CIRCL has just released a web page listing the information leaks affecting Luxembourg and the related recommendations in order to raise awareness and provide a central point of up-to-date information for all.
It is important to understand the meaning behind the term information leak: it is the publication (or trusted anouncement of possession) of stolen or otherwise acquired digital information like user profiles, credentials or other digital assets.
“We have realized in the past years that it is difficult to inform individuals about a leak. People often suspect the warning to actually be a phishing email and they thus ignore it. Also, we face leaks that contain several million victims of stolen private information. To provide people in Luxembourg with a regularly updated online listing is in our opinion an additional way to go about it, to inform and raise awareness. We will of course still inform infected individuals and/or groups through dedicated channels whenever it is required, but additionally, we will point people to the page listing the leaks and the associated actions to take”, explains Sascha Rommelfangen from CIRCL.
This document is a new approach to deal with the mass of information leaks. It shows the latest leaks impacting Luxembourg users, the detection date, the source and the total number of people infected around the world and in Luxembourg (number of affected within the constituency of CIRCL). This local information is generally given by AIL, a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services https://github.com/CIRCL/AIL-framework.
In addition to the collection and information about the leaks, there is some generic information on what should be done if one is affected and the associated risks the person might encounter. The aim of these ‘post mortem’ recommendations is also to prevent any collateral damages.
A dropbox leak, that actually leaked in 2012 but was only made public recently, affected 68 million people, out of which 13458 passwords are associated to Luxembourg based Dropbox accounts. The recommendations and findings can be found here: https://www.circl.lu/pub/tr-46/