Renewbuy Database - Leaked, Download!
by Sanggiero - Thursday June 15, 2023 at 11:25 AM
#1
Hello BreachForums Community,
Today I have uploaded the Renewbuy Database for you to download, thanks for reading and enjoy!

[Image: renewbuy.png]

In June 2023, the Indian online life and general insurance company known as RenewBuy suffered a data breach exposing almost 900k user accounts. The breach included email, partial bank account numbers, dates of birth, partial credit cards and bank account data, geographic locations, names, physical addresses, phone numbers and passwords stored as PBKDF2 hashes.The website was breached by @Sanggiero .

Compromised data: Email addresess, Dates of Birth, Geographic locations, Genders, Names, Physical addresses, Phone Numbers, Partial credit card data,Partial bank account numbers, Passwords, PINs, Website Activity

Contents Spoiler
Hidden Content
You must register or login to view this content.

Reply
#2
nice one!
Reply
#3
This is a good base. Thanks a lot for sharing it.
Reply
#4
good share Bro
Reply
#5
Nice Share
Reply
#6
thank you very much !
Reply
#7
(06-15-2023, 11:25 AM)Sanggiero Wrote: Format - JSON
Size RAR file - 285MB
Date - 2023
All Rows - 890412
Website - renewbuy.com

An example with only one username, imagine with 1M. Cool

Did you leak this? If yes, did you manage to download the S3 linked files too?
Reply
#8
(06-17-2023, 01:44 PM)RavishKumarOfficial Wrote:
(06-15-2023, 11:25 AM)Sanggiero Wrote: Format - JSON
Size RAR file - 285MB
Date - 2023
All Rows - 890412
Website - renewbuy.com

An example with only one username, imagine with 1M. Cool

Did you leak this? If yes, did you manage to download the S3 linked files too?

Unfortunately, I didn't bother to install the images from S3, there was a large amount of data. These are the kind of developers that generate signatureless JWT tokens, you know?
After a few months of attack I went back just now to see if the vulnerability is still present, turns out yes, they left publicly the AWS credentials allowing access to S3 and SQS in the API no authentication required.  Cool
The lesson I learned, never trust Indian infrastructure, they are usually not protected at all.

[Image: Screenshot-6.png]
Reply
#9
(06-17-2023, 02:41 PM)Sanggiero Wrote:
(06-17-2023, 01:44 PM)RavishKumarOfficial Wrote:
(06-15-2023, 11:25 AM)Sanggiero Wrote: Format - JSON
Size RAR file - 285MB
Date - 2023
All Rows - 890412
Website - renewbuy.com

An example with only one username, imagine with 1M. Cool

Did you leak this? If yes, did you manage to download the S3 linked files too?

Unfortunately, I didn't bother to install the images from S3, there was a large amount of data. These are the kind of developers that generate signatureless JWT tokens, you know?
After a few months of attack I went back just now to see if the vulnerability is still present, turns out yes, they left publicly the AWS credentials allowing access to S3 and SQS in the API no authentication required.  Cool
The lesson I learned, never trust Indian infrastructure, they are usually not protected at all.

[Image: Screenshot-6.png]

Yes, it's that bad.
Retard devs think they are on the top in terms of IQ, they didn't know about @Sanggiero yet Big Grin
Reply
#10
sexy json
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  BitTorrent Database - Leaked, Download! dedale 6 3,082 2 hours ago
Last Post: bluechamber
  Verifications.io Database - Leaked, Download! dedale 67 23,127 4 hours ago
Last Post: bluechamber
  Wattpad Database - Leaked, Download! dedale 85 30,740 9 hours ago
Last Post: bruceleewi
  Armor Games Database - Leaked, Download! dedale 48 14,250 10 hours ago
Last Post: Squalee
  Thingiverse Database - Leaked, Download! dedale 4 1,675 Yesterday, 01:03 PM
Last Post: nzf4bpot



 Users browsing this thread: 1 Guest(s)