77K accounts of Financial Giant, State Farm, leaked due to DAC Group Hack

Some unknown hackers have breached into the servers of DAC Group and leaked 93,000 customer accounts this week!

DAC Group, a Toronto-based digital & content marketing agency has suffered a security breach on their server resulting in data theft of 93,000 customer accounts — In normal circumstances it would be just another security breach but what makes this breach exceptional is the 77,000 leaked accounts from Bloomington, Illinois-based State Farm, an American group of insurance and financial services companies in the United States.

DAC is one of the largest directional advertising agencies in North America, with eight offices in the United States and Canada. Their services include print and online directory advertising and digital services such as Search Engine Marketing, Search Engine Optimization, and consulting services. It’s unclear how an advertising agency was carrying such a huge among of third party accounts.

Who are the hackers and what else has been leaked: 

At the moment, it is unclear who they hackers are and how did they access the servers while the data breach was located by cyber intelligence and Darknet expert Atar Kochavi of Hacked-DB, a renowned digital data mining company who scanned the leaked folders and found 93K unique accounts with personal details such as password (encrypted), first and last name, geolocation, username and other data related to roles in the website itself while among the 93K accounts there were more than 77K accounts that belong to State Farm users.

When asked about what roles related data was leaked from the DAC group site, Hacked-DB’s representative explained:

“We can’t fully understand the web structure but there are several fields that contains data which seems to be linked to their products.”

The researchers also found hundreds of other leaked accounts on DAC’s data dumped with email domains such as @Shoppersdrugmarket.ca, @Cooperators.ca, @gmail.com, @aol.com, @yahoo.com, @homeinstead.com, hotmail.com and manpower.com. The 

Top Emails Domains in the leaked data

DAC Group accepts security breach:

In an exclusive conversation with DAC Group through their Facebook account, HackRead was told that DAC has experienced an illegal data breach. Here is a statement released by the group:

“DAC has experienced an illegal data breach. of limited amounts of data from a single, isolated development server, not a production system, not a production system. As a search and digital marketing agency we only have access to publically available data. We do not have access to, or store any, sensitive personal information. We have verified the extent of the breach through an intensive internal review and are actively communicating with our affected clients. We will be posting the same information on our web site in the interest of transparency. The security on the development server has been enhanced. Our clients should contact Nasser Sahlool if they have any questions.”

It seems that DAC Group is using production data in a development environment which is a bad practice. Companies handling sensitive data should not store production data, the minimum security measure to do is to scramble the data that would not allow the option to view the sensitive content.

Related Posts