Skip to main content
Topic: TorrentFreak: DDoS-Guard database and source code dump on exploit.in (Read 3314 times) previous topic - next topic

TorrentFreak: DDoS-Guard database and source code dump on exploit.in

https://torrentfreak.com/database-of-pirate-site-haven-ddos-guard-is-reportedly-up-for-sale-210602/

Relevant article by Group-IB: https://www.group-ib.com/media/ddos-guard-database/
Alleged information revealed:
  • "Full source code dump for all their infrastructure, backend, frontend, and obviously network filtering/blocking."
  • "Full DB dump with all customers, including all info such as name, site, real IP, payment info, etc. Includes popular sites like ru-tracker."
The leak has not been confirmed, yet even if it does not contain the full set claimed, partial reveal of such information could still spell doom for a couple of careless services.

Oh, and WebOasis itself is using ddos-guard, too, if the HTTP headers are to be believed.
                  

Re: TorrentFreak: DDoS-Guard database and source code dump on exploit.in

Reply #1
https://www.cyberscoop.com/ddos-guard-parler-exploit-in-bulletproof-hosting/

"According to Group-IB Threat Intelligence & Attribution system, this user previously had an account on exploit[.]in but was banned by the forum administrators as he refused to use the escrow service."

"Initially, the threat actor was auctioning off the lot with a starting price of $500,000. Shortly after the amount was reduced to $350,000. The threat actor didn’t provide a sample of the database, which makes it impossible to verify the authenticity of the reported stolen database and the source code. The seller registered this account on exploit[.]in in January 2021 and has been looking to buy access to different corporate networks ever since. It is only the second time that they are trying to sell data on the forum. Despite the regular activity, the threat actor has no reputation on the forum and has made no deposits yet."
                  

Re: TorrentFreak: DDoS-Guard database and source code dump on exploit.in

Reply #2
DDOS-Guard email reply to my inquiry into if this was true or not...

Quote
Quote
We're constantly receiving emails, messages e.t.c. regarding possible leaks, vulnerabilities, and other information of the same type.

For the most part, such threats have nothing behind them, so I believe you have nothing to worry about.

Our engineers constantly improving the system and data protection to make sure that all data is safe.
Kind of a generic vague response.
                  

Re: TorrentFreak: DDoS-Guard database and source code dump on exploit.in

Reply #3
Either way it doesn't matter because you don't even have to provide DDOS-Guard with a name. They allow entirely blank profiles. Only thing they require is an email address and password. They also are good about accepting cryptocurrencies. Already did a password reset. I'm not too concerned.