Dries De Schepper

‼️🇪🇺 The EU's new Age Verification app was hacked with little to no effort. When you set it up, the app asks you to create a PIN. But that PIN isn't actually tied to the identity data it's supposed to protect. An attacker can delete a couple of entries from a file on the phone, restart the app, pick a new PIN, and the app happily hands over the original user's verified identity credentials as if nothing happened. It gets worse. The app's "too many attempts" lockout is just a counter in a text file. Reset it to 0 and keep guessing. The biometric check (face/fingerprint) is a simple on/off switch in the same file. Flip it to off and the app skips it entirely.

🚨 CYBERSECURITY ALERT: ALLEGED MASSIVE BREAK OF BANKING AND PERSONAL DATA (BELGIUM) 🇧🇪 The sale of an extremely sensitive database affecting 300,000 citizens in Belgium has been detected. The threat actor, kuna, has put records up for sale that include not only financial information but also in-depth sociodemographic and family details, suggesting a breach at a banking institution or a government social security agency. 👤 Threat Actor: kuna Modus Operandi: Uses a retail/bulk sales strategy (1,000 lines per transaction), indicating that its objective is mass distribution to multiple low-level fraudsters, exponentially increasing the risk of widespread fraud. Specialization: The type of data exfiltrated (work/home distance, caregiving validation) suggests that the actor has access to or specializes in compromising payroll systems or social security and state benefits platforms in Europe. 📑 DETAILS OF EXPOSED ASSETS 👤 Identity and Core Data: Full names and SSN (Social Security Numbers). Full physical addresses. Banking Data: IBAN account numbers and BIC codes. Social security numbers and payroll/salary data. 🏠 Deep Personal Information (Deep PII): Marital and family status. Partner's Data: Name, occupation, date of birth, and place of birth. Marriage details (date and location) and partner's disability status. Number of children and dependency status. 📊 Operational and Demographic Data: Municipality and country of residence. Distance between home and work. Care validation data and income details. Specific focus on demographics of older adults (66+ years). 🔍 Monitor: https://t.co/wk9bZJ3laQ #CyberSecurity #Belgium #DataBreach #BankLeak #SSN #IBAN #Privacy #VECERT #Ciberseguridad #Hacking #InfoSec #Belgique #GDPR