Hi Guys,

I hope you are well. Please see the details of three recent data breaches below.

MovieBoxPro – 6,009,014 breached accounts
In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.

Piping Rock – 2,103,100 breached accounts
In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum. The data also included names, phone numbers and physical addresses. The account posting the data had previously posted multiple other data breaches which all appear to have been obtained from the Shopify service used by the respective websites.

T2 – 94,584 breached accounts
In April 2024, 95k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes.

If you have an account with these three companies, please do the following:

Change Your Password:
Change your password and make sure your new password is at least ten characters long and contains an upper case, lower case, number, and symbol. You can even use a modified phrase or a line from a song if that helps you remember. Ensure you do not use the same password twice, leaving you vulnerable to credential stuffing.

Use Password Manager:
Find a good password manager tool to help you remember your passwords. Some of our users say that 1Password is a good tool.

Identity Fraud Prevention:
If you suspect identity fraud, contact the company and ask them if they provide identity protection services. Be careful where you share your personal information. There are dozens of data breaches every month, and the data ranges from simple usernames and passwords to highly personal and sensitive healthcare information. Think twice before you share your information on a website. It may look and sound secure, but as we see every day, some of the biggest names in the world are affected.

Some extra security measures that you should take as well:

Enable Two-Factor Authentication (2FA):
Two-factor authentication adds an extra layer of security to your accounts by requiring not only a password but also a second form of verification, such as a unique code sent to your phone. This significantly reduces the risk of unauthorized access, even if your password is compromised.

Regularly Monitor Financial Statements:
Monitoring your financial statements regularly allows you to quickly identify any unauthorized or suspicious transactions. By reviewing your bank statements, credit card statements, and other financial records frequently, you can detect and report fraudulent activity promptly, minimizing potential financial losses.

Be Skeptical of Unsolicited Emails and Messages:
Be cautious when receiving unsolicited emails, messages, or phone calls, especially if they request sensitive information or prompt you to click on links or download attachments. Cybercriminals often use phishing tactics to trick individuals into disclosing personal or financial information or infecting their devices with malware. Always verify the legitimacy of the sender before taking any action.

For everything else, Check out Incognito’s Email Hack Check tool. Enter your email address, and we will tell you instantly if it has been involved in one of the many data breaches that happen every day.

Please let me know if you need any help with this or with anything else.

All the best,
Stephen (Max :-))