Streaming channels all over the world are becoming bigger and bigger by the day. Unfortunately, the more popularity they gain, the more of a target they become to cyber criminals. Last month, Plex, one of the biggest services, witnessed a huge breach. Now, start.ru – a streaming channel with millions of users suffered the same fate.
At first, rumors circulated on the World Wide Web that a breach is in place. The service did not confirm any of them until now. Yes, START has been compromised and personal information was exposed.
Start disclosed the breach and stated that it affected over 7.5 million users. What happened exactly? How big is the scale of this breach? Find out below.
A New Attack – Ready, Set, START Breaching
It’s quite normal for a big company to attract threat actors. Even the gaming industry fell victim to malicious activities in the past. We’re talking about the likes of Bandai Namco which suffered a breach and Roblox which was used for spreading ransomware.
START is a very popular streaming channel that went global in no time. With shows like Container, Offside, The Counted, 257 Reasons to Live, A Good Man, and Sherlock: The Russian Chronicles, the service managed to harness more than 1 million paying customers back in 2020.
However, the number of subscribers might have skyrocketed since the breach clearly shows that over 7.5 million users were affected.
So, this is how it all went down. Users and cybersecurity experts shared various rumors of the breach back on Sunday, August 28th, 2022.
A couple of days later, start.ru confirmed that intruders were able to harvest a 2021 database from its systems. Unfortunately, it didn’t stop there as they also started to distribute several samples online.
To be exact, a 72GB MongoDB JSON dump has been spreading over a social network. It contains the private information of over 7.5 million users.
According to the company, everything in the file dates back to September 22nd, 2021. In other words, anyone who registered after that date should not have been impacted.
START stated that it has fixed the vulnerability and everyone is protected now. The company shared a statement on its official Telegram account:
“Indeed, we are faced with a very unpleasant situation. We have already fixed the vulnerability and access to our data is closed. Careful handling of users’ personal data is very important to us.”
The statement mentions additional information about the breach. Apparently, it did not affect financial information or user passwords.
However, it did involve phone numbers and emails, which cybercriminals can use for phishing attacks. Make sure to double-check any email or SMS you receive from the company.
START Data Breach – Russia Puts Its Foot Down
Data breaches are occurring on a regular basis in Russia, which forced the country to come up with new methods in order to fend off any unauthorized access and protect its citizens from exposure.
One of these methods includes a funding campaign, which helps compensate victims of recent cyber attacks. How do they get the money? Everything comes from fines imposed on entities responsible for security breaches.
If you’re a START user, you have some work to do. Just because the service managed to fix the vulnerability, doesn’t mean you’re safe. Change your password and activate 2FA if available. This way you can prevent future malicious attempts.