having strong ties with right-wing extremists. In the message, they also accused the owner of several murders.
“BDSwiss.com been successfully infiltrated and any information about the owner (Vincent) is in our inventory. This man promises other people to earn Euros in 60 seconds but the only one who has earned money is himself. People have killed for him because they have gambled her money.”
However, our concern is the leaked data so we requested data breach notification company Hacked-DB for an in-depth analysis and here’s the result:
The Control (l) Group stole 75.4GB of data from BDSwiss servers but only shared sample folders on a file-sharing website mega.nz. The sample includes sensitive information such as bank statements, copies of passports, employment contracts and customers data etc.
1. Money laundering:
There are several folders inside the archive and the content of each folder including is related to money laundering, transaction documents, statement of accounts and Visa card scans.
The Remainders folder has several warning files sent to customers about payments, debts, and sales.
3. Personal passwords
One folder goes by the label of Personal passwords and continues, KeyPasses, PDB file, clear-text passwords in TXT and Docx files.
4. Right-wing Tourism
One folder labeled as ”Rechtsradikale Reisen” which means Right-wing Tourism in the German language has several traveling pictures including one with a man doing Nazi salute.
5. Unsecured customer data
One folder labeled as Ungesicherte Kundendaten that means unsecured customer data contains 2500 customers personal identifiable data, first and last names, country, account balance in excel files, customer complaints report, chargeback excel files with truncated credit card numbers, BDSwiss mailing list with details such as email address, first and last name, department and location (100 records), Visa fraud data report without truncated credit card number, organization’s employees list with BDSwiss email address, first and last name (137 records), passport and credit card scans.
Another folder contains BDSwiss’s employee details including user employment agreements and contracts, signed Non-disclosure agreements (NDA) documents and BDSwiss user employee handbook.
7. Sexual content preference
Last but not the least, one folder labeled as Sexueller Inhalt Vorlieben that means Sexual content preference in the German language contains nude photos of Hollywood celebrities Kate Upton and Jennifer Lawrence that were leaked after due to iCloud hack August 2014.