Saturday, January 2, 2021

Videotron Breach ? Welcome to 2021

UPDATE JAN 2nd 2020 - 13:45. The 37 gig file contains email addresses used in phishing attacks. The emails contained are a complete mix of domains. 22977 of them are @videotron.ca emails. No other conclusions as to the correlation between this list and the Videotron passwords found in another directory can be made at this time.


Was Videotron breached? A list of 60,000 accounts (email and passwords) was just leaked. This would be a small subset of their entire client base, but remains interesting.

Since most of the media tend to avoid touching Videotron and the Quebecor empire, I doubt we will see much ink on this breach.


A list containing Videotron account information totalling 226084 items, all Videotron email usernames with their passwords was published.






FILE LINE COUNT

wc -l videotron33.txt

    5743 videotron33.txt


wc -l videotron34.txt

   14560 videotron34.txt


wc -l videotron35.txt

   21059 videotron35.txt


wc -l videotron36.txt

   39264 videotron36.txt


wc -l videotron37.txt

   47859 videotron37.txt


wc -l videotron38.txt

   40817 videotron38.txt


wc -l videotron39.txt

   49565 videotron39.txt


wc -l videotron40.txt

    7217 videotron40.txt

Not much details about the source was provided with the leak data, maybe some real journalists will dig through this and get to the bottom of it.


Overall, some duplicates exists, so when you remove duplicates, you are left with 60314 unique items.

sort videotron-full.txt | uniq -d | wc -l

   60314


You can download the list of emails here 

(passwords have been removed for security) and see if your email is in the list 


NOW KEEP IN MIND that this does not mean that Videotron has been breached.  There are a lot of fraudsters out there that try to target companies to make them look bad.

Imagine if somewhere, a list of 50 million usernames had been compromised, and someone sorted them out looking for @videotron.ca... they could generate a list that looks like "only" Videotron yet has nothing to do with Videotron.

Some Montreal based companies do EXACTLY this to try and generate business and sell security related services.  Going one step further, the data could also all be fake or old data... until Videotron comments, we simply cannot know for sure.


Either way, someone is targeting Videotron...   And we should all change our passwords... again...

>> End of warning ;-)

 

The list, totalling 60,000 unique entries could indicate a specific leak from a specific system or division since it does not encompass the entire client base of Videotron.


Number of customers subscribed to Videotron from 2012 to 2019, by segment

SOURCE: https://www.statista.com/statistics/797458/number-of-videotron-subscribers/

The system hosting the leaked data is interesting, as it has other evil looking content, including a 37 gigabyte file of email addresses (with no other information, and no passwords).  I am downloading this file now and will further analyse it once downloaded.




The site also hosts what is clearly phishing attack content such as fake PayPal login pages.  This means that the Videotron data, could also be someone preparing an attack that is targeting Videotron users, and the passwords could be for another service like PayPal.



_______________________________________________

Eric Parent is a senior security expert (and seasoned pilot), specialized in coaching senior executives.  He teaches CyberSecurity at l'Ecole Polytechnique and HEC Universities in Montreal, and is CEO of Logicnet/EVA-Technologies, one of Canada's oldest privately owned security companies.

Follow Eric on:
Twitter @ericparent
LinkedIn :  EVA-Technologies




www.eva-technologies.com

 

No comments:

Post a Comment

Are we even trying over at BRP

This will be a short blog entry.  Essentially, a general observation. If your enterprise was breached and screenshots of user account passwo...